Weaviate · Capability

Weaviate REST API — authz

Weaviate REST API — authz. 18 operations. Lead operation: Weaviate List All Groups Of A Specific Type. Self-contained Naftiko capability covering one Weaviate business surface.

Run with Naftiko Weaviateauthz

What You Can Do

GET

Getgroups — Weaviate List All Groups Of A Specific Type

/v1/authz/groups/{grouptype}

POST

Assignroletogroup — Weaviate Assign A Role To A Group

/v1/authz/groups/{id}/assign

POST

Revokerolefromgroup — Weaviate Revoke A Role From A Group

/v1/authz/groups/{id}/revoke

GET

Getrolesforgroup — Weaviate Get Roles Assigned To A Specific Group

/v1/authz/groups/{id}/roles/{grouptype}

GET

Getroles — Weaviate Get All Roles

/v1/authz/roles

POST

Createrole — Weaviate Create New Role

/v1/authz/roles

GET

Getrole — Weaviate Get A Role

/v1/authz/roles/{id}

DELETE

Deleterole — Weaviate Delete A Role

/v1/authz/roles/{id}

POST

Addpermissions — Weaviate Add Permissions To A Role

/v1/authz/roles/{id}/add-permissions

GET

Getgroupsforrole — Weaviate Get Groups That Have A Specific Role Assigned

/v1/authz/roles/{id}/group-assignments

POST

Haspermission — Weaviate Check Whether A Role Possesses A Permission

/v1/authz/roles/{id}/has-permission

POST

Removepermissions — Weaviate Remove Permissions From A Role

/v1/authz/roles/{id}/remove-permissions

GET

Getusersforrole — Weaviate Get Users Assigned To A Role

/v1/authz/roles/{id}/user-assignments

GET

Getusersforroledeprecated — Weaviate Get Users Assigned To A Role

/v1/authz/roles/{id}/users

POST

Assignroletouser — Weaviate Assign A Role To A User

/v1/authz/users/{id}/assign

POST

Revokerolefromuser — Weaviate Revoke A Role From A User

/v1/authz/users/{id}/revoke

GET

Getrolesforuserdeprecated — Weaviate Get Roles Assigned To A User

/v1/authz/users/{id}/roles

GET

Getrolesforuser — Weaviate Get Roles Assigned To A User

/v1/authz/users/{id}/roles/{usertype}

MCP Tools

weaviate-list-all-groups-specific

Weaviate List All Groups Of A Specific Type

read-only idempotent

weaviate-assign-role-group

Weaviate Assign A Role To A Group

weaviate-revoke-role-group

Weaviate Revoke A Role From A Group

weaviate-get-roles-assigned-specific

Weaviate Get Roles Assigned To A Specific Group

read-only idempotent

weaviate-get-all-roles

Weaviate Get All Roles

read-only idempotent

weaviate-create-new-role

Weaviate Create New Role

weaviate-get-role

Weaviate Get A Role

read-only idempotent

weaviate-delete-role

Weaviate Delete A Role

idempotent

weaviate-add-permissions-role

Weaviate Add Permissions To A Role

weaviate-get-groups-that-have

Weaviate Get Groups That Have A Specific Role Assigned

read-only idempotent

weaviate-check-whether-role-possesses

Weaviate Check Whether A Role Possesses A Permission

read-only

weaviate-remove-permissions-role

Weaviate Remove Permissions From A Role

weaviate-get-users-assigned-role

Weaviate Get Users Assigned To A Role

read-only idempotent

weaviate-get-users-assigned-role-2

Weaviate Get Users Assigned To A Role

read-only idempotent

weaviate-assign-role-user

Weaviate Assign A Role To A User

weaviate-revoke-role-user

Weaviate Revoke A Role From A User

weaviate-get-roles-assigned-user

Weaviate Get Roles Assigned To A User

read-only idempotent

weaviate-get-roles-assigned-user-2

Weaviate Get Roles Assigned To A User

read-only idempotent

Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: Weaviate REST API — authz
  description: 'Weaviate REST API — authz. 18 operations. Lead operation: Weaviate List All Groups Of A Specific Type. Self-contained
    Naftiko capability covering one Weaviate business surface.'
  tags:
  - Weaviate
  - authz
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    WEAVIATE_API_KEY: WEAVIATE_API_KEY
capability:
  consumes:
  - type: http
    namespace: weaviate-authz
    baseUri: http://localhost:8080
    description: Weaviate REST API — authz business capability. Self-contained, no shared references.
    resources:
    - name: authz-groups-groupType
      path: /authz/groups/{groupType}
      operations:
      - name: getgroups
        method: GET
        description: Weaviate List All Groups Of A Specific Type
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: groupType
          in: path
          type: string
          description: The type of group to retrieve.
          required: true
    - name: authz-groups-id-assign
      path: /authz/groups/{id}/assign
      operations:
      - name: assignroletogroup
        method: POST
        description: Weaviate Assign A Role To A Group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the group.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: authz-groups-id-revoke
      path: /authz/groups/{id}/revoke
      operations:
      - name: revokerolefromgroup
        method: POST
        description: Weaviate Revoke A Role From A Group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the group.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: authz-groups-id-roles-groupType
      path: /authz/groups/{id}/roles/{groupType}
      operations:
      - name: getrolesforgroup
