.. _rest_api_user_roles:
Users/Groups and Roles
======================
Security
--------
The Users/Groups and Roles Rest API is only accessible to users with the role ROLE_ADMIN.
Input/Output
------------
Data Object Transfer
~~~~~~~~~~~~~~~~~~~~
Both XML and JSON are supported for transfer of data objects. The default is XML. Alternatively, JSON may be used by setting the 'content-type' (POST) and 'accept' (GET) http headers to 'application/json' in your requests.
Encoding of a user in XML::
..
..
true/false
Encoding of a user in JSON::
{"userName": "..", "password": "..", enabled: true/false}
Passwords are left out in results of reading requests.
Encoding of a list of users in XML::
...
...
...
Encoding of a list of users in JSON::
{"users":[ {..}, {..}, .. ]}
Encoding of a list of groups in XML::
agroupname
bgroupname
...
Encoding of a list of groups in JSON::
{"groups":[ {..}, {..}, .. ]}
Encoding of a list of roles::
arolename
brolename
...
Encoding of a list of roles in JSON::
{"roles":[ {..}, {..}, .. ]}
Configuration
-------------
The default user/group service is by default the service named "default". This can be
altered in the following manner:
#. Start geoserver with the following java system property present::
org.geoserver.rest.DefaultUserGroupServiceName=
Requests
--------
``/rest/usergroup/[service//]users/``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Query all users or add a new user in a particular or the default user/group service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - GET
- List all users in service.
- 200 OK. List of users in XML.
* - POST
- Add a new user
- 201 Inserted. Created ``ID`` header.
``/rest/usergroup/[service//]user/``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Query, modify or delete a specific user in a particular or the default user/group service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - GET
- Read user information
- 200 OK. User in XML.
* - POST
- Modify the user, unspecified fields remain unchanged.
- 200 OK.
* - DELETE
- Delete the user
- 200 OK.
``/rest/usergroup/[service//]groups/``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Query all groups in a particular user/group or the default service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - GET
- List all groups in service.
- 200 OK. List of groups in XML.
``/rest/usergroup/[service//]group/``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Add or delete a specific group in a particular or the default user/group service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - POST
- Add the group.
- 200 OK.
* - DELETE
- Delete the group.
- 200 OK.
``/rest/usergroup/[service//]user//groups``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Query all groups associated with a user in a particular or the default user/group service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - GET
- List all groups associated with user.
- 200 OK. List of groups in XML.
``/rest/usergroup/[service//]group//users``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Query all users associated with a group in a particular or the default user/group service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - GET
- List all users associated with group.
- 200 OK. List of groups in XML.
``/rest/usergroup/[service//]/group/``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Associate or disassociate a specific user with a specific group in a particular or the default user/group service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - POST
- Associate the user with the group.
- 200 OK.
* - DELETE
- Disassociate the user from the group.
- 200 OK.
``rest/roles/[service/{serviceName}/]``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Query all roles in a particular role service or the active role service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - GET
- List all roles in service.
- 200 OK. List of roles in XML.
``/rest/roles/[service//]role/``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Add or delete a specific role in a particular role service or the active role service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - POST
- Add the role.
- 200 OK.
* - DELETE
- Delete the role.
- 200 OK.
``/rest/roles/[service//]/user//roles``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Query all roles associated with a user in a particular role service or the active role service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - GET
- List all roles associated with user.
- 200 OK. List of roles in XML.
``/rest/roles/[service//]role//user//``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Associate or disassociate a specific user with a specific role in a particular role service or the active role service.
.. list-table::
:header-rows: 1
:widths: 10 20 20
* - Method
- Action
- Response
* - POST
- Associate the user with the role.
- 200 OK.
* - DELETE
- Disassociate the user from the role.
- 200 OK.