user
A user object
The UUID of the returned object
eef4aefc-d64e-4c2c-aba4-4914c86ce059
The originating unique identifer for the user (UUID from local user store, principal from LDAP, ..) - only returned by the Role Store API
When the object was created
2017-01-01T15:05:05Z
When the object was created
2017-01-01T15:05:05Z
ID of the user who updated the object
eef4aefc-d64e-4c2c-aba4-4914c86ce059
ID of the user who originally authored the object
eef4aefc-d64e-4c2c-aba4-4914c86ce059
A comment describing the object
A comment
Array of tag strings
The principal name of the user. For IAM Local User Store users, the username.
The distinguished name of the user
First name
Full name
Job title
Company
Department
Email address
Phone number
User's locale. Language code ISO 639-1 & country code ISO 3166-1 separated by a "_"
fi_FI
roles object[]
The array of role IDs the user has. Boolean "explicit" denotes whether the role is granted explicitly or implicitly via a mapping.
A comment describing the object
A comment
Principal public keys, returned only from /users/resolve
Permit agent, returned only from /users/resolve
Scopes host and connection permissions to an access group
Array of permissions
Possible values: [licenses-manage
, api-clients-manage
, idp-clients-view
, idp-clients-manage
, connections-view
, connections-manage
, connections-playback
, connections-terminate
, connections-manual
, connections-trail
, connections-authorize
, ueba-view
, ueba-manage
, hosts-view
, hosts-manage
, privx-host-provisioning
, network-targets-view
, network-targets-manage
, role-target-resources-view
, role-target-resources-manage
, roles-view
, roles-manage
, sources-view
, sources-manage
, sources-data-push
, users-view
, users-manage
, logs-view
, logs-manage
, workflows-manage
, workflows-view
, vault-manage
, vault-add
, access-groups-manage
, workflows-requests-on-behalf
, workflows-requests
, authorized-keys-manage
, settings-manage
, settings-view
, requests-view
, certificates-view
, webauthn-credentials-manage
, mobilegw-view
, mobilegw-manage
, target-domains-view
, target-domains-manage
]
context object
Contextual limitation
Are contextual limitations enabled
If set to true and contextual limitations do not allow role/object, then the role/object is blocked. Otherwise the role/object is granted and an audit event is triggered.
Possible values: [MON
, TUE
, WED
, THU
, FRI
, SAT
, SUN
]
Start time of day as HH:MM when contextual limit allows access
End time of day as HH:MM when contextual limit allows access
Time zone of start_time and end_time
Is the role explicitly granted to the user
false
Has the user implicitly gained the role or not.
false
false
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window.
Possible values: [PERMANENT
, TIME_RESTRICTED
, FLOATING
]
grant_validity_periods object[]
Array of validity periods for this role. This array replaces grant_start and grant_end attributes in role object.
Date & time after which the role is granted to the user in ISO8601
2017-01-01T15:05:05Z
Date & time after which the role is removed from the user in ISO8601
2017-01-02T15:05:05Z
Duration for which the grant should last after initial connection, specified in hours
24
attributes object[]
Custom user attributes array.
aws_account
admin-bob
Array of permissions
Possible values: [licenses-manage
, api-clients-manage
, idp-clients-view
, idp-clients-manage
, connections-view
, connections-manage
, connections-playback
, connections-terminate
, connections-manual
, connections-trail
, connections-authorize
, ueba-view
, ueba-manage
, hosts-view
, hosts-manage
, privx-host-provisioning
, network-targets-view
, network-targets-manage
, role-target-resources-view
, role-target-resources-manage
, roles-view
, roles-manage
, sources-view
, sources-manage
, sources-data-push
, users-view
, users-manage
, logs-view
, logs-manage
, workflows-manage
, workflows-view
, vault-manage
, vault-add
, access-groups-manage
, workflows-requests-on-behalf
, workflows-requests
, authorized-keys-manage
, settings-manage
, settings-view
, requests-view
, certificates-view
, webauthn-credentials-manage
, mobilegw-view
, mobilegw-manage
, target-domains-view
, target-domains-manage
]
Source ID
mfa object
Possible values: [ENABLED
, DISABLED
, UNINITIALIZED
]
seed object
The MFA seed in textual format
The MFA-seed QR code in base64 encoded format (PNG file)
The access token used for fetching the user object has permissions that are out of sync. The requester should refresh the access token before the next REST API call. This field is set only by /users/current endpoint.