        method: GET
        description: Weaviate Get Roles Assigned To A Specific Group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The unique name of the group.
          required: true
        - name: groupType
          in: path
          type: string
          description: The type of the group.
          required: true
        - name: includeFullRoles
          in: query
          type: boolean
          description: If true, the response will include the full role definitions with all associated permissions. If false,
            only role names are returned.
    - name: authz-roles
      path: /authz/roles
      operations:
      - name: getroles
        method: GET
        description: Weaviate Get All Roles
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createrole
        method: POST
        description: Weaviate Create New Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: authz-roles-id
      path: /authz/roles/{id}
      operations:
      - name: getrole
        method: GET
        description: Weaviate Get A Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the role.
          required: true
      - name: deleterole
        method: DELETE
        description: Weaviate Delete A Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the role.
          required: true
    - name: authz-roles-id-add-permissions
      path: /authz/roles/{id}/add-permissions
      operations:
      - name: addpermissions
        method: POST
        description: Weaviate Add Permissions To A Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name (ID) of the role being modified.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: authz-roles-id-group-assignments
      path: /authz/roles/{id}/group-assignments
      operations:
      - name: getgroupsforrole
        method: GET
        description: Weaviate Get Groups That Have A Specific Role Assigned
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The unique name of the role.
          required: true
    - name: authz-roles-id-has-permission
      path: /authz/roles/{id}/has-permission
      operations:
      - name: haspermission
        method: POST
        description: Weaviate Check Whether A Role Possesses A Permission
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the role.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: authz-roles-id-remove-permissions
      path: /authz/roles/{id}/remove-permissions
      operations:
      - name: removepermissions
        method: POST
        description: Weaviate Remove Permissions From A Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the role being modified.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: authz-roles-id-user-assignments
      path: /authz/roles/{id}/user-assignments
      operations:
      - name: getusersforrole
        method: GET
        description: Weaviate Get Users Assigned To A Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name (ID) of the role.
          required: true
    - name: authz-roles-id-users
      path: /authz/roles/{id}/users
      operations:
      - name: getusersforroledeprecated
        method: GET
        description: Weaviate Get Users Assigned To A Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the role.
          required: true
    - name: authz-users-id-assign
      path: /authz/users/{id}/assign
      operations:
      - name: assignroletouser
        method: POST
        description: Weaviate Assign A Role To A User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the user.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: authz-users-id-revoke
      path: /authz/users/{id}/revoke
      operations:
      - name: revokerolefromuser
        method: POST
        description: Weaviate Revoke A Role From A User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the user.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: authz-users-id-roles
      path: /authz/users/{id}/roles
      operations:
      - name: getrolesforuserdeprecated
        method: GET
        description: Weaviate Get Roles Assigned To A User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the user.
          required: true
    - name: authz-users-id-roles-userType
      path: /authz/users/{id}/roles/{userType}
      operations:
      - name: getrolesforuser
        method: GET
        description: Weaviate Get Roles Assigned To A User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The name of the user.
          required: true
        - name: userType
          in: path
          type: string
          description: The type of the user.
          required: true
        - name: includeFullRoles
          in: query
          type: boolean
          description: Whether to include detailed role information like its assigned permissions.
    authentication:
      type: bearer
      token: '{{env.WEAVIATE_API_KEY}}'
  exposes:
  - type: rest
    namespace: weaviate-authz-rest
    port: 8080
    description: REST adapter for Weaviate REST API — authz. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/authz/groups/{grouptype}
      name: authz-groups-grouptype
