CLI Reference - Access Roles

Access Roles

create-role

Creates a new role

Usage
akeyless create-role -n <Role Name>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Role name.

--comment

Comment about the role.

--audit-access

Sets access for viewing audit logs. Possible values: none, own, all.

--analytics-access

Sets access for viewing analytics dashboards. Possible values: none, own, all.

--gw-analytics-access

Sets access for viewing Gateway settings. Possible values: none, own, all.

--sra-reports-access

Sets access for viewing Secure Remote Access information. Possible values: none, own, all.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

get-role

Get role details

Usage
akeyless get-role -n <Role Name>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Role name.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

update-role

Update role details

Usage
akeyless update-role -n <Role name>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Role name.

--new-name

New role name.

--new-comment

New comment about the role.

--audit-access

Sets access for viewing audit logs. Possible values: none, own, all.

--analytics-access

Sets access for viewing analytics dashboards. Possible values: none, own, all.

--gw-analytics-access

Sets access for viewing Gateway settings. Possible values: none, own, all.

--sra-reports-access

Sets access for viewing Secure Remote Access information. Possible values: none, own, all.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

list-roles

Returns a list of all roles in the account

Usage
akeyless list-roles --pagination-token
Parameters

Parameter

Mandatory

Description

--filter

Filter by role name or part of it

--pagination-token

Next page reference

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

delete-role

Delete a role

Usage
akeyless delete-role -n <Role Name>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Role name.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

delete-roles

Delete multiple roles from a given path

Usage
akeyless delete-roles -p <Path\to\roles>
Parameters

Parameter

Mandatory

Description

-p, --path

**Y**

Path to delete the roles from.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

set-role-rule

Set a rule to a role

Usage
akeyless set-role-rule -r <Role Name> -p <Role Path> -c <Permission>
Parameters

Parameter

Mandatory

Description

-r, --role-name

**Y**

The name of the Role to which you're adding the new rule.

-p, --path

**Y**

The path on which you're setting permissions.

-c, --capability

**Y**

A permission to be set on the path. Possible values: read, create, update, delete, list, deny. If you need to set several permissions, use this parameter several times.

--rule-type[=item-rule]

A type of the item for which permissions are defined. Possible values: item-rule - for Secrets & Keys, target-rule - for Targets, role-rule - for Access Roles, auth-method-rule - for Authentication Methods. By default, permissions are set only for Secrets & Keys.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

delete-role-rule

Delete a rule from a role

Usage
akeyelss delete-role-rule -r <Role Name> -p <Role Path>
Parameters

Parameter

Mandatory

Description

-r, --role-name

**Y**

The name of the Role from which you're deleting the rule.

-p, --path

**Y**

The path on which you're deleting permissions.

--rule-type[=item-rule]

A type of the item for which permissions are deleted. Possible values: item-rule - for Secrets & Keys, target-rule - for Targets, role-rule - for Access Role, auth-method-rule - for Authentication Methods. By default, permissions are deleted only for Secrets & Keys.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

assoc-role-am

Create an association between role and auth method

Usage
akeyless assoc-role-am -r <Role Name> -a <Auth Name>
Parameters

Parameter

Mandatory

Description

-r, --role-name

**Y**

The name of the Access Role you want to assign to the Authentication Method.

-a, --am-name

**Y**

The name of the Authentication Method you want to link with the Access Role.

-s, --sub-claims

User attributes (sub-claims) in a key=value format (e.g., group=admins,developers).

-c, --case-sensitive[=true]

Treat sub-claims as case-sensitive.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

delete-assoc

Delete an association between role and auth method

Usage
akeyless delete-assoc -a <association ID to be deleted>
Parameters

Parameter

Mandatory

Description

-a, --assoc-id

**Y**

The ID of the link between the Access Role and the Authentication Method (e.g., ass-nmvi62aw6wcvz9btc48c). You can find this ID using either the get-role or the get-auth-method command.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

update-assoc

Update the sub-claims of an association between the role and the auth method.

Usage
akeyless update-assoc -a <association ID to be updated>
Parameters

Parameter

Mandatory

Description

-a, --assoc-id

**Y**

The ID of the link between the Access Role and the Authentication Method (e.g., ass-nmvi62aw6wcvz9btc48c). You can find this ID using either the get-role or the get-auth-method command.

-s, --sub-claims

User attributes (sub-claims) in a key=value format (e.g., group=admins,developers).

-c, --case-sensitive[=true]

Treat sub-claims as case-sensitive.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.


Did this page help you?