Govern Roles and Permissions Handler¶
The Roles and Permissions Handler is used to manage roles, role assignments and permissions.
Add a rule to assign a role to a new user¶
import dataikuapi
host = "http(s)://DSS_HOST:DSS_PORT"
apiKey = "Your API key secret"
client = dataikuapi.GovernClient(host, apiKey)
# get the role and permissions editor
rp_editor = client.get_roles_permissions_handler()
# retrieve the role assignements for the Business initiative blueprint
bi_ra = rp_editor.get_role_assignments('bp.system.business_initiative')
# get the definition
bi_ra_def = bi_ra.get_definition()
# add a rule to assign the new user to the project manager role
project_manager_def = bi_ra_def.get_raw()['roleAssignmentsRules'].get('ro.project_manager', [])
project_manager_def.append({
"criteria": [],
"userContainers": [{"type": "user", "login": "new_user"}]
})
bi_ra_def.get_raw()['roleAssignmentsRules']['ro.project_manager'] = project_manager_def
bi_ra_def.save()
Reference API doc¶
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminRolesPermissionsHandler(client)¶ Handle to edit the roles and permissions Do not create this directly, use
get_roles_permissions_handler()-
list_roles()¶ List roles
- Returns
a list of roles
- Return type
list of
GovernAdminRoleListItem
-
get_role(role_id)¶ Return a specific role on the Govern instance
- Parameters
role_id (str) – Identifier of the role
- Return type
-
create_role(new_identifier, role)¶ Create a new role and returns the handle to interact with it.
- Parameters
new_identifier (str) – Identifier of the new role. Allowed characters are letters, digits, hyphen, and underscore.
role (dict) – The definition of the role.
- Return type
-
list_role_assignments()¶ List the blueprint role assignments
- Returns
A list of role assignments for each blueprint
- Return type
-
get_role_assignments(blueprint_id)¶ Get the role assignments for a specific blueprint. Returns a handle to interact with it.
- Parameters
blueprint_id (str) – id of the blueprint
- Returns
A object representing the role assignments for this blueprint
- Return type
-
create_role_assignments(role_assignments)¶ Create a role assignments on the Govern instance and returns the handle to interact with it.
- Parameters
role_assignment (dict) – Blueprint permission as a dict
- Returns
The newly created role assignment.
- Return type
-
get_default_permissions_definition()¶ Get the default permissions definition.
- Returns
A permissions object
- Return type
-
list_blueprint_permissions()¶ List blueprint permissions
- Returns
A list of blueprint permissions
- Return type
-
get_blueprint_permissions(blueprint_id)¶ Get the permissions for a specific blueprint. Returns a handle to interact with the permissions
- Parameters
blueprint_id (str) – id of the blueprint for which you need the permissions
- Returns
A permissions object for the specific blueprint
- Return type
-
create_blueprint_permissions(blueprint_permission)¶ Create blueprint permissions and returns the handle to interact with it.
- Parameters
blueprint_permission (dict) – Blueprint permission as a dict
- Returns
the newly created permissions object
- Return type
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminRoleListItem(client, data)¶ An item in a list of roles. Do not create this directly, use
list_roles()-
get_raw()¶ Get the raw content of the role list item
- Returns
the raw content of the role list item as a dict
- Return type
dict
-
to_role()¶ Gets the
GovernAdminRolecorresponding to this role object- Returns
the role object
- Return type
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminRole(client, role_id)¶ A handle to interact with the roles of the instance as an admin. Do not create this directly, use
get_role()-
get_definition()¶ Return the information of the role as an object
- Returns
the information of the role.
- Return type
-
delete()¶ Delete the role
- Returns
None
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminRoleDefinition(client, role_id, definition)¶ The definition of a specific role. Do not create this directly, use
get_definition()-
get_raw()¶ Get raw information of the role.
- Returns
the raw definition of role, as a dict. Modifications made to the returned object are reflected when saving
- Return type
dict
-
save()¶ Save this information back to the role
- Returns
None
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminBlueprintRoleAssignmentsListItem(client, data)¶ An item in a list of blueprint role assignments. Do not create this directly, use
list_role_assignments()-
get_raw()¶ Get the raw content of the blueprint role assignments list item
- Returns
the raw content of the blueprint role assignments list item as a dict
- Return type
dict
-
to_blueprint_role_assignments()¶ Gets the
GovernAdminBlueprintRoleAssignmentscorresponding to this blueprint role assignments object- Returns
the blueprint role assignments object
- Return type
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminBlueprintRoleAssignments(client, blueprint_id)¶ A handle to interact with the blueprint role assignments for a specific blueprint Do not create this directly, use
get_role_assignments()-
get_definition()¶ Get the role assignments definition. Returns a handle to interact with it.
- Returns
The role assignments for a specific blueprint.
- Return type
-
delete()¶ Delete the role assignments for a specific blueprint.
- Returns
None
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminBlueprintRoleAssignmentsDefinition(client, blueprint_id, definition)¶ The role assignments for a specific blueprint. Do not create this class directly, instead use
get_definition()-
get_raw()¶ Get the raw content definition of the assignments for this blueprint. This returns a reference to the raw assignments, not a copy, so changes made to the returned object will be reflected when saving.
- Return type
dict
-
save()¶ Save this role assignments.
- Returns
None
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminBlueprintPermissionsListItem(client, data)¶ An item in a list of blueprint permissions. Do not create this directly, use
list_blueprint_permissions()-
get_raw()¶ Get the raw content of the blueprint permissions list item
- Returns
the raw content of the blueprint permissions list item as a dict
- Return type
dict
-
to_blueprint_permissions()¶ Gets the
GovernAdminBlueprintPermissionscorresponding to this blueprint permissions object- Returns
the blueprint permissions object
- Return type
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminBlueprintPermissions(client, blueprint_id)¶ A handle to interact with blueprint permissions for a specific blueprint Do not create this directly, use
get_blueprint_permissions()-
get_definition()¶ Get the blueprint permissions definition. Returns a handle to interact with it.
- Returns
The permissions definition for a specific blueprint.
- Return type
-
delete()¶ Delete the permissions for this blueprint and use default permissions instead.
- Returns
None
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminBlueprintPermissionsDefinition(client, blueprint_id, definition)¶ The permissions for a specific blueprint. Do not create this class directly, instead use
get_definition()-
get_raw()¶ Get the raw content of the permissions for this blueprint. This returns a reference to the raw permissions, not a copy, so changes made to the returned object will be reflected when saving.
- Return type
dict
-
save()¶ Save this permission back to the blueprint permission definition.
- Returns
None
-
-
class
dataikuapi.govern.admin_roles_permissions_handler.GovernAdminDefaultPermissionsDefinition(client, definition)¶ The default permissions of the instance Do not create this directly, use
get_default_permissions_definition()-
get_raw()¶ Get the raw content of the default permissions. This returns a reference to the raw permissions, not a copy, so changes made to the returned object will be reflected when saving.
- Return type
dict
-
save()¶ Save the default permissions
- Returns
None
-