...
This module does not defined any specific roles or enforce permissions granted to roles. For roles to be effective, this module must be configured alongside a Policy Enforcement Point (PEP) that is aware of roles. Two roles-aware PEPs are provided as reference implementations, the Basic Roles-Based PEP and the XACML PEP.
How It Works
The module adds another REST endpoint to every Fedora object and datastream path. The URL pattern is as follows:
<path to object>/fcr:accessRoles
These are the REST methods:
GET - Retrieves the roles assigned on a resource.
GET w/effective parameter - Retrieves the effective roles assigned on a resource, which may cascade from an ancestor role assignment.
POST - Sets all the roles assigned on a resource.
DELETE - Removes any roles assigned on a resource, such that effective roles are inherited again.
The POST and GET methods currently support a JSON structure like the followings.
Roles names are custom. The module does not define the set of role names that may be assigned in Fedora. If you choose to configure a set of supported roles, then the roles assigned via this API will be validated.
...