Skip to main content
Version: v41

command_restrictions

SSH shell/exec command restrictions for the principal

enabledboolean

Are command restrictions enabled

default_whitelist object

Default whitelist handle, required if command restrictions are enabled

idstring<uuid>required

Whitelist ID

namestring

Whitelist name

deletedboolean

Has whitelist been deleted, ignored in requests

rshell_variantstring

Restricted shell variant, required if command restrictions are enabled

Possible values: [bash, posix]

bannerstring

Optional banner displayed in SSH terminal

allow_no_matchboolean

If true then commands that do not match any whitelist pattern are allowed to execute

audit_matchboolean

If true then an audit event is generated for every allowed command

audit_no_matchboolean

If true then an audit event is generated for every disallowed command

whitelists object[]
  • Array [
  • whitelist object
    idstring<uuid>required

    Whitelist ID

    namestring

    Whitelist name

    deletedboolean

    Has whitelist been deleted, ignored in requests

    roles object[]

    List of roles granting access to the whitelist

  • Array [
  • idstring<uuid>required

    Role ID

    namestring

    Role name

  • ]
  • ]
  • command_restrictions
    {
    "enabled": true,
    "default_whitelist": {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string",
    "deleted": true
    },
    "rshell_variant": "bash",
    "banner": "string",
    "allow_no_match": true,
    "audit_match": true,
    "audit_no_match": true,
    "whitelists": [
    {
    "whitelist": {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string",
    "deleted": true
    },
    "roles": [
    {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string"
    }
    ]
    }
    ]
    }