authorized_keys object[]
Unique identifier for authorized key
2765b005-4ce1-4b2b-a9ca-ee6c4d6f2792
Username of the authorized key owner
joe@privx.com
User id of the authorized key owner
f2f448d8-0397-4894-982f-9a58a43921db
User source ID
Name for authorized key
work
Comment for authorized key
Joe's work laptop key
Public key data in ssh authorized key format
AAAAB3NzaC1yc2EAAAADAQABAAABAQDqoMogqErOw7lL3GD6Ez7Hv1FZBk0Iyk2pBFUhqb9sjY9IEw8P9OWFwLMhWQ4LNvekPAnmr03pMHSSP7Pw98+Izy0HxcHZGKcrDOIjnHF5Fog3w4rBYa6OxdcJRxctifx5szqmM4JkUNS1RJY5E4ns4xCgFV46Satph02M+eP9PXGh+ZecSNtdLoOovVuolEUdb8dINgto8zsjEuAQ+76qOEgAIuSsYlzGGZPyPnATtkUi/rK9fcAfbhSqSXNxFqf7wejEKwA1kFt8hSW2bUWJH268fqnejFwHjBTzjBw89dji6141ajAP8/Q2gZug0bb1U70PE4afE3fFh2VCfhwT
Start of key validity period
2020-07-31T17:32:28Z
End of key validity period
2022-07-31T17:32:28Z
Time in seconds to key expiry. Value is not set if key is not yet valid.
webauthn_credentials object[]
Credential UUID
Webauthn credential ID
Credential name
Optional comment
Timestamp of last login event using this credential
2017-01-01T15:05:05Z
Creation timestamp
2017-01-01T15:05:05Z
ID of the user who originally authored the object
Update timestamp
2017-01-01T15:05:05Z
ID of the user who updated the object
eef4aefc-d64e-4c2c-aba4-4914c86ce059
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"comment": "A comment",
"tags": [
"string"
],
"principal": "string",
"distinguished_name": "string",
"given_name": "string",
"full_name": "string",
"job_title": "string",
"company": "string",
"department": "string",
"email": "string",
"telephone": "string",
"locale": "fi_FI",
"roles": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string",
"comment": "A comment",
"principal_public_key_strings": [
"string"
],
"permit_agent": true,
"access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"permissions": [
"licenses-manage"
],
"context": {
"enabled": true,
"block_role": true,
"validity": [
"MON"
],
"start_time": "string",
"end_time": "string",
"timezone": "string",
"ip_masks": [
"string"
]
},
"explicit": false,
"implicit": false,
"system": false,
"grant_type": "PERMANENT",
"grant_validity_periods": [
{
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-02T15:05:05Z"
}
],
"floating_length": 24
}
],
"attributes": [
{
"key": "aws_account",
"value": "admin-bob"
}
],
"permissions": [
"licenses-manage"
],
"source": "string",
"mfa": {
"status": "ENABLED",
"seed": {
"seed_string": "string",
"seed_qr_code": "string"
}
},
"stale_access_token": true,
"authorized_keys": [
{
"id": "2765b005-4ce1-4b2b-a9ca-ee6c4d6f2792",
"username": "joe@privx.com",
"user_id": "f2f448d8-0397-4894-982f-9a58a43921db",
"source": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "work",
"comment": "Joe's work laptop key",
"public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDqoMogqErOw7lL3GD6Ez7Hv1FZBk0Iyk2pBFUhqb9sjY9IEw8P9OWFwLMhWQ4LNvekPAnmr03pMHSSP7Pw98+Izy0HxcHZGKcrDOIjnHF5Fog3w4rBYa6OxdcJRxctifx5szqmM4JkUNS1RJY5E4ns4xCgFV46Satph02M+eP9PXGh+ZecSNtdLoOovVuolEUdb8dINgto8zsjEuAQ+76qOEgAIuSsYlzGGZPyPnATtkUi/rK9fcAfbhSqSXNxFqf7wejEKwA1kFt8hSW2bUWJH268fqnejFwHjBTzjBw89dji6141ajAP8/Q2gZug0bb1U70PE4afE3fFh2VCfhwT",
"not_before": "2020-07-31T17:32:28Z",
"not_after": "2022-07-31T17:32:28Z",
"expires_in": 0,
"source_address": [
"192.168.100.0/24"
],
"fingerprints": [
"SHA256:bdeYZ2qiEwCOCuf0oTvya/aH4Vo+nJLIauDKm/D8btM"
]
}
],
"webauthn_credentials": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"credential_id": "string",
"name": "string",
"comment": "string",
"last_used": "2017-01-01T15:05:05Z",
"created": "2017-01-01T15:05:05Z",
"author": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
}
]
}