CLI Reference - Access Roles
NOTE
Looking for a specific command? Use the Table of Contents on the right. ===>
Access Roles
create-role
create-role
Creates a new role
Usage
akeyless create-role -n <Role Name>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | Role name. |
| Comment about the role. | |
| Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods. | |
| Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods. | |
| Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods. | |
| Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported. | |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
get-role
get-role
Get role details
Usage
akeyless get-role -n <Role Name>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | Role name. |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
update-role
update-role
Update role details
Usage
akeyless update-role -n <Role name>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | Role name. |
| New role name. | |
| New comment about the role. | |
| Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods. | |
| Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods. | |
| Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods. | |
| Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported. | |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
list-roles
list-roles
Returns a list of all roles in the account
Usage
akeyless list-roles --pagination-token
Parameters
Parameter | Mandatory | Description |
---|---|---|
| Filter by role name or part of it | |
| Next page reference | |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
delete-role
delete-role
Delete a role
Usage
akeyless delete-role -n <Role Name>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | Role name. |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
delete-roles
delete-roles
Delete multiple roles from a given path
Usage
akeyless delete-roles -p <Path\to\roles>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | Path to delete the roles from. |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
set-role-rule
set-role-rule
Set a rule to a role
Usage
akeyless set-role-rule -r <Role Name> -p <Role Path> -c <capabilties>
Mandatory Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | The role name to be updated. |
| **Y** | The path the rule refers to |
| **Y** | List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny]. |
| item-rule, target-rule, role-rule, auth-method-rule | |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
delete-role-rule
delete-role-rule
Delete a rule from a role
Usage
akeyelss delete-role-rule -r <Role Name> -p <Role Path>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | The role name to be updated. |
| **Y** | The path the rule refers to. |
| item-rule, target-rule, role-rule, auth-method-rule | |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
assoc-role-am
assoc-role-am
Create an association between role and auth method
Usage
akeyless assoc-role-am -r <Role Name> -a <Auth Name>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | The role to associate. |
| **Y** | The auth method to associate. |
| Key/val of sub-claims, e.g group=admins,developers | |
| Treat sub-claims as case-sensitive | |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
delete-assoc
delete-assoc
Delete an association between role and auth method
Usage
akeyless delete-assoc -a <association id to be deleted>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | The ID of the association to be deleted |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
update-assoc
update-assoc
Update the sub-claims of an association between the role and the auth method.
Usage
akeyless update-assoc -a <association id to be updated>
Parameters
Parameter | Mandatory | Description |
---|---|---|
| **Y** | The ID of the association to be updated |
| Key/val of sub-claims, e.g group=admins,developers | |
| Treat sub-claims as case-sensitive | |
| Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token. | |
| The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens. | |
| Sets output format to JSON. It is used when working with SDKs. |
Updated 12 days ago