-
Notifications
You must be signed in to change notification settings - Fork 0
ENAPSO Keycloak Role Documentation
Ashesh Goplani edited this page Feb 24, 2023
·
5 revisions
We have provided a high-level role structure in the Keycloak environment of ENAPSO services. These could be assigned to the users directly, which would give them access to a set of roles available.
We provide three high-level roles by default:
- Tenant Admin
- Standard
- Reader
With this role, the user would be able to manage the tenants in the environment, as it contains all of the roles that are responsible for being a tenant admin.
With this role, the user would be able to use all the API routes of the ENAPSO services, as this high-level role contains all the roles of every API available in the ENAPSO services.
With this role, the user would be able to access all the read functionality routes, as it consists of all the reader roles.
Roles and grouping names of roles are defined in the following table:
The following table shows the mid and low-level role structure:
| Service | Roles Group | Capability name & Role name | Description |
|---|---|---|---|
| Individual Management Service | individual-management | create-individual | Send request to create a new individual of a class. |
| read-individual | Send request to get data of all individuals of each class. | ||
| update-individual | Send request to update data of an existing individual. | ||
| delete-individual | Send request to delete an individual of a class. | ||
| create-individual-relation | Send request to create a relation between two individuals using object property. | ||
| delete-individual-relation | Send request to delete a relation between two individuals using object property. | ||
| Ontology Management Service | ontology-management | get-class-properties | Send request to get the class properties which it gets from class restriction and from properties domain. |
| get-class-own-properties | Send request to get the properties of a class, not including ancestor properties. | ||
| get-class-properties-by-domain | Send request to get class properties from a domain. | ||
| get-all-properties | Send request to get all properties from a GraphDB repository. | ||
| create-data-property | Send request to create a new data property. | ||
| get-data-properties | Send request to get the details of all data properties or a specific data property detail. | ||
| create-object-property | Send request to create a new object property. | ||
| get-object-properties | Send request to get details of all object properties or a specific object property detail. | ||
| update-property-iri | Send request to update the IRI of an existing data or object property. | ||
| delete-property-from-restrictions | Send request to delete all restrictions of a class where the property is used. | ||
| delete-property-from-individuals | Send request to delete the property from all individuals. | ||
| delete-property | Send request to delete the property. | ||
| get-sub-classes | Send request to get the details of all subclasses of a class. | ||
| get-parent-classes | Send request to get the parent classes of a class. | ||
| get-all-classes-data | Send request to get all class data needed to create a JSON for OpenAPI generation. | ||
| create-class-with-restrictions | Send request to create a new OWL class and also add class restrictions. | ||
| add-class-restrictions | Send request to add a restriction to any existing class. | ||
| update-class-restriction | Send request to update an existing restriction of a class. | ||
| delete-class-restrictions | Send request to delete the specific restriction of a class. | ||
| delete-class-model | Send request to delete all restrictions of a class. | ||
| delete-class-individuals | Send request to delete all individuals of a class. | ||
| delete-class-model-and-individuals | Send request to delete the model and all individuals of a class. | ||
| delete-referenced-class-model | Send request to delete a reference of a class used with any object property in an OWL class. | ||
| delete-referenced-class-individuals | Send request to delete the reference individual of that class used with any other class individual. | ||
| delete-referenced-class-model-and-individual | Send request to delete the reference individual of that class used with any other class individual and also class from any other OWL class restriction. | ||
| delete-class | Send request to delete a class from the ontology. | ||
| get-all-classes | Send request to get all classes from the GraphDB repository. | ||
| get-sub-classes | Send request to get all sub classes of a specific class. | ||
| change-class-iri | Send request to update the IRI of an existing class. | ||
| get-full-prefix-to-iri | Send request to convert full prefix to an IRI. | ||
| add-label | Send request to add a new label to a class, property, or individual. | ||
| change-label | Send request to change a label of a class, property, or individual. | ||
| remove-label | Send request to delete a label of a class, property, or individual. | ||
| add-comment | Send request to add a new comment to a class, property, or individual. | ||
| change-comment | Send request to change a label of a class, property, or individual. | ||
| delete-comment | Send request to delete a label of a class, property, or individual. | ||
| add-annotation | Send request to add an annotation (e.g., label or comment) to any IRI. | ||
| change-annotation | Send request to update an annotation (e.g., label, comment, or class IRI) to any IRI. | ||
| remove-annotation | Send request to delete any annotation (e.g., label, comment, or class) to any IRI. | ||
| get-annotation | |||
| Cache Management Service | cache-management | build-class-cache | Send request to create a cache of all contexts uploaded in the GraphDB repository. |
| read-class-cache | |||
| SPARQL Assistant Service | sparql-assistant | sparql-4-create-individual | Send request to create a SPARQL query for adding a new individual. |
| sparql-4-read-individual | Send request to create a SPARQL query to get all details of an individual. | ||
| sparql-4-update-individual | Send request to create a SPARQL query to update data of an individual. | ||
| sparql-4-update-individual | Send request to create a SPARQL query to delete the individual of a class. | ||
| API Assistant Service | api-assistant | generate-open-api-specification | Send request to create the OpenAPI documentation for CRUD operation of each OWL class. |
| create-crud-endpoints-4-classes | Send request to create the CRUD endpoints of OWL classes runtime on server. | ||
| delete-crud-endpoints-Of-classes | Send request to server to delete the CRUD endpoints of classes runtime on server. | ||
| create-crud-endpoints-4-individuals | Send request to server to create the CRUD endpoints of OWL classes runtime on server to maintain individuals. | ||
| delete-crud-endpoints-Of-individuals | Send request to server to delete the CRUD endpoints of classes runtime on server. | ||
| JS Assistant Service | js-assistant | create-javaScript-classes | Send request to create the JavaScript classes of each OWL class. |
| build-transient-class-cache-4-code-assistants | Send request to create a cache for creating JavaScript classes. | ||
| GraphDB Management Service | graphdb-management | create-database | Send request to create new repository in GraphDB. |
| delete-database | Send request to delete existing repository in GraphDB. | ||
| create-database-user | Send request to create new user in GraphDB, assign its role and repository. | ||
| update-database-user | send request to update the user password, role and access of a repository. | ||
| delete-database-user | Send request to delete the existing user of GraphDB. | ||
| upload-ontology-from-text | Send request to upload an ontology to a repository in GraphDB. | ||
| replace-ontology-from-text | Send request to clear an existing context in a repository of GraphDB and upload new ontology against that context. | ||
| upload-ontology-from-file | Send request to upload the ontology file to GraphDB repository. | ||
| replace-ontology-from-file | Send request to replace the existing context from GraphDB repository and upload new ontology against that context. | ||
| download-ontology | Send request to download the ontology from GraphDB repository. | ||
| delete-context | Send request to clear a specific context from GraphDB repository. | ||
| clear-database | Send request to clear all contexts available in GraphDB repository. | ||
| Tenant Management Service | tenant-management | register-tenant | Send request to create a new Keycloak realm with unique id and create a repository in GraphDB for a new tenant. |
| unregister-tenant | Send request to delete the existing Keycloak realm and repository in the GraphDB which are registered for that tenant. |
The Keycloak Roles Documentation provides a comprehensive overview of the high-level and low-level roles available in the Keycloak environment of ENAPSO services. With the three high-level roles of Tenant Admin, Standard, and Reader, users can be assigned the necessary permissions to manage tenants, use API routes, and access the read functionality. The mid-level/Role Group and low-level/capability in the table provide further customization options for role assignments.
If you have any questions, please don't hesitate to contact us. you can also refer to the official Keycloak documentation for more information.