Skip to main content
Version: v41

command_restrictions

SSH shell/exec command restrictions for the principal

enabledboolean

Are command restrictions enabled

default_whitelist object

Default whitelist handle, required if command restrictions are enabled

idstring<uuid>required

Whitelist ID

namestring

Whitelist name

deletedboolean

Has whitelist been deleted, ignored in requests

rshell_variantstring

Restricted shell variant, required if command restrictions are enabled

Possible values: [bash, posix]

bannerstring

Optional banner displayed in SSH terminal

allow_no_matchboolean

If true then commands that do not match any whitelist pattern are allowed to execute

audit_matchboolean

If true then an audit event is generated for every allowed command

audit_no_matchboolean

If true then an audit event is generated for every disallowed command

whitelists object[]
  • Array [
    • whitelist object
    idstring<uuid>required

    Whitelist ID

    namestring

    Whitelist name

    deletedboolean

    Has whitelist been deleted, ignored in requests

    roles object[]

    List of roles granting access to the whitelist

  • Array [
    • idstring<uuid>required

    Role ID

    namestring

    Role name

  • ]
  • ]
    • command_restrictions
    {
      "enabled": true,
      "default_whitelist": {
        "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "name": "string",
        "deleted": true
      },
      "rshell_variant": "bash",
      "banner": "string",
      "allow_no_match": true,
      "audit_match": true,
      "audit_no_match": true,
      "whitelists": [
        {
          "whitelist": {
            "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
            "name": "string",
            "deleted": true
          },
          "roles": [
            {
              "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
              "name": "string"
            }
          ]
        }
      ]
    }