Show a Role

Gets detailed information about a specific role, including the role members.

If a role A is granted to a role B, then role A is said to have role B as a member. These relationships are described in the “members” portion of the returned JSON.

Kinds of roles

Kind

Description

User

one unique human

Host

a single logical machine (in the broad sense, not just physical)

Layer

a collection of hosts that have the same privileges

Group

a collection of users and groups that have the same privileges

Policy

a role which owns of a set of related objects

 

Entity IDs must be URL-encoded

URI

 
GET /roles/{account}/{kind}/{identifier}

Any identifier included in the URL must be URL-encoded to be recognized by the Conjur API.

Examples:

Identifier

URL-Encoded

myapp-01

myapp-01(no change)

alice@devops

alice%40devops

prod/aws/db-password

prod%2Faws%2Fdb-password

research+development

research%2Bdevelopment

sales&marketing

sales%26marketing

Example with curl and jq

Suppose your account is “myorg” and you want to get information about the user “alice”:

 
curl -H "$(conjur authn authenticate -H)" \
     https://eval.conjur.org/roles/myorg/user/alice \
     | jq .

Headers

Field

Description

Example

Authorization

Conjur access token

Token token=“eyJkYX…Rhb=”

Response

Code

Description

200

The response body contains the requested role

401

The request lacks valid authentication credentials

403

The authenticated user lacks the necessary privilege

404

The requested role does not exist

Example URI

Supposing the requested role is a user named “otto” at an organization called “myorg”:

 
GET /roles/myorg/user/otto

URI Parameters

Parameter

Type

Mandatory

Description

account

String

Yes

Organization account name

Example: myorg

kind

String

Yes

kind of role requested

Example: user

identifier

String

Yes

identifier of the role

Example: otto

Request

Headers

 
Authorization: Token token="eyJkYX...Rhb="

Response 200

Headers

 
Content-Type: application/json

Body

 
{
  "created_at": "2017-08-02T18:18:42.346+00:00",
  "id": "myorg:user:alice",
  "policy": "myorg:policy:root",
  "members": [
    {
      "admin_option": true,
      "ownership": true,
      "role": "myorg:user:alice",
      "member": "myorg:policy:root",
      "policy": "myorg:policy:root"
    }
  ]
}