API Access Control

Blameless providers users with the ability to manage API access control via users, groups and roles. Each API endpoint can have at most one rule associated with it.

The authorization hook is associated with a (verb, resource,rule) tuple. If the user's identity has a matching rule, then calling the (verb, resource) API is granted.

All users with matching rules and permissions are permitted access to the endpoint. Any endpoint without a rule (i.e. None) are accessible by all authenticated users.

API Access Control Examples

Authorization

The authorization hook is associated with a (verb, resource,rule) tuple. If the user's identity has a matching rule, then calling the (verb, resource) API is granted.

For example, the health does not have access control, while GET /api/v1/incidents requires the IncidentRead rule.