OpenAPI extension: x-rbac
The x-rbac
option allows you to control access to various OpenAPI objects based on the teams in your organization.
Location
Add x-rbac
to any OpenAPI object, such as an Operation
, Parameter
, or Schema
. If the current user is not in a team with access, the object is not rendered in the documentation. Objects restricted by x-rbac
are excluded from the downloadable OpenAPI file, ensuring consistent access control across all representations of the API documentation.
When x-rbac
is applied to a Parameter object or Schema object property, it removes the object from the search functionality. This includes users who have access to this object.
Options
Option | Type | Description |
---|---|---|
x-rbac | Map[string, string] | Map of team names to project roles. Team names come from the identity provider or teams associated with the Redocly login. Additionally, there are automated team names anonymous (meaning all users who are not logged in), authenticated (meaning any user who is logged in). Learn more about mapping group names that come from the identity provider through the single-sign-on (SSO) configuration to either Redocly default teams or project RBAC teams. In addition, the team name * represents the rest of the teams not defined in sibling properties including anonymous and authenticated . Possible values of roles: none , read , write , triage , maintain , or admin . |
Example
The following example shows how to enable access to the GetMuseumHours
operation to only those users who are authenticated.
---
paths:
/museum-hours:
get:
summary: Get museum hours
description: Get upcoming museum operating hours.
operationId: getMuseumHours
x-rbac:
authenticated: read
tags:
- Operations
# ...
---
Resources
- Learn more about role-based access control.
- Add a role-based access control configuration to your project.
- Control which extensions are included in your API reference documentation with the showExtensions configuration setting.
- See all openapi configuration settings.
- See a full list of supported OpenAPI extensions.