Google Git
Sign in
eclipse / gerrit / www.eclipse.org / che / 1425b370a4da0c59ea8e10af63c7459f270f6da6 / . / docs / permissions.html
blob: b588a24e0e9dcacad25c530c0c929c0be851d4c7 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="keywords" content="organizations, organizations, user management, permissions">
<title>Permissions | Eclipse Che Documentation</title>
<link rel="stylesheet" href="css/syntax.css">
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" crossorigin="anonymous">
<!--<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">-->
<link rel="stylesheet" href="css/modern-business.css">
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<link rel="stylesheet" href="css/customstyles.css">
<link rel="stylesheet" href="css/boxshadowproperties.css">
<!-- most color styles are extracted out to here -->
<link rel="stylesheet" href="css/theme-che.css">
<link rel="stylesheet" href="/css/coderay.css" media="screen" type="text/css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js" crossorigin="anonymous"></script>
<script src="js/jquery.navgoco.min.js"></script>
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<!-- Anchor.js -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/anchor-js/2.0.0/anchor.min.js" crossorigin="anonymous"></script>
<script src="js/toc.js"></script>
<script src="js/customscripts.js"></script>
<link rel="shortcut icon" href="che/docs/images/favicon.ico">
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
<link rel="alternate" type="application/rss+xml" title="che" href="http://0.0.0.0:4000/feed.xml">
<script>
$(document).ready(function() {
// Initialize navgoco with default options
$("#mysidebar").navgoco({
caretHtml: '',
accordion: true,
openClass: 'active', // open
save: false, // leave false or nav highlighting doesn't work right
cookie: {
name: 'navgoco',
expires: false,
path: '/'
},
slide: {
duration: 400,
easing: 'swing'
}
});
$("#collapseAll").click(function(e) {
e.preventDefault();
$("#mysidebar").navgoco('toggle', false);
});
$("#expandAll").click(function(e) {
e.preventDefault();
$("#mysidebar").navgoco('toggle', true);
});
});
</script>
<script>
$(function () {
$('[data-toggle="tooltip"]').tooltip()
})
</script>
<script>
$(document).ready(function() {
$("#tg-sb-link").click(function() {
$("#tg-sb-sidebar").toggle();
$("#tg-sb-content").toggleClass('col-md-9');
$("#tg-sb-content").toggleClass('col-md-12');
$("#tg-sb-icon").toggleClass('fa-toggle-on');
$("#tg-sb-icon").toggleClass('fa-toggle-off');
});
});
</script>
</head>
<body>
<!-- Navigation -->
<nav class="navbar navbar-inverse navbar-static-top">
<div class="container topnavlinks">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="fa fa-home fa-lg navbar-brand" href="index.html">&nbsp;<span class="projectTitle"> Eclipse Che Documentation</span></a>
</div>
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav navbar-right">
<!-- toggle sidebar button -->
<li><a id="tg-sb-link" href="#"><i id="tg-sb-icon" class="fa fa-toggle-on"></i> Nav</a></li>
<!-- entries without drop-downs appear here -->
<li><a href="https://medium.com/eclipse-che-blog/" target="_blank">Blog</a></li>
<li><a href="https://github.com/eclipse/che" target="_blank">Source Code</a></li>
<!-- entries with drop-downs appear here -->
<!-- conditional logic to control which topnav appears for the audience defined in the configuration file.-->
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Get Support<b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="https://github.com/eclipse/che/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+label%3Akind%2Fbug" target="_blank">Known Bugs</a></li>
<li><a href="https://github.com/eclipse/che/issues/new" target="_blank">File an Issue</a></li>
