Home >Documents >Enterprise Cloud 2.0 Tutorial v2.43.3 > 2. Common Function > 2.1. Use NTT Com Business Portal (Business Portal) > 2.1.5. How to use Smart Data Platform IAM > 2.1.5.1. How to Use API Authority Control Function > API Authority Settings (API) >Creating IAM Role

Creating IAM Role

For creating IAM Role that controls actual API Execution Authority, the following end point and parameters are used:

End point:
POST {api_endpoint}/api/v2/iam/roles
Parameter

contract_id (optional):

Contract ID (at default, the API execution user's Contract ID).

iam_role_name :

Name of IAM Role.

description (optional):

Explanation about IAM Role.

resources:

API Execution Permission List in whitelist style. The following five parameters should be contained:

basePath (described within resources):

Each API end point permitting execution.

ipAddress (described within resources):

Global IP address of access resource permitting execution.

path (described within resources):

URL Path permitting execution.

verb (described within resources):

Method permitting execution.

Optional elements (described within resources):

Any value included in query parameters and request bodies of each API, which is optionally entered.

Examples of a request body that creates the IAM Role allowing GET operation of Management Function and its actual request:

{
    "contract_id": "econXXXXXXXXX",
    "iam_role_name": "sss_get_role",
    "description": "Portal READ Only Permission",
    "resources": [
        {
            "ipAddress": "*",
            "basePath": "/ecl-sss",
            "path": "*",
            "verb": "GET"
        }
    ]
}

curl -1 -i -X POST \
-H "X-Auth-Token:d381dd28fa804954972d2b6e7609a00a" \
-H "Content-Type:application/json" \
-d \
'{
    "contract_id": "econXXXXXXXXX",
    "iam_role_name": "sss_get_role",
    "description": "Portal READ Only Permission",
    "resources": [
        {
            "ipAddress": "*",
            "basePath": "/ecl-sss",
            "path": "*",
            "verb": "GET"
        }
    ]
 }' https://sss-jp1-ecl.api.ntt.com/api/v2/iam/roles
Example of the response at successful IAM Role creating:
The response iam_role_id , which appears when the IAM Role is successfully created, is necessary when linking it with IAM Group or the user and deleting this.
HTTP/1.1 201 Created
Date: Wed, 17 Aug 2016 07:12:09 GMT
Content-Type: application/json
Content-Length: 208
Connection: keep-alive
Set-Cookie: TS0183560f=01ccdba5ce1ef3285bf92fd59c7086829cbd0614e9fa8c1f832317bb53e565a1ff9a62f0771; Path=/

{"contract_id":"econXXXXXXXXX","iam_role_id":"e8422cea-6449-11e6-82d8-7f1d195e00b5","iam_role_name":"sss_get_role","description":"Portal READ Only Permission","resources":[{"ipAddress":"*","basePath":"/ecl-sss","path":"*","verb":"GET"}]}
Creating IAM Group
Linking IAM Group and IAM Role