Access Roles

create-role

Creates a new role

Usage

akeyless create-role -n <Role Name>

Parameters

Parameter	Mandatory	Description
`-n, --name`	Y	Role name.
`--comment`		Comment about the role.
`--audit-access`		Sets access for viewing audit logs. Possible values: none, own, all.
`--analytics-access`		Sets access for viewing analytics dashboards. Possible values: none, own, all.
`--gw-analytics-access`		Sets access for viewing Gateway settings. Possible values: none, own, all.
`--sra-reports-access`		Sets access for viewing Secure Remote Access information. Possible values: none, own, all.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

get-role

Get role details

Usage

akeyless get-role -n <Role Name>

Parameters

Parameter	Mandatory	Description
`-n, --name`	Y	Role name.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

update-role

Update role details

Usage

akeyless update-role -n <Role name>

Parameters

Parameter	Mandatory	Description
`-n, --name`	Y	Role name.
`--new-name`		New role name.
`--new-comment`		New comment about the role.
`--audit-access`		Sets access for viewing audit logs. Possible values: none, own, all.
`--analytics-access`		Sets access for viewing analytics dashboards. Possible values: none, own, all.
`--gw-analytics-access`		Sets access for viewing Gateway settings. Possible values: none, own, all.
`--sra-reports-access`		Sets access for viewing Secure Remote Access information. Possible values: none, own, all.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

list-roles

Returns a list of all roles in the account

Usage

akeyless list-roles --pagination-token

Parameters

Parameter	Mandatory	Description
`--filter`		Filter by role name or part of it
`--pagination-token`		Next page reference
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

delete-role

Delete a role

Usage

akeyless delete-role -n <Role Name>

Parameters

Parameter	Mandatory	Description
`-n, --name`	Y	Role name.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

delete-roles

Delete multiple roles from a given path

Usage

akeyless delete-roles -p <Path\to\roles>

Parameters

Parameter	Mandatory	Description
`-p, --path`	Y	Path to delete the roles from.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

set-role-rule

Set a rule to a role

Usage

akeyless set-role-rule -r <Role Name> -p <Role Path> -c <Permission>

Parameters

Parameter	Mandatory	Description
`-r, --role-name`	Y	The name of the Role to which you're adding the new rule.
`-p, --path`	Y	The path on which you're setting permissions.
`-c, --capability`	Y	A permission to be set on the path. Possible values: read, create, update, delete, list, deny. If you need to set several permissions, use this parameter several times.
`--rule-type[=item-rule]`		A type of the item for which permissions are defined. Possible values: `item-rule` - for Secrets & Keys, `target-rule` - for Targets, `role-rule` - for Access Roles, `auth-method-rule` - for Authentication Methods. By default, permissions are set only for Secrets & Keys.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

delete-role-rule

Delete a rule from a role

Usage

akeyelss delete-role-rule -r <Role Name> -p <Role Path>

Parameters

Parameter	Mandatory	Description
`-r, --role-name`	Y	The name of the Role from which you're deleting the rule.
`-p, --path`	Y	The path on which you're deleting permissions.
`--rule-type[=item-rule]`		A type of the item for which permissions are deleted. Possible values: `item-rule` - for Secrets & Keys, `target-rule` - for Targets, `role-rule` - for Access Role, `auth-method-rule` - for Authentication Methods. By default, permissions are deleted only for Secrets & Keys.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

assoc-role-am

Create an association between role and auth method

Usage

akeyless assoc-role-am -r <Role Name> -a <Auth Name>

Parameters

Parameter	Mandatory	Description
`-r, --role-name`	Y	The name of the Access Role you want to assign to the Authentication Method.
`-a, --am-name`	Y	The name of the Authentication Method you want to link with the Access Role.
`-s, --sub-claims`		User attributes (sub-claims) in a key=value format (e.g., group=admins,developers).
`-c, --case-sensitive[=true]`		Treat sub-claims as case-sensitive.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

delete-assoc

Delete an association between role and auth method

Usage

akeyless delete-assoc -a <association ID to be deleted>

Parameters

Parameter	Mandatory	Description
`-a, --assoc-id`	Y	The ID of the link between the Access Role and the Authentication Method (e.g., `ass-nmvi62aw6wcvz9btc48c`). You can find this ID using either the `get-role` or the `get-auth-method` command.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.

update-assoc

Update the sub-claims of an association between the role and the auth method.

Usage

akeyless update-assoc -a <association ID to be updated>

Parameters

Parameter	Mandatory	Description
`-a, --assoc-id`	Y	The ID of the link between the Access Role and the Authentication Method (e.g., `ass-nmvi62aw6wcvz9btc48c`). You can find this ID using either the `get-role` or the `get-auth-method` command.
`-s, --sub-claims`		User attributes (sub-claims) in a key=value format (e.g., group=admins,developers).
`-c, --case-sensitive[=true]`		Treat sub-claims as case-sensitive.
`--profile` or `--token`		Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.
`--uid-token`		The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.
`--json[=false]`		Sets output format to JSON. It is used when working with SDKs.