role_handle
A simple role handle for getting & updating user roles
A comment describing the object
A comment
Principal public keys, returned only from /users/resolve
Permit agent, returned only from /users/resolve
Scopes host and connection permissions to an access group
Array of permissions
Possible values: [licenses-manage
, api-clients-manage
, idp-clients-view
, idp-clients-manage
, connections-view
, connections-manage
, connections-playback
, connections-terminate
, connections-manual
, connections-trail
, connections-authorize
, ueba-view
, ueba-manage
, hosts-view
, hosts-manage
, privx-host-provisioning
, network-targets-view
, network-targets-manage
, role-target-resources-view
, role-target-resources-manage
, roles-view
, roles-manage
, sources-view
, sources-manage
, sources-data-push
, users-view
, users-manage
, logs-view
, logs-manage
, workflows-manage
, workflows-view
, vault-manage
, vault-add
, access-groups-manage
, workflows-requests-on-behalf
, workflows-requests
, authorized-keys-manage
, settings-manage
, settings-view
, requests-view
, certificates-view
, webauthn-credentials-manage
, mobilegw-view
, mobilegw-manage
, target-domains-view
, target-domains-manage
]
context object
Contextual limitation
Are contextual limitations enabled
If set to true and contextual limitations do not allow role/object, then the role/object is blocked. Otherwise the role/object is granted and an audit event is triggered.
Possible values: [MON
, TUE
, WED
, THU
, FRI
, SAT
, SUN
]
Start time of day as HH:MM when contextual limit allows access
End time of day as HH:MM when contextual limit allows access
Time zone of start_time and end_time
Is the role explicitly granted to the user
false
Has the user implicitly gained the role or not.
false
false
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window.
Possible values: [PERMANENT
, TIME_RESTRICTED
, FLOATING
]
grant_validity_periods object[]
Array of validity periods for this role. This array replaces grant_start and grant_end attributes in role object.
Date & time after which the role is granted to the user in ISO8601
2017-01-01T15:05:05Z
Date & time after which the role is removed from the user in ISO8601
2017-01-02T15:05:05Z
Duration for which the grant should last after initial connection, specified in hours
24
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string",
"comment": "A comment",
"principal_public_key_strings": [
"string"
],
"permit_agent": true,
"access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"permissions": [
"licenses-manage"
],
"context": {
"enabled": true,
"block_role": true,
"validity": [
"MON"
],
"start_time": "string",
"end_time": "string",
"timezone": "string",
"ip_masks": [
"string"
]
},
"explicit": false,
"implicit": false,
"system": false,
"grant_type": "PERMANENT",
"grant_validity_periods": [
{
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-02T15:05:05Z"
}
],
"floating_length": 24
}