<li><a href="https://stackoverflow.com/questions/tagged/eclipse-che" target="_blank">Che on StackOverflow</a></li>
</ul>
</li>
<!--
<li>
<a class="email" title="Submit feedback" href="#" onclick="javascript:window.location='mailto:?subject= feedback&body=I have some feedback about the Permissions page: ' + window.location.href;"><i class="fa fa-envelope-o"></i> Feedback</a>
</li>
-->
<!--comment out this block if you want to hide search-->
<li>
<!--start search-->
<div id="search-demo-container">
<input type="text" id="search-input" placeholder="search...">
<ul id="results-container"></ul>
</div>
<script src="js/jekyll-search.js" type="text/javascript"></script>
<script type="text/javascript">
SimpleJekyllSearch.init({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
dataSource: 'search.json',
searchResultTemplate: '<li><a href="{url}" title="Permissions">{title}</a></li>',
noResultsText: 'No results found.',
limit: 10,
fuzzy: true,
})
</script>
<!--end search-->
</li>
</ul>
</div>
</div>
<!-- /.container -->
</nav>
<!-- Page Content -->
<div class="container">
<div id="main">
<!-- Content Row -->
<div class="row">
<!-- Sidebar Column -->
<div class="col-md-3" id="tg-sb-sidebar">
<ul id="mysidebar" class="nav">
<li class="sidebarTitle"> </li>
<li>
<a href="#">Overview</a>
<ul>
<li><a href="index.html">Introduction</a></li>
<li><a href="quick-start.html">Getting Started</a></li>
<li><a href="single-multi-user.html">Single and Multi-User Flavors</a></li>
<li><a href="infra-support.html">Supported Infrastructures</a></li>
</ul>
</li>
<li>
<a href="#">Che on Docker</a>
<ul>
<li><a href="docker-single-user.html">Docker - Single User</a></li>
<li><a href="docker-multi-user.html">Docker - Multi User</a></li>
<li><a href="docker-config.html">Docker - Configuration</a></li>
<li><a href="docker-cli.html">Docker - CLI Reference</a></li>
</ul>
</li>
<li>
<a href="#">Che on Kubernetes</a>
<ul>
<li><a href="kubernetes-single-user.html">Kubernetes - Single User</a></li>
<li><a href="kubernetes-multi-user.html">Kubernetes - Multi User</a></li>
<li><a href="kubernetes-config.html">Kubernetes - Configuration</a></li>
<li><a href="kubernetes-admin-guide.html">Kubernetes - Admin Guide</a></li>
</ul>
</li>
<li>
<a href="#">Che on OpenShift</a>
<ul>
<li><a href="openshift-single-user.html">OpenShift - Single User</a></li>
<li><a href="openshift-multi-user.html">OpenShift - Multi User</a></li>
<li><a href="openshift-config.html">OpenShift - Configuration</a></li>
<li><a href="openshift-admin-guide.html">OpenShift - Admin Guide</a></li>
</ul>
</li>
<li>
<a href="#">User Management</a>
<ul>
<li><a href="user-management.html">Authentication and Authorization</a></li>
<li><a href="authentication.html">Security Model</a></li>
<li class="active"><a href="permissions.html">Permissions</a></li>
<li><a href="organizations.html">Organizations in UD</a></li>
<li><a href="resource-management.html">Resource Management</a></li>
</ul>
</li>
<li>
<a href="#">User Guides</a>
<ul>
<li><a href="creating-starting-workspaces.html">Creating and starting Workspaces</a></li>
<li><a href="ide-projects.html">Projects</a></li>
<li><a href="editor-code-assistance.html">Editor and Code-Assistance</a></li>
<li><a href="dependency-management.html">Dependency Management</a></li>
<li><a href="commands-ide-macro.html">Commands and IDE Macros</a></li>
<li><a href="version-control.html">Version Control</a></li>
<li><a href="debug.html">Debug</a></li>
</ul>
</li>
<li>
<a href="#">Workspace Administration</a>
<ul>
<li><a href="what-are-workspaces.html">Workspace Overview</a></li>
<li><a href="stacks.html">Workspace - Stacks</a></li>
<li><a href="recipes.html">Workspace - Recipes</a></li>
