CLI Reference - Access Roles

📘

NOTE

Looking for a specific command? Use the Table of Contents on the right. ===>

Access Roles

create-role

Creates a new role

Usage
akeyless create-role -n <Role Name>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Role name.

--comment

Comment about the role.

--audit-access

Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.

--analytics-access

Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.

--gw-analytics-access

Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.

--sra-reports-access

Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

get-role

Get role details

Usage
akeyless get-role -n <Role Name>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Role name.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

update-role

Update role details

Usage
akeyless update-role -n <Role name>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Role name.

--new-name

New role name.

--new-comment

New comment about the role.

--audit-access

Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.

--analytics-access

Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.

--gw-analytics-access

Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.

--sra-reports-access

Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

list-roles

Returns a list of all roles in the account

Usage
akeyless list-roles --pagination-token
Parameters

Parameter

Mandatory

Description

--filter

Filter by role name or part of it

--pagination-token

Next page reference

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

delete-role

Delete a role

Usage
akeyless delete-role -n <Role Name>
Parameters

Parameter

Mandatory

Description

-n, --name

**Y**

Role name.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

delete-roles

Delete multiple roles from a given path

Usage
akeyless delete-roles -p <Path\to\roles>
Parameters

Parameter

Mandatory

Description

-p, --path

**Y**

Path to delete the roles from.

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

set-role-rule

Set a rule to a role

Usage
akeyless set-role-rule -r <Role Name> -p <Role Path> -c <capabilties>
Mandatory Parameters

Parameter

Mandatory

Description

-r, --role-name

**Y**

The role name to be updated.

-p, --path

**Y**

The path the rule refers to

-c, --capability

**Y**

List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny].

--rule-type[=item-rule]

item-rule, target-rule, role-rule, auth-method-rule

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

delete-role-rule

Delete a rule from a role

Usage
akeyelss delete-role-rule -r <Role Name> -p <Role Path>
Parameters

Parameter

Mandatory

Description

-r, --role-name

**Y**

The role name to be updated.

-p, --path

**Y**

The path the rule refers to.

--rule-type[=item-rule]

item-rule, target-rule, role-rule, auth-method-rule

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

assoc-role-am

Create an association between role and auth method

Usage
akeyless assoc-role-am -r <Role Name> -a <Auth Name>
Parameters

Parameter

Mandatory

Description

-r, --role-name

**Y**

The role to associate.

-a, --am-name

**Y**

The auth method to associate.

-s, --sub-claims

Key/val of sub-claims, e.g group=admins,developers

-c, --case-sensitive[=true]

Treat sub-claims as case-sensitive

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

delete-assoc

Delete an association between role and auth method

Usage
akeyless delete-assoc -a <association id to be deleted>
Parameters

Parameter

Mandatory

Description

-a, --assoc-id

**Y**

The ID of the association to be deleted

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.

update-assoc

Update the sub-claims of an association between the role and the auth method.

Usage
akeyless update-assoc -a <association id to be updated>
Parameters

Parameter

Mandatory

Description

-a, --assoc-id

**Y**

The ID of the association to be updated

-s, --sub-claims

Key/val of sub-claims, e.g group=admins,developers

-c, --case-sensitive[=true]

Treat sub-claims as case-sensitive

--profile or --token

Use a specific Akeyless profile (located at $HOME/.akeyless/profiles) or a temporary access token.

--uid-token

The Universal Identity token. You need to be authenticated and authorized to manage access roles, so, when working with SDKs, authentication is usually performed using Universal Identity tokens.

--json[=false]

Sets output format to JSON. It is used when working with SDKs.


Did this page help you?