Skip to end of metadata
Go to start of metadata

Grant, grantedRole & allGrantedRoles

API

The objects grant, grantedRole and allGrantedRoles are used to assing roles to accounts and roles.

AttributeTypeDescription
idLonggrant id
grantedRoleStringgranted role name
grantedRoleSystemStringgranted role managed system (agent) name
grantedRoleIdLonggranted role id
domainValueStringgrant value (if any)
ownerAccountStringgrantee account name
ownerSystemStringgrantee account or role managed system name
ownerGroupStringgrantee group name
ownerRoleIdStringgrantee role id
ownerRoleNameStringgrantee role name
ownerUserStringgrantee user name
grantedRoleObjectrole objectgranted role
ownerAccountObjectaccount objectgrantee account

 

Examples

Grant

Example to map a grant object (assign a role to an account):

System attributeDirectionSoffid attribute
role_name=>grantedRole
account_name=>ownerAccount

 

GrantedRole

Example to map a grantedRole object (assign a role as a child of another role):

System attributeDirectionSoffid attribute
role_name=>grantedRole
parent_role_name=>ownerRoleName

 

AllGrantedRoles

Example to map a allGrantedRoles object in a holderGroup (assign a role to an account in a specific group):

System attributeDirectionSoffid attribute
role_name=>grantedRole
parent_role_name=>ownerRoleName
group_code=>domainValue
group_code=>holderGroup
userName=>ownerUser

 

 

 

 

  • No labels