<li><a href="servers.html">Workspace - Servers</a></li>
<li><a href="installers.html">Workspace - Installers</a></li>
<li><a href="volumes.html">Workspace - Volumes Mount</a></li>
<li><a href="env-variables.html">Workspace - Environment Variables</a></li>
<li><a href="projects.html">Workspace - Projects</a></li>
<li><a href="workspaces-troubleshooting.html">Workspace - Troubleshooting</a></li>
<li><a href="workspace-data-model.html">Workspace Data Model</a></li>
</ul>
</li>
<li>
<a href="#">Portable Workspaces</a>
<ul>
<li><a href="chedir-getting-started.html">Chedir - Getting Started</a></li>
<li><a href="why-chedir.html">Chedir - Why Chedir?</a></li>
<li><a href="chedir-installation.html">Chedir - Installation</a></li>
<li><a href="chedir-project-setup.html">Chedir - Project Setup</a></li>
<li><a href="chedir-up-and-down.html">Chedir - Up and Down</a></li>
<li><a href="chefile.html">Chedir - Chefile</a></li>
<li><a href="chedir-ssh.html">Chedir - SSH</a></li>
<li><a href="factories-getting-started.html">Factory - Getting Started</a></li>
<li><a href="creating-factories.html">Factory - Creating</a></li>
<li><a href="factories_json_reference.html">Factory - JSON Reference</a></li>
</ul>
</li>
<li>
<a href="#">Developer Guides</a>
<ul>
<li><a href="framework-overview.html">Overview</a></li>
<li><a href="rest-api.html">SDK - REST API</a></li>
<li><a href="che-in-che-quickstart.html">SDK - Your First Plugin</a></li>
<li><a href="build-reqs.html">SDK - Building Che</a></li>
<li><a href="assemblies.html">SDK - Assemblies</a></li>
<li><a href="logging.html">SDK - Logging</a></li>
<li><a href="ide-extensions-gwt.html">SDK - GWT IDE Extensions</a></li>
<li><a href="server-side-extensions.html">SDK - Server Side Extensions</a></li>
<li><a href="custom-installers.html">SDK - Installers</a></li>
<li><a href="project-types.html">SDK - Project Types</a></li>
<li><a href="language-servers.html">SDK - Language Support</a></li>
<li><a href="parts.html">IDE UI&#58 Parts</a></li>
<li><a href="actions.html">IDE UI&#58 Actions</a></li>
</ul>
</li>
<li>
<a href="#">Dev Essentials</a>
<ul>
<li><a href="guice.html">Dependency Injection</a></li>
<li><a href="dto.html">Transport&#58 DTO</a></li>
<li><a href="json-rpc.html">Communication&#58 JSON-RPC</a></li>
<li><a href="handling-projects-in-plugins.html">Handling Projects in Plugins</a></li>
<li><a href="dao.html">Persistence, DAO</a></li>
<li><a href="properties.html">Properties</a></li>
</ul>
</li>
<li>
<a href="#">Infrastructure and SPI</a>
<ul>
<li><a href="spi_overview.html">Overview</a></li>
<li><a href="spi-implementation.html">Implementation Notes</a></li>
</ul>
</li>
<!-- if you aren't using the accordion, uncomment this block:
<p class="external">
<a href="#" id="collapseAll">Collapse All</a> | <a href="#" id="expandAll">Expand All</a>
</p>
-->
</ul>
<!-- this highlights the active parent class in the navgoco sidebar. this is critical so that the parent expands when you're viewing a page. This must appear below the sidebar code above. Otherwise, if placed inside customscripts.js, the script runs before the sidebar code runs and the class never gets inserted.-->
<script>$("li.active").parents('li').toggleClass("active");</script>
</div>
<!-- Content Column -->
<div class="col-md-9" id="tg-sb-content">
<div class="post-header">
<h1 class="post-title-main">Permissions</h1>
</div>
<div class="post-content">
<!-- this handles the automatic toc. use ## for subheads to auto-generate the on-page minitoc. if you use html tags, you must supply an ID for the heading element in order for it to appear in the minitoc. -->
<script>
$( document ).ready(function() {
// Handler for .ready() called.
