Show permitted roles
Lists the roles which have the named permission on a resource.
Kinds of resources
|
Kind |
Description |
|---|---|
|
User |
One unique human |
|
Host |
A single logical machine (in the broad sense, not just physical) |
|
Layer |
A collection of hosts that have the same privileges |
|
Group |
A collection of users and groups that have the same privileges |
|
Policy |
Privileges on policies enable a user to create and modify objects and permissions |
|
Variable |
A secret such as a password, API key, SSH key, etc. |
|
Webservice |
An HTTP(S) web service which performs sensitive operations |
|
Entity IDs must be URL-encoded |
URI
|
Any identifier included in the URL must be URL-encoded to be recognized by the Conjur API.
Examples:
|
Identifier |
URL-Encoded |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example with curl
Suppose your organization name is “myorg” and you want to find out which roles have execute privileges on the Variable db-password, and can thus fetch the secret:
|
Request Headers
|
Field |
Description |
Example |
|---|---|---|
|
Authorization |
Conjur access token |
Token token=“eyJkYX…Rhb=” |
Response
|
Code |
Description |
|---|---|
|
200 |
Permitted roles returned as a JSON list |
|
401 |
The request lacks valid authentication credentials |
|
403 |
The authenticated user lacks the necessary privilege |
|
404 |
The specified resource does not exist |
|
422 |
A request parameter was missing or invalid |
Example URI
|
URI Parameters
|
Parameter |
Type |
Mandatory |
Description |
|---|---|---|---|
|
account |
String |
Yes |
Organization account name Example: |
|
kind |
String |
Yes |
The kind of resource requested Example: |
|
identifier |
String |
Yes |
The identifier of the resource
|
|
privilege |
String |
Yes |
The roles permitted to exercise this privilege are shown Example: |
Request
Headers
|
Response 200
Headers
|
Body
|