      description: REST surface for authz-groups-groupType.
      operations:
      - method: GET
        name: getgroups
        description: Weaviate List All Groups Of A Specific Type
        call: weaviate-authz.getgroups
        with:
          groupType: rest.groupType
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/groups/{id}/assign
      name: authz-groups-id-assign
      description: REST surface for authz-groups-id-assign.
      operations:
      - method: POST
        name: assignroletogroup
        description: Weaviate Assign A Role To A Group
        call: weaviate-authz.assignroletogroup
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/groups/{id}/revoke
      name: authz-groups-id-revoke
      description: REST surface for authz-groups-id-revoke.
      operations:
      - method: POST
        name: revokerolefromgroup
        description: Weaviate Revoke A Role From A Group
        call: weaviate-authz.revokerolefromgroup
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/groups/{id}/roles/{grouptype}
      name: authz-groups-id-roles-grouptype
      description: REST surface for authz-groups-id-roles-groupType.
      operations:
      - method: GET
        name: getrolesforgroup
        description: Weaviate Get Roles Assigned To A Specific Group
        call: weaviate-authz.getrolesforgroup
        with:
          id: rest.id
          groupType: rest.groupType
          includeFullRoles: rest.includeFullRoles
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/roles
      name: authz-roles
      description: REST surface for authz-roles.
      operations:
      - method: GET
        name: getroles
        description: Weaviate Get All Roles
        call: weaviate-authz.getroles
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createrole
        description: Weaviate Create New Role
        call: weaviate-authz.createrole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/roles/{id}
      name: authz-roles-id
      description: REST surface for authz-roles-id.
      operations:
      - method: GET
        name: getrole
        description: Weaviate Get A Role
        call: weaviate-authz.getrole
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleterole
        description: Weaviate Delete A Role
        call: weaviate-authz.deleterole
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/roles/{id}/add-permissions
      name: authz-roles-id-add-permissions
      description: REST surface for authz-roles-id-add-permissions.
      operations:
      - method: POST
        name: addpermissions
        description: Weaviate Add Permissions To A Role
        call: weaviate-authz.addpermissions
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/roles/{id}/group-assignments
      name: authz-roles-id-group-assignments
      description: REST surface for authz-roles-id-group-assignments.
      operations:
      - method: GET
        name: getgroupsforrole
        description: Weaviate Get Groups That Have A Specific Role Assigned
        call: weaviate-authz.getgroupsforrole
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/roles/{id}/has-permission
      name: authz-roles-id-has-permission
      description: REST surface for authz-roles-id-has-permission.
      operations:
      - method: POST
        name: haspermission
        description: Weaviate Check Whether A Role Possesses A Permission
        call: weaviate-authz.haspermission
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/roles/{id}/remove-permissions
      name: authz-roles-id-remove-permissions
      description: REST surface for authz-roles-id-remove-permissions.
      operations:
      - method: POST
        name: removepermissions
        description: Weaviate Remove Permissions From A Role
        call: weaviate-authz.removepermissions
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/roles/{id}/user-assignments
      name: authz-roles-id-user-assignments
      description: REST surface for authz-roles-id-user-assignments.
      operations:
      - method: GET
        name: getusersforrole
        description: Weaviate Get Users Assigned To A Role
        call: weaviate-authz.getusersforrole
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/roles/{id}/users
      name: authz-roles-id-users
      description: REST surface for authz-roles-id-users.
      operations:
      - method: GET
        name: getusersforroledeprecated
        description: Weaviate Get Users Assigned To A Role
        call: weaviate-authz.getusersforroledeprecated
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/users/{id}/assign
      name: authz-users-id-assign
      description: REST surface for authz-users-id-assign.
      operations:
      - method: POST
        name: assignroletouser
        description: Weaviate Assign A Role To A User
        call: weaviate-authz.assignroletouser
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/users/{id}/revoke
      name: authz-users-id-revoke
      description: REST surface for authz-users-id-revoke.
      operations:
      - method: POST
        name: revokerolefromuser
        description: Weaviate Revoke A Role From A User