$('#toc').toc({ minimumHeaders: 0, listType: 'ul', showSpeed: 0, headers: 'h2' });
/* this offset helps account for the space taken up by the floating toolbar. */
$('#toc').on('click', 'a', function() {
var target = $(this.getAttribute('href'))
, scroll_target = target.offset().top
$(window).scrollTop(scroll_target - 10);
return false
})
});
</script>
<div id="toc"></div>
<!--
-->
<div class="sect1">
<h2 id="overview">Overview</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Permissions are used to control user actions. Rather than providing a fixed set of roles we use a broader set of permissions that can be applied in any combination of objects to establish the security model you need.</p>
</div>
<div class="paragraph">
<p>Che also provides a mechanisms and layers which allow to define "who" is allowed to do "what". Any user and administrator can control resources managed by Che and allow certain actions or behaviors for other users or groups. For example as workspace owner you can grant other users permission to see and/or use your workspace.</p>
</div>
<div class="paragraph">
<p>Permissions can be applied to:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Workspace</p>
</li>
<li>
<p>Organization</p>
</li>
<li>
<p>Stack</p>
</li>
<li>
<p>System</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="workspace-permissions">Workspace Permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The user who creates a workspace is the <em>workspace owner</em> and has all permissions by default. Workspace owners can invite other users into the workspace and control their permissions for the workspace.</p>
</div>
<div class="paragraph">
<p>The following permissions are applicable to workspaces:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 50%;">
<col style="width: 50%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Permission</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">read</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows reading workspace configuration.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">use</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows using a workspace and interacting with it.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">run</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows starting and stopping a workspace.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">configure</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows defining and changing workspace configuration.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">setPermissions</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows updating workspace permissions for other users.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">delete</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows deleting the workspace.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="organization-permissions">Organization Permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>An organization is a named set of users.</p>
</div>
<div class="paragraph">
<p>The following permissions are applicable to organizations:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 30%;">
<col style="width: 70%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Permission</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">update</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows editing of organization settings and information.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">delete</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows deleting an organization.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">manageSuborganizations</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows creating and managing sub-organizations.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">manageResources</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows redistribution of an organization’s resources and defining resource limits.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">manageWorkspaces</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows creating and managing all the organization’s workspaces.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">setPermissions</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows adding and removing users as well as updating their permissions.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="system-permissions">System Permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>System permissions control aspects that affect the whole Che installation.</p>
</div>
<div class="paragraph">
<p>The following permissions are applicable to organizations:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 50%;">
<col style="width: 50%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Permission</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">manageSystem</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows control of the system, workspaces and organizations.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">setPermissions</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows updating of permissions for users on the system.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">manageUsers</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows creating and managing users.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="super-priviliged-mode">Super Priviliged Mode</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The permission "manageSystem" can be extended to provide a super privileged mode that allows advanced actions to be performed on any resources managed by the system. A user with "manageSystem" permission is able read and stop any workspaces. To perform other actions on workspaces and organizations, the user will need to assign himself the permissions needed.</p>
</div>
<div class="paragraph">
<p>By default, this mode is disabled.</p>
</div>
<div class="paragraph">
<p>It is possible to activate this option by configuring the <code>CHE_SYSTEM_SUPER_PRIVILEGED_MODE</code> in the <code>che.env</code> file.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="stack-permissions">Stack Permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>A stack is a runtime configuration for a workspace, see <a href="stacks.html">stack definition</a>.</p>
</div>
<div class="paragraph">
<p>The following permissions are applicable to a stack:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 50%;">
<col style="width: 50%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Permission</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">search</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows searching of the stacks.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">read</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows reading of the stack’s configuration.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">update</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows updating of the stack’s configuration.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">delete</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows deleting of the stack.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">setPermissions</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows managing permissions for the stack.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="permissions-api">Permissions API</h2>
