Role Assignments

This contains APIs for CRUD on role assignments

Bulk Delete Role Assignment

Bulk delete role assignments by identifiers

Securityx-api-key
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:
required

List of role assigment identifiers to be deleted

Array
string
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Returns successfully/failed deleted roleassignment.

post/authz/api/roleassignments/delete/batch
Request samples
[
  • "string"
]
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Create Role Assignments

Create multiple role assignments in a scope. Returns all successfully created role assignments. Ignores failures and duplicates.

Securityx-api-key
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:
required

List of role assignments to create

required
Array of objects (AuthzRoleAssignment)
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Successfully created role assignments

post/authz/api/roleassignments/multi
Request samples
{
  • "roleAssignments": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List Role Assignments

List role assignments in the given scope

Securityx-api-key
Request
query Parameters
pageIndex
integer <int32>
Default: 0

Page Index of the results to fetch.Default Value: 0

pageSize
integer <int32> <= 100
Default: 50

Results per page(max 100)Default Value: 50

Array of objects (SortOrder)

Sort criteria for the elements.

pageToken
string

Page Token of the next results to fetch.Default Value: ''

accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the given scope

get/authz/api/roleassignments
Request samples
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Create Role Assignment

Creates role assignment within the specified scope.

Securityx-api-key
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:
required

These are details for the role assignment to create.

identifier
string
resourceGroupIdentifier
required
string
roleIdentifier
required
string
object (RoleReference)
required
object (AuthzPrincipal)
disabled
boolean
managed
boolean
internal
boolean
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

These are details of the created role assignment.

post/authz/api/roleassignments
Request samples
{
  • "identifier": "string",
  • "resourceGroupIdentifier": "string",
  • "roleIdentifier": "string",
  • "roleReference": {
    },
  • "principal": {
    },
  • "disabled": true,
  • "managed": true,
  • "internal": true
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Get Role Assignment

Get an existing role assignment by identifier

Securityx-api-key
Request
path Parameters
identifier
required
string

Identifier for role assignment

query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Get an existing role assignment by identifier in the given scope

get/authz/api/roleassignments/{identifier}
Request samples
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Delete Role Assignment

Delete an existing role assignment by identifier

Securityx-api-key
Request
path Parameters
identifier
required
string

Identifier for role assignment

query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Deleted role assignment

delete/authz/api/roleassignments/{identifier}
Request samples
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List Role Assignments by filter

List role assignments in the scope according to the given filter

Securityx-api-key
Request
query Parameters
pageIndex
integer <int32>
Default: 0

Page Index of the results to fetch.Default Value: 0

pageSize
integer <int32> <= 100
Default: 50

Results per page(max 100)Default Value: 50

Array of objects (SortOrder)

Sort criteria for the elements.

pageToken
string

Page Token of the next results to fetch.Default Value: ''

accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:
required

Filter role assignments based on multiple parameters.

resourceGroupFilter
Array of strings unique

Filter role assignments based on resource group identifiers

roleFilter
Array of strings unique

Filter role assignments based on role identifiers

Array of objects (RoleReference) unique

Filter role assignments based on roles

principalTypeFilter
Array of strings unique

Filter role assignments based on principal type

Items Enum: "USER" "USER_GROUP" "SERVICE_ACCOUNT"
principalScopeLevelFilter
Array of strings unique

Filter role assignments based on principal scope level

Array of objects (AuthzPrincipal) unique

Filter role assignments based on principals

harnessManagedFilter
Array of booleans unique

Filter role assignments based on role assignments being harness managed

disabledFilter
Array of booleans unique

Filter role assignments based on whether they are enabled or disabled

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the scope according to the given filter

post/authz/api/roleassignments/filter
Request samples
{
  • "resourceGroupFilter": [
    ],
  • "roleFilter": [
    ],
  • "roleReferenceFilter": [
    ],
  • "principalTypeFilter": [
    ],
  • "principalScopeLevelFilter": [
    ],
  • "principalFilter": [
    ],
  • "harnessManagedFilter": [
    ],
  • "disabledFilter": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List Aggregated Role Assignments by filter

List role assignments in the scope according to the given filter with added metadata

Securityx-api-key
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:
required

Filter role assignments based on multiple parameters.

resourceGroupFilter
Array of strings unique

Filter role assignments based on resource group identifiers

roleFilter
Array of strings unique

Filter role assignments based on role identifiers

Array of objects (RoleReference) unique

Filter role assignments based on roles

principalTypeFilter
Array of strings unique

Filter role assignments based on principal type

Items Enum: "USER" "USER_GROUP" "SERVICE_ACCOUNT"
principalScopeLevelFilter
Array of strings unique

Filter role assignments based on principal scope level

Array of objects (AuthzPrincipal) unique

Filter role assignments based on principals

harnessManagedFilter
Array of booleans unique

Filter role assignments based on role assignments being harness managed

disabledFilter
Array of booleans unique

Filter role assignments based on whether they are enabled or disabled

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the scope according to the given filter with added metadata.

post/authz/api/roleassignments/aggregate
Request samples
{
  • "resourceGroupFilter": [
    ],
  • "roleFilter": [
    ],
  • "roleReferenceFilter": [
    ],
  • "principalTypeFilter": [
    ],
  • "principalScopeLevelFilter": [
    ],
  • "principalFilter": [
    ],
  • "harnessManagedFilter": [
    ],
  • "disabledFilter": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List Role Assignments by scope filter

List role assignments in the scope according to the given filter

Securityx-api-key
Request
query Parameters
pageIndex
integer <int32>
Default: 0

Page Index of the results to fetch.Default Value: 0

pageSize
integer <int32> <= 100
Default: 50

Results per page(max 100)Default Value: 50

Array of objects (SortOrder)

Sort criteria for the elements.

pageToken
string

Page Token of the next results to fetch.Default Value: ''

accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:
resourceGroupFilter
Array of strings unique

Filter role assignments based on resource group identifiers

roleFilter
Array of strings unique

Filter role assignments based on role identifiers

Array of objects (RoleReference) unique

Filter role assignments based on roles

Array of objects (ScopeSelector) unique

Filter role assignments based on scope filters

object (AuthzPrincipal)
harnessManagedFilter
boolean

Filter role assignments based on role assignments being harness managed

disabledFilter
boolean

Filter role assignments based on whether they are enabled or disabled

principalTypeFilter
Array of strings unique

Filter role assignments based on principal type

Items Enum: "USER" "USER_GROUP" "SERVICE_ACCOUNT"
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the scope according to the given filter

post/authz/api/roleassignments/v2/filter
Request samples
{
  • "resourceGroupFilter": [
    ],
  • "roleFilter": [
    ],
  • "roleReferenceFilter": [
    ],
  • "scopeFilters": [
    ],
  • "principalFilter": {
    },
  • "harnessManagedFilter": true,
  • "disabledFilter": true,
  • "principalTypeFilter": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Validate Role Assignment

Check whether a proposed role assignment is valid.

Securityx-api-key
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:
required

This is the details of the role assignment for validation.

required
object (AuthzRoleAssignment)

Role Assignment to validate

validatePrincipal
boolean

Set it to true if the principal needs to be validated

validateRole
boolean

Set