RS Gateway Roles

RS Gateway roles define which operations a client can perform.

The following RS Gateway roles are supported:

MTX_ROLE_RSG_CREATE — For processing the HTTP POST requests.
MTX_ROLE_RSG_UPDATE — For processing the HTTP PUT requests.
MTX_ROLE_RSG_READ — For processing the HTTP GET requests.
MTX_ROLE_RSG_DELETE — For processing the HTTP DELETE requests.
MTX_ROLE_RSG_DEBUG — For access to the Web Application Status information in the RS Gateway Administrative UI.

In addition, the following administrative roles are supported:

MTX_ROLE_RSG_STD — To access the RS Gateway administrative UI.
MTX_ROLE_RSG_ADMIN — To perform any of the REST operations and access the RS Gateway administrative UI.

Any user that has the MTX_ROLE_RSG_ADMIN role can list the operations which can be performed by the RS Gateway by using the following URIs:

/data/v3 — List all of the XML operations.
/data/json — List all of the JSON operations.
/data/openapi — List all of the OpenAPI operations.

For multi-tenancy, to grant access to user data for a specific tenant, you must assign the tenant role, MTX_TNT_TenantID, where is the Tenant ID defined in the tenant profile in My MATRIXX. For example, if you have two tenants, One and Two, to grant access to their data, you must define MTX_TNT_One and MTX_TNT_Two.

For more information about the SubMan APIs, including how clients can submit credentials using the SubMan login API or authentication headers, see MATRIXX Subscriber Management API.

The following shows how to configure roles for different clients:

# std: '{bcrypt}xxxxxx, MTX_ROLE_RSG_STD'
# admin: '{bcrypt}xxxxxx, MTX_ROLE_RSG_ADMIN, MTX_ROLE_RSG_STD, MTX_ROLE_RSG_CREATE, MTX_ROLE_RSG_READ,MTX_ROLE_RSG_UPDATE, MTX_ROLE_RSG_DELETE, MTX_ROLE_RSG_DEBUG'
matrixxbct: '{bcrypt}xxxxxx, MTX_ROLE_RSG_CREATE, MTX_ROLE_RSG_READ, MTX_ROLE_RSG_UPDATE, MTX_ROLE_RSG_DELETE, MTX_ROLE_RSG_STD, MTX_ROLE_RSG_DEBUG, MTX_TNT_TenantId1, MTX_TNT_TenantId2'
notifier: '{bcrypt}xxxxxx, MTX_ROLE_RSG_CREATE, MTX_ROLE_RSG_READ, MTX_ROLE_RSG_UPDATE, MTX_ROLE_RSG_DELETE, MTX_ROLE_RSG_STD'
streamer: '{bcrypt}xxxxxx, MTX_ROLE_RSG_CREATE, MTX_ROLE_RSG_READ, MTX_ROLE_RSG_UPDATE, MTX_ROLE_RSG_DELETE, MTX_ROLE_RSG_STD'
user: '{bcrypt}xxxxxx, MTX_ROLE_RSG_CREATE, MTX_ROLE_RSG_READ, MTX_ROLE_RSG_UPDATE, MTX_ROLE_RSG_DELETE, MTX_ROLE_RSG_STD'

The std and admin users are disabled out-of-the-box. To enable the std and admin users, add the users to the rsgateway_users.yaml as described in the discussion about adding RS Gateway users.

For information about customizing user passwords, see the discussion about adding an RS Gateway user.

Important: You should change the out-of-the-box values before deploying to a production environment.

Configure anonymous RS Gateway user roles in the Helm values file. Users with anonymous user roles can connect to the RS Gateway without providing user credentials. The out-of-the-box anonymous user configuration includes the following anonymousUser roles.

anonymousUser:
  roles: MTX_ROLE_RSG_ADMIN,MTX_ROLE_RSG_STD,MTX_ROLE_RSG_CREATE,MTX_ROLE_RSG_READ,MTX_ROLE_RSG_UPDATE,MTX_ROLE_RSG_DELETE

For information about assigning roles for URL authorization, see the discussion about URL authorization.