role
A role definition
The UUID of the returned object
eef4aefc-d64e-4c2c-aba4-4914c86ce059Name of the role
A comment describing the object
A commentPermit agent
Scopes host and connection permissions to an access group
Array of permissions
Possible values: [licenses-manage, api-clients-manage, idp-clients-view, idp-clients-manage, connections-view, connections-manage, connections-playback, connections-terminate, connections-manual, connections-trail, connections-authorize, ueba-view, ueba-manage, hosts-view, hosts-manage, privx-host-provisioning, network-targets-view, network-targets-manage, role-target-resources-view, role-target-resources-manage, roles-view, roles-manage, sources-view, sources-manage, sources-data-push, users-view, users-manage, logs-view, logs-manage, workflows-manage, workflows-view, vault-manage, vault-add, access-groups-manage, workflows-requests-on-behalf, workflows-requests, authorized-keys-manage, settings-manage, settings-view, requests-view, certificates-view, webauthn-credentials-manage, mobilegw-view, mobilegw-manage, target-domains-view, target-domains-manage]
context object
Contextual limitation
Are contextual limitations enabled
If set to true and contextual limitations do not allow role/object, then the role/object is blocked. Otherwise the role/object is granted and an audit event is triggered.
Possible values: [MON, TUE, WED, THU, FRI, SAT, SUN]
Start time of day as HH:MM when contextual limit allows access
End time of day as HH:MM when contextual limit allows access
Time zone of start_time and end_time
role type
role ARN
Is the role PrivX internal
falseWhen the object was created
2017-01-01T15:05:05ZID of the user who originally authored the object
When the object was created
2017-01-01T15:05:05ZID of the user who updated the object
eef4aefc-d64e-4c2c-aba4-4914c86ce059When the object was deleted (tombstoned)
2017-01-01T15:05:05ZID of the user who deleted the object
eef4aefc-d64e-4c2c-aba4-4914c86ce059source_rules objectrequired
A source rule(s) definition. Can be a single rule or a rule group, in which case either "single" or "group" attributes are requrired
Is the source rule a single rule or a group
Possible values: [RULE, GROUP]
For single type, the ID of the source provider
For single type, the search string at the source provider.
For group type, should all or any of the rules in the rules array match
Possible values: [ALL, ANY]
For group type, the rules array
Array of tag strings
Source of rule
Role member count
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "string",
"comment": "A comment",
"principal_public_key_strings": [
"string"
],
"permit_agent": true,
"access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"permissions": [
"licenses-manage"
],
"context": {
"enabled": true,
"block_role": true,
"validity": [
"MON"
],
"start_time": "string",
"end_time": "string",
"timezone": "string",
"ip_masks": [
"string"
]
},
"type": "string",
"arn": "string",
"system": false,
"created": "2017-01-01T15:05:05Z",
"author": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"deleted": "2017-01-01T15:05:05Z",
"deleted_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"source_rules": {
"type": "RULE",
"source": "string",
"search_string": "string",
"match": "ALL",
"rules": [
null
]
},
"tags": [
"string"
],
"source": "string",
"member_count": 0
}