Defining an operation for a privileged action - PingOne - PingOne Services - PingOne Cloud Platform

Defining an operation for a privileged action - PingOne - PingOne Services - PingOne Cloud Platform - PingOne Authorize

PingOne Cloud Platform

bundle

pingone

ft:publication_title

PingOne Cloud Platform

Product_Version_ce

PingOne

PingOne Cloud Platform

category

Administratorguide

ContentType

Guide

Product

Productdocumentation

p1cloudplatform

ContentType_ce

Product documentation

Guide

Guide > Administrator Guide

Page created: 13 Feb 2023 |

Page updated: 20 Sep 2023

| 2 min read

Product documentation Content Type Guide Administrator Guide PingOne Cloud Platform PingOne Product PingOne Authorize PingOne Services

Learn how to add API service operations in PingOne and use rules to control access to operations.

Define an API service operation to match the API requests used to get another user’s submitted memes. Then, create a rule to give only members of the Meme Game Admins group permission to perform the operation.

In PingOne, go to Authorize > API Services.
Click the Meme Game API service, and then click the Operations tab.
Click Define Operation to create a new operation.
Define a method and path combination that matches a client request to the API:
1. Click Methods, and then select the GET method. Click outside the list of methods to close it.
2. For Paths, enter the following:
  
  /api/v1/users/*/answers
  
  This is the API path for getting a user’s memes. The path must start with a slash (/). The asterisk (*) is a wildcard that represents any answers.
3. For Name, enter Get memes of another user.
4. Click Next.
Define a basic rule that allows administrators to perform this operation:

Basic rules grant access to protected operations based on group membership and authorized scopes.

Note:
In the next tutorial, you'll define a more advanced custom rule for an operation. For more information about basic and custom rules, see Defining operations for protected actions.
1. Select the The user must be a member of any of these groups check box.
2. Click Groups, and then select the Meme Game Admins group. Click outside the list of groups to close it.
3. Click Save.
  
  Now, only members of the Meme Game Admins group can call the Get memes of another user operation. This is what the operation looks like.
Click Deploy to deploy the new API service operation.

You added an API service operation that controls access to an action and you gave members of the administrator group access to perform the action.

Demonstrate how the API service enforces access control by allowing a request from administrators to review submitted memes and rejecting the request from players.