<div class="sectionbody">
<div class="paragraph">
<p>All permissions can be managed by using the provided REST API. The APIs are documented using Swagger at <code>[{host}/swagger/#!/permissions]</code>.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="list-permissions">List Permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>List the permissions which can be applied to a specific resources: <code>GET /permissions</code></p>
</div>
<div class="paragraph">
<p>Applicable <code>domain</code> values are the following:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 100%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Domain</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">system</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">organization</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">workspace</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">stack</p></td>
</tr>
</tbody>
</table>
<div class="paragraph">
<p>Note: <code>domain</code> is optional, in this case the API will return all possible permissions for all domains.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="list-permissions-for-specific-user">List Permissions for Specific User</h2>
<div class="sectionbody">
<div class="paragraph">
<p>List the permissions which are applied to a specific user: <code>GET /permissions/{domain}</code></p>
</div>
<div class="paragraph">
<p>Applicable <code>domain</code> values are the following:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 100%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Domain</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">system</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">organization</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">workspace</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">stack</p></td>
</tr>
</tbody>
</table>
<div class="paragraph">
<p><code>instance</code> parameter corresponds to the ID of the resource you want to get the applied permissions.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="list-permissions-for-all-users">List Permissions for All Users</h2>
<div class="sectionbody">
<div class="paragraph">
<p>List the permissions which are applied to a specific user (you must have sufficient permissions to allow you to see this information): <code>GET /permissions/{domain}/all</code></p>
</div>
<div class="paragraph">
<p>Applicable <code>domain</code> values are the following:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 100%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Domain</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">system</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">organization</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">workspace</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">stack</p></td>
</tr>
</tbody>
</table>
<div class="paragraph">
<p><code>instance</code> parameter corresponds to the ID of the resource you want to get the applied permissions for all users.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="assign-permissions">Assign Permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Assign permissions to a resource: <code>POST /permissions</code></p>
</div>
<div class="paragraph">
<p>Applicable <code>domain</code> values are the following:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 100%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Domain</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">system</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">organization</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">workspace</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">stack</p></td>
</tr>
</tbody>
</table>
<div class="paragraph">
<p><code>instance</code> parameter corresponds to the ID of the resource you want to get the applied permissions for all users.</p>
</div>
<div class="paragraph">
<p><code>userId</code> parameter corresponds to the ID of the user who want to grant certain permissions.</p>
</div>
<div class="paragraph">
<p>Sample <code>body</code> to grant user <code>userID</code> permissions to a workspace <code>workspaceID</code>:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="CodeRay highlight"><code data-lang="json">{
<span class="key"><span class="delimiter">&quot;</span><span class="content">actions</span><span class="delimiter">&quot;</span></span>: [
<span class="string"><span class="delimiter">&quot;</span><span class="content">read</span><span class="delimiter">&quot;</span></span>,
<span class="string"><span class="delimiter">&quot;</span><span class="content">use</span><span class="delimiter">&quot;</span></span>,
<span class="string"><span class="delimiter">&quot;</span><span class="content">run</span><span class="delimiter">&quot;</span></span>,
<span class="string"><span class="delimiter">&quot;</span><span class="content">configure</span><span class="delimiter">&quot;</span></span>,
<span class="string"><span class="delimiter">&quot;</span><span class="content">setPermissions</span><span class="delimiter">&quot;</span></span>
],
<span class="key"><span class="delimiter">&quot;</span><span class="content">userId</span><span class="delimiter">&quot;</span></span>: <span class="string"><span class="delimiter">&quot;</span><span class="content">userID</span><span class="delimiter">&quot;</span></span>,
<span class="key"><span class="delimiter">&quot;</span><span class="content">domainId</span><span class="delimiter">&quot;</span></span>: <span class="string"><span class="delimiter">&quot;</span><span class="content">workspace</span><span class="delimiter">&quot;</span></span>,
<span class="key"><span class="delimiter">&quot;</span><span class="content">instanceId</span><span class="delimiter">&quot;</span></span>: <span class="string"><span class="delimiter">&quot;</span><span class="content">workspaceID</span><span class="delimiter">&quot;</span></span>
}</code></pre>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="sharing-permissions">Sharing Permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>A user with <code>setPermissions</code> privileges can share a workspace, i.e. grant other users <code>read, use, run, configure or setPermissions</code> privileges.</p>
</div>
<div class="paragraph">
<p>Select a workspace in User Dashboard, navigate to <code>Share</code> tab and enter emails of users to share this workspace with (use comma or space as separator if there are multiple emails).</p>
</div>
</div>
</div>
<div class="tags">
<b>Tags: </b>
<a href="tag_organizations.html" class="btn btn-default navbar-btn cursorNorm" role="button">organizations</a>
</div>
<!--
-->
</div>
<hr class="shaded"/>
<footer>
<div class="row">
<div class="col-lg-12 footer">
Eclipse Che - Documentation <br/>
Site last generated: Sep 13, 2018 <br/>
<hr>
<a href="http://www.eclipse.org" target="_blank">Eclipse Foundation</a><br/>
<a href="http://www.eclipse.org/legal/privacy.php" target="_blank">Privacy Policy</a><br/>
<a href="http://www.eclipse.org/legal/termsofuse.php" target="_blank">Terms of Use</a><br/>
<a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">Eclipse Public License</a><br/>
<a href="http://www.eclipse.org/legal" target="_blank">Legal Resources</a><br/>
</div>
</div>
</footer>
<!-- /.row -->
</div>
<!-- /.container -->
</div>
<!-- /#main -->
</div>
</body>
</html>