Skip to main content
Version: v41

role_request

A role definition

namestringrequired

Name of the role

commentstring

A comment describing the object

Example: A comment
permit_agentboolean

Permit agent

access_group_idstring<uuid>

Scopes host and connection permissions to an access group

permissionspermission (string)[]

Array of permissions

Possible values: [licenses-manage, api-clients-manage, idp-clients-view, idp-clients-manage, connections-view, connections-manage, connections-playback, connections-terminate, connections-manual, connections-trail, connections-authorize, ueba-view, ueba-manage, hosts-view, hosts-manage, privx-host-provisioning, network-targets-view, network-targets-manage, role-target-resources-view, role-target-resources-manage, roles-view, roles-manage, sources-view, sources-manage, sources-data-push, users-view, users-manage, logs-view, logs-manage, workflows-manage, workflows-view, vault-manage, vault-add, access-groups-manage, workflows-requests-on-behalf, workflows-requests, authorized-keys-manage, settings-manage, settings-view, requests-view, certificates-view, webauthn-credentials-manage, mobilegw-view, mobilegw-manage, target-domains-view, target-domains-manage]

context object

Contextual limitation

enabledboolean

Are contextual limitations enabled

block_roleboolean

If set to true and contextual limitations do not allow role/object, then the role/object is blocked. Otherwise the role/object is granted and an audit event is triggered.

validitystring[]

Possible values: [MON, TUE, WED, THU, FRI, SAT, SUN]

start_timestring

Start time of day as HH:MM when contextual limit allows access

end_timestring

End time of day as HH:MM when contextual limit allows access

timezonestring

Time zone of start_time and end_time

ip_masksstring[]
typestring

role type

arnstring

role ARN

source_rules objectrequired

A source rule(s) definition. Can be a single rule or a rule group, in which case either "single" or "group" attributes are requrired

typestring

Is the source rule a single rule or a group

Possible values: [RULE, GROUP]

sourcestring

For single type, the ID of the source provider

search_stringstring

For single type, the search string at the source provider.

matchstring

For group type, should all or any of the rules in the rules array match

Possible values: [ALL, ANY]

rulesundefined[]

For group type, the rules array

tagsstring[]

Array of tag strings

sourcestring

Source of rule

member_countinteger

Role member count

role_request
{
  "name": "string",
  "comment": "A comment",
  "permit_agent": true,
  "access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "permissions": [
    "licenses-manage"
  ],
  "context": {
    "enabled": true,
    "block_role": true,
    "validity": [
      "MON"
    ],
    "start_time": "string",
    "end_time": "string",
    "timezone": "string",
    "ip_masks": [
      "string"
    ]
  },
  "type": "string",
  "arn": "string",
  "source_rules": {
    "type": "RULE",
    "source": "string",
    "search_string": "string",
    "match": "ALL",
    "rules": [
      null
    ]
  },
  "tags": [
    "string"
  ],
  "source": "string",
  "member_count": 0
}