Example – Restricted to roles

Access restrictions table

The following example uses a simple set of access restriction rules with 4 different roles:

Access restrictions_example for restricted roles

#

HTTP Method

Path

Restricted to Roles

1

^GET$

.*

weak

2

^GET$ (inverted)

.*

strong, admin

3

^(POST|PATCH|DELETE)$

^/accounts

useradmin, admin

4

.*

^/admin

admin

The example requests are restricted as follows:

Sent request

Required role(s)

Applied rule(s) #

GET /index.html

weak

1

GET /admin/index.html

weak and admin

1, 4

GET /accounts/

weak

1

PATCH /users/h7466

strong or admin

2

POST /accounts/id775

(strong or admin) and (useradmin or admin) - i.e.
admin or (strong and useradmin)

2, 3

DELETE /admin/user/bfg4

admin

2, 4

GET /admin/users

weak and admin

1, 4