API Permissions¶
Note
To be able to log in to the API and access all of the API functions the user must have the api_access attribute enabled.
Note
You can use the ES-API-KEY HTTP header or -api-key es parameter to perform an authenticated API request.
The API functions may use the following permissions to restrict access to certain users:
| Permission | API name | ACL? | Description |
| APIAccess | ✗ | The user must have the api_access attribute enabled. |
|
| SuperAdmin | ✗ | The user must have the is_super_admin attribute enabled. |
|
| Admin | admin | ✓ | The user must have the Admin permission or be a DC owner or SuperAdmin. |
| NetworkAdmin | network_admin | ✓ | The user must have the NetworkAdmin and Admin permissions or be a SuperAdmin. |
| ImageAdmin | image_admin | ✓ | The user must have the ImageAdmin and Admin permissions or be a SuperAdmin. |
| ImageImportAdmin | image_import_admin | ✓ | The user must have the ImageAdmin, ImageImportAdmin and Admin permissions or be a SuperAdmin. |
| TemplateAdmin | template_admin | ✓ | The user must have the TemplateAdmin and Admin permissions or be a SuperAdmin. |
| IsoAdmin | iso_admin | ✓ | The user must have the IsoAdmin and Admin permissions or be a SuperAdmin. |
| UserAdmin | user_admin | ✓ | The user must have the UserAdmin and Admin permissions or be a SuperAdmin. |
| DnsAdmin | dns_admin | ✓ | The user must have the DnsAdmin and Admin permissions or be a SuperAdmin. |
| MonitoringAdmin | monitoring_admin | ✓ | The user must have the MonitoringAdmin and Admin permissions or be a SuperAdmin. |
| ProfileOwner | ✗ | The user must be the owner of the Profile or SuperAdmin. | |
| VmOwner | ✗ | The user must be the owner of the Virtual Machine or have the Admin or SuperAdmin permission. | |
| TaskCreator | ✗ | The user must be the one who created the task or have the Admin or SuperAdmin permission. | |
| UserTask | ✗ | The user must be the owner of the object modified by the task or have the Admin or SuperAdmin permission. | |
| DomainOwner | ✗ | The user must be the owner of the DNS Domain or SuperAdmin. |
ACL¶
The ACL permissions can be assigned to groups via the group and permission API and used for advanced user and group policies.