📘
NOTE
Looking for a specific command? Use the Table of Contents on the right. ===>

Access Roles

create-role

Creates a new role

Usage

akeyless create-role -n <Role Name>

Parameters

Parameter	Mandatory	Description
`-n, --name`	Y	Role name.
`--comment`		Comment about the role.
`--audit-access`		Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
`--analytics-access`		Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
`--gw-analytics-access`		Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
`--sra-reports-access`		Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

get-role

Get role details

Usage

akeyless get-role -n <Role Name>

Parameters

Parameter	Mandatory	Description
`-n, --name`	Y	Role name.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

update-role

Update role details

Usage

akeyless update-role -n <Role name>

Parameters

Parameter	Mandatory	Description
`-n, --name`	Y	Role name.
`--new-name`		New role name.
`--new-comment`		New comment about the role.
`--audit-access`		Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
`--analytics-access`		Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
`--gw-analytics-access`		Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
`--sra-reports-access`		Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

list-roles

Returns a list of all roles in the account

Usage

akeyless list-roles --pagination-token

Parameters

Parameter	Mandatory	Description
`--filter`		Filter by role name or part of it
`--pagination-token`		Next page reference
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

delete-role

Delete a role

Usage

akeyless delete-role -n <Role Name>

Parameters

Parameter	Mandatory	Description
`-n, --name`	Y	Role name.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

delete-roles

Delete multiple roles from a given path

Usage

akeyless delete-roles -p <Path\to\roles>

Parameters

Parameter	Mandatory	Description
`-p, --path`	Y	Path to delete the roles from.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

set-role-rule

Set a rule to a role

Usage

akeyless set-role-rule -r <Role Name> -p <Role Path> -c <capabilties>

Mandatory Parameters

Parameter	Mandatory	Description
`-r, --role-name`	Y	The role name to be updated.
`-p, --path`	Y	The path the rule refers to
`-c, --capability`	Y	List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny].
`--rule-type[=item-rule]`		item-rule, target-rule, role-rule, auth-method-rule
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

delete-role-rule

Delete a rule from a role

Usage

akeyelss delete-role-rule -r <Role Name> -p <Role Path>

Parameters

Parameter	Mandatory	Description
`-r, --role-name`	Y	The role name to be updated.
`-p, --path`	Y	The path the rule refers to.
`--rule-type[=item-rule]`		item-rule, target-rule, role-rule, auth-method-rule
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

assoc-role-am

Create an association between role and auth method

Usage

akeyless assoc-role-am -r <Role Name> -a <Auth Name>

Parameters

Parameter	Mandatory	Description
`-r, --role-name`	Y	The role to associate.
`-a, --am-name`	Y	The auth method to associate.
`-s, --sub-claims`		Key/val of sub-claims, e.g group=admins,developers
`-c, --case-sensitive[=true]`		Treat sub-claims as case-sensitive
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

delete-assoc

Delete an association between role and auth method

Usage

akeyless delete-assoc -a <association id to be deleted>

Parameters

Parameter	Mandatory	Description
`-a, --assoc-id`	Y	The ID of the association to be deleted
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

update-assoc

Update the sub-claims of an association between the role and the auth method.

Usage

akeyless update-assoc -a <association id to be updated>

Parameters

Parameter	Mandatory	Description
`-a, --assoc-id`	Y	The ID of the association to be updated
`-s, --sub-claims`		Key/val of sub-claims, e.g group=admins,developers
`-c, --case-sensitive[=true]`		Treat sub-claims as case-sensitive
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

CLI Reference - Access Roles

📘
NOTE

Access Roles

create-role

Usage

Parameters

get-role

Usage

Parameters

update-role

Usage

Parameters

list-roles

Usage

Parameters

delete-role

Usage

Parameters

delete-roles

Usage

Parameters

set-role-rule

Usage

Mandatory Parameters

delete-role-rule

Usage

Parameters

assoc-role-am

Usage

Parameters

delete-assoc

Usage

Parameters

update-assoc

Usage

Parameters

📘NOTE

Access Roles

create-role

Usage

Parameters

get-role

Usage

Parameters

update-role

Usage

Parameters

list-roles

Usage

Parameters

delete-role

Usage

Parameters

delete-roles

Usage

Parameters

set-role-rule

Usage

Mandatory Parameters

delete-role-rule

Usage

Parameters

assoc-role-am

Usage

Parameters

delete-assoc

Usage

Parameters

update-assoc

Usage

Parameters

📘
NOTE