Permission Enforcement in the SoftLayer API

From SoftLayer Development Network Wiki

(Redirected from Permissions)

The SoftLayer API is built around the same system of user permissions that power the SoftLayer customer portal. What the API exposes and allows depends on the authenticated user account that is making the call and that user's permission set. Your account's master user has full permissions to every service and method associated with your account. Please be wary if you choose to execute API method calls using your account's master user.

The SoftLayer API treats a permission error like an object not found error, returning an exception stating that it can't find an object rather than say that the current user does not have permission to view it.

1 Functionality Permissions
2 Hardware Restrictions
3 Associated Methods
4 See Also
5 External Links

Functionality Permissions

Every portal and API user has a set of functionality-based permissions. These permissions govern the ability to:

Add new users
View your account summary
Edit your company profile
Update payment details
Submit one-time payments
Cancel a server
Reboot a server
View tickets
Search tickets
Add and edit tickets
Manage a hardware firewall
Manage antivirus and spyware software
Manage network IDS services
Manage Host IDS software
Initiate vulnerability scaning
View hardware details
Manage server monitoring
Issue OS reloads
Initatate rescuelayer
View software licenses
View bandwidth statistics
Manage network port control
Manage DNS
Manage reverse DNS
Mange your RWHOIS records
Mange SWIP requests
Mange load balancers
Add a server
Add services and upgrades
Add IP addresses
Add StorageLayer service

If a method requires a special permission to execute then it is noted on its associated manual page. Likewise if viewing a data type property requires a special permission then it is noted on that data type's manual page. To change your user's permission set via the customer portal:

Log into the SoftLayer customer portal with your account master user's username and portal password.
Click the administrative link.
Click the username of the user whose permissions you wish to change.
Check or uncheck user permissions as necessary then click the Edit User Profile button.

To add or remove hardware access via the API execute the either addPortalPermission or addBulkPortalPermission methods in the SoftLayer_User_Customer service. To remove user hardware access execute either the removePortalPermission or removeBulkPortalPermission methods in the same service. You can retrieve a list of valid hardware to assign user access to with the getAllObjects method in the SoftLayer_User_Customer_CustomerPermission_Permission service.

Hardware Restrictions

It is also possible to limit user interactivity to only certain servers purchased by a customer account or to none of the servers listed on the account.

Log into the SoftLayer customer portal with your account master user's username and portal password.
Click the administrative link.
Click the username of the user whose permissions you wish to change.
Scroll towards the bottom of this page to the User Hardware Access section.
Either allow access to all hardware or select individual servers that this user may interact with then click the Edit User Profile button.

To add or remove hardware access via the API execute the either addHardwareAccess or addBulkHardwareAccess methods in the SoftLayer_User_Customer service. To remove user hardware access execute either the removeHardwareAccess or removeBulkHardwareAccess methods in the same service. You can retrieve a list of valid hardware to assign user access to with the getHardware method in the SoftLayer_Account service.