Skip to main content
Version: v41

role

A role definition

idstring<uuid>

The UUID of the returned object

Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
namestringrequired

Name of the role

commentstring

A comment describing the object

Example: A comment
principal_public_key_stringsstring[]
permit_agentboolean

Permit agent

access_group_idstring<uuid>

Scopes host and connection permissions to an access group

permissionspermission (string)[]

Array of permissions

Possible values: [licenses-manage, api-clients-manage, idp-clients-view, idp-clients-manage, connections-view, connections-manage, connections-playback, connections-terminate, connections-manual, connections-trail, connections-authorize, ueba-view, ueba-manage, hosts-view, hosts-manage, privx-host-provisioning, network-targets-view, network-targets-manage, role-target-resources-view, role-target-resources-manage, roles-view, roles-manage, sources-view, sources-manage, sources-data-push, users-view, users-manage, logs-view, logs-manage, workflows-manage, workflows-view, vault-manage, vault-add, access-groups-manage, workflows-requests-on-behalf, workflows-requests, authorized-keys-manage, settings-manage, settings-view, requests-view, certificates-view, webauthn-credentials-manage, mobilegw-view, mobilegw-manage, target-domains-view, target-domains-manage]

context object

Contextual limitation

enabledboolean

Are contextual limitations enabled

block_roleboolean

If set to true and contextual limitations do not allow role/object, then the role/object is blocked. Otherwise the role/object is granted and an audit event is triggered.

validitystring[]

Possible values: [MON, TUE, WED, THU, FRI, SAT, SUN]

start_timestring

Start time of day as HH:MM when contextual limit allows access

end_timestring

End time of day as HH:MM when contextual limit allows access

timezonestring

Time zone of start_time and end_time

ip_masksstring[]
typestring

role type

arnstring

role ARN

systemboolean

Is the role PrivX internal

Default value: false
createdstring<date-time>

When the object was created

Example: 2017-01-01T15:05:05Z
authorstring<uuid>

ID of the user who originally authored the object

updatedstring<date-time>

When the object was created

Example: 2017-01-01T15:05:05Z
updated_bystring<uuid>

ID of the user who updated the object

Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
deletedstring<date-time>

When the object was deleted (tombstoned)

Example: 2017-01-01T15:05:05Z
deleted_bystring<uuid>

ID of the user who deleted the object

Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
source_rules objectrequired

A source rule(s) definition. Can be a single rule or a rule group, in which case either "single" or "group" attributes are requrired

typestring

Is the source rule a single rule or a group

Possible values: [RULE, GROUP]

sourcestring

For single type, the ID of the source provider

search_stringstring

For single type, the search string at the source provider.

matchstring

For group type, should all or any of the rules in the rules array match

Possible values: [ALL, ANY]

rulesundefined[]

For group type, the rules array

tagsstring[]

Array of tag strings

sourcestring

Source of rule

member_countinteger

Role member count

role
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "string",
"comment": "A comment",
"principal_public_key_strings": [
"string"
],
"permit_agent": true,
"access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"permissions": [
"licenses-manage"
],
"context": {
"enabled": true,
"block_role": true,
"validity": [
"MON"
],
"start_time": "string",
"end_time": "string",
"timezone": "string",
"ip_masks": [
"string"
]
},
"type": "string",
"arn": "string",
"system": false,
"created": "2017-01-01T15:05:05Z",
"author": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"deleted": "2017-01-01T15:05:05Z",
"deleted_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"source_rules": {
"type": "RULE",
"source": "string",
"search_string": "string",
"match": "ALL",
"rules": [
null
]
},
"tags": [
"string"
],
"source": "string",
"member_count": 0
}