        call: weaviate-authz.revokerolefromuser
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/users/{id}/roles
      name: authz-users-id-roles
      description: REST surface for authz-users-id-roles.
      operations:
      - method: GET
        name: getrolesforuserdeprecated
        description: Weaviate Get Roles Assigned To A User
        call: weaviate-authz.getrolesforuserdeprecated
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authz/users/{id}/roles/{usertype}
      name: authz-users-id-roles-usertype
      description: REST surface for authz-users-id-roles-userType.
      operations:
      - method: GET
        name: getrolesforuser
        description: Weaviate Get Roles Assigned To A User
        call: weaviate-authz.getrolesforuser
        with:
          id: rest.id
          userType: rest.userType
          includeFullRoles: rest.includeFullRoles
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: weaviate-authz-mcp
    port: 9090
    transport: http
    description: MCP adapter for Weaviate REST API — authz. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: weaviate-list-all-groups-specific
      description: Weaviate List All Groups Of A Specific Type
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getgroups
      with:
        groupType: tools.groupType
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-assign-role-group
      description: Weaviate Assign A Role To A Group
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: weaviate-authz.assignroletogroup
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-revoke-role-group
      description: Weaviate Revoke A Role From A Group
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: weaviate-authz.revokerolefromgroup
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-get-roles-assigned-specific
      description: Weaviate Get Roles Assigned To A Specific Group
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getrolesforgroup
      with:
        id: tools.id
        groupType: tools.groupType
        includeFullRoles: tools.includeFullRoles
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-get-all-roles
      description: Weaviate Get All Roles
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getroles
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-create-new-role
      description: Weaviate Create New Role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: weaviate-authz.createrole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-get-role
      description: Weaviate Get A Role
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getrole
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-delete-role
      description: Weaviate Delete A Role
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: weaviate-authz.deleterole
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-add-permissions-role
      description: Weaviate Add Permissions To A Role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: weaviate-authz.addpermissions
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-get-groups-that-have
      description: Weaviate Get Groups That Have A Specific Role Assigned
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getgroupsforrole
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-check-whether-role-possesses
      description: Weaviate Check Whether A Role Possesses A Permission
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: weaviate-authz.haspermission
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-remove-permissions-role
      description: Weaviate Remove Permissions From A Role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: weaviate-authz.removepermissions
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-get-users-assigned-role
      description: Weaviate Get Users Assigned To A Role
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getusersforrole
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-get-users-assigned-role-2
      description: Weaviate Get Users Assigned To A Role
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getusersforroledeprecated
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-assign-role-user
      description: Weaviate Assign A Role To A User
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: weaviate-authz.assignroletouser
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-revoke-role-user
      description: Weaviate Revoke A Role From A User
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: weaviate-authz.revokerolefromuser
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-get-roles-assigned-user
      description: Weaviate Get Roles Assigned To A User
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getrolesforuserdeprecated
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: weaviate-get-roles-assigned-user-2
      description: Weaviate Get Roles Assigned To A User
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: weaviate-authz.getrolesforuser
      with:
        id: tools.id
        userType: tools.userType
        includeFullRoles: tools.includeFullRoles
      outputParameters:
      - type: object
        mapping: $.