add favicons

README.md

@@ -114,7 +114,7 @@ POST `/api/admin/user/delete`
 Data
 ```
 {
-    "userName": ""
+    "userName": "example_username"
 }
 ```
 
@@ -126,17 +126,38 @@ POST `/api/login`
 Data
 ```
 {
-    "username": "", 
+    "username": "example_username", 
-    "password": ""
+    "password": "example_password"
 }
 ```
 This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`, and must be supplied via a HTTP header in the form `"Authorization: Bearer <JWT_TOKEN>"` for all subsequent API calls.
 
+### Role Operations
+
 #### List Roles
 GET `/api/admin/roles`
 
 This operation can only be performed by a user with a role that is admin enabled. Lists currently defined roles.
 
+#### Create Role
+POST `/api/admin/role/add`
+
+Data
+```
+{
+    "roleName":"example role",
+    "readOnly":true,
+    "Admin":false,
+    "LdapGroup":"CN=smt_users,OU=Groups,DC=example,DC=com"
+}
+```
+
+This operation can only be performed by a user with a role that is admin enabled. Creates a new role. Can be read only, or admin enabled, or map to an LDAP group if LDAP integration is being used. 
+
+Users allocated to this role will only be able to access secrets that are part of this role. The exception being users in a role with admin enabled; any user in an admin enabled role can access all secrets.
+
+Ldap group must be specified via the full distinguishedName. The simplest way to get this information is to run the command `dsquery group -name <known group name>` from a windows machine.
+
 #### List Users
 GET `/api/admin/users`