Skip to main content
Version: v41

role_request

A role definition

namestringrequired

Name of the role

commentstring

A comment describing the object

Example: A comment
permit_agentboolean

Permit agent

access_group_idstring<uuid>

Scopes host and connection permissions to an access group

permissionspermission (string)[]

Array of permissions

Possible values: [licenses-manage, api-clients-manage, idp-clients-view, idp-clients-manage, connections-view, connections-manage, connections-playback, connections-terminate, connections-manual, connections-trail, connections-authorize, ueba-view, ueba-manage, hosts-view, hosts-manage, privx-host-provisioning, network-targets-view, network-targets-manage, role-target-resources-view, role-target-resources-manage, roles-view, roles-manage, sources-view, sources-manage, sources-data-push, users-view, users-manage, logs-view, logs-manage, workflows-manage, workflows-view, vault-manage, vault-add, access-groups-manage, workflows-requests-on-behalf, workflows-requests, authorized-keys-manage, settings-manage, settings-view, requests-view, certificates-view, webauthn-credentials-manage, mobilegw-view, mobilegw-manage, target-domains-view, target-domains-manage]

context object

Contextual limitation

enabledboolean

Are contextual limitations enabled

block_roleboolean

If set to true and contextual limitations do not allow role/object, then the role/object is blocked. Otherwise the role/object is granted and an audit event is triggered.

validitystring[]

Possible values: [MON, TUE, WED, THU, FRI, SAT, SUN]

start_timestring

Start time of day as HH:MM when contextual limit allows access

end_timestring

End time of day as HH:MM when contextual limit allows access

timezonestring

Time zone of start_time and end_time

ip_masksstring[]
typestring

role type

arnstring

role ARN

source_rules objectrequired

A source rule(s) definition. Can be a single rule or a rule group, in which case either "single" or "group" attributes are requrired

typestring

Is the source rule a single rule or a group

Possible values: [RULE, GROUP]

sourcestring

For single type, the ID of the source provider

search_stringstring

For single type, the search string at the source provider.

matchstring

For group type, should all or any of the rules in the rules array match

Possible values: [ALL, ANY]

rulesundefined[]

For group type, the rules array

tagsstring[]

Array of tag strings

sourcestring

Source of rule

member_countinteger

Role member count

role_request
{
"name": "string",
"comment": "A comment",
"permit_agent": true,
"access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"permissions": [
"licenses-manage"
],
"context": {
"enabled": true,
"block_role": true,
"validity": [
"MON"
],
"start_time": "string",
"end_time": "string",
"timezone": "string",
"ip_masks": [
"string"
]
},
"type": "string",
"arn": "string",
"source_rules": {
"type": "RULE",
"source": "string",
"search_string": "string",
"match": "ALL",
"rules": [
null
]
},
"tags": [
"string"
],
"source": "string",
"member_count": 0
}