Security management API
We are adding another important feature in Business central that will allow users to interact with Business central security management systems via APIs. This means users can do all the security management operations with these API’s that they can do with UI screens.
Significance of this feature
For Business central it's important to support user interaction from outside the platform. This helps users to integrate Business central knowledge store capabilities seamlessly in their own architectures. In that way, Business central can act as an independent and centralized place to create, maintain, document, and secure their projects.
Business central already provides API to interact with various subsystems. For instance, KIE API’s helps the users to create and automate different life cycles of their projects.
With these new Security APIs, users can now manage security from outside the platform giving them better security and flexibility on their stored knowledge artifacts.
Security-related operations
Business central security management implements the standard defined by Java EE for User management operations. Users can do the following operations with these APIs:
- Create User/ Roles /Groups
- Get the list of users, roles, and groups.
- Assign users to multiple groups or roles.
- View and update permissions for groups/roles.
A user must have ADMIN role in order to access these APIs.
Crafting the API
HTTP Headers
The Security Management REST API’s requires the following HTTP headers for API requests:
Accept : application/json (JSON)
Content-Type: application/json (JSON)
Base URL
The base request URL to all API’s is http://SERVER:PORT/business-central/rest/
So for example, if we want to make a request to GET all users, the URL looks like this: http://SERVER:PORT/business-central/rest/users.
HTTP method
Business central supports GET, POST, and DELETE methods for a given resource.
For example: To add a new user resource, the URL will be a POST method and looks like this http://SERVER:PORT/business-central/rest/users.
Authentication mechanism
It supports a basic authentication mechanism which accepts a username and password of existing business central users with ADMIN access.
Here is an example request using curl utility :
curl -u 'baAdmin:password@1' -H "accept: application/json" -X GET "http://localhost:8080/business-central/rest/groups"Endpoints
[GET] /roles - Get a list of all roles
[GET] /users - Get a list of all users
[GET] /groups - Get groups
[GET] /users/{userName}/groups - Get a list of groups assigned to a user
[GET] /users/{userName}/roles — Gets a list of roles assigned to a user
[POST] /users Creates users
[Post] /users/{userName}/changePassword - Changes user password
[POST] /groups — Creates groups
[POST] /users/{userName}/groups - Overrides the user assigned groups with new values
[POST] /users/{userName}/roles - Overrides the user assigned roles with new values
[Post] /groups/{groupName}/permissions - Updates permissions for a group
[Post] /roles/{roleName}/permissions - Updates permissions for a role
[GET] /groups/{groupName}/permissions -Get all permissions for a group
[GET] /roles/{roleName}/permissions -Get all permissions for a role
[GET] /users/{userName}/permissions -Get all permissions for a user
[DELETE] /users/{userName} - Deletes a given user
[DELETE] /groups/{groupName} Deletes a given groups
Conclusion
These new security management APIs are a step forward in making Business central an independent platform to store and secure their knowledge artifacts.
We will soon publish detailed official documentation of each API in our official documentation. Stay tuned!
References
https://blog.kie.org/2016/07/security-management-in-jbpm-drools-workbenches.html
https://blog.kie.org/2016/04/user-and-group-management-in-jbpm-and-drools-workbenches.html
