Role

The Role table contains all roles that have been defined for the tenant.

Column

Type

Description

ID

String

Role's UUID (primary key)

Name

String

Role's name

RoleType

String

Role's type: PrincipalList, Everybody, or Script.

ReadOnly

Boolean

Whether role is read only.

Description

Localized String

Role's localized description

Obtaining all Roles of a Specific Role Type

The following query returns Roles from the Role table that are of the PrincipalList type, ordered by Name:

POST https://mytenant.centrify.com/Redrock/query

{  
    Script: "Select * from Role 
    WHERE RoleType = 'PrincipalList' 
    ORDER BY Name COLLATE NOCASE"
}

Role table query response:

{
    "success": true,
    "Result": {
        "IsAggregate": false,
        "Count": 79,
        "Columns": [
            {
                "Name": "Description",
                "IsHidden": false,
                "DDName": "Description",
                "Title": "Description",
                "DDTitle": "Description",
                "Description": null,
                "Type": 12,
                "Format": null,
                "Width": 0,
                "TableKey": "NotAKey",
                "ForeignKey": null,
                "TableName": "Role"
            },
            ...
        ],
        "FullCount": 79,
        "Results": [
            {
                "Entities": [
                    {
                        "Type": "Role",
                        "Key": "ccbf30c...",
                        "IsForeignKey": false
                    }
                ],
                "Row": {
                    "Name": "admin portal",
                    "ID": "ccbf30c...",
                    "Description": null,
                    "_MatchFilter": null,
                    "RoleType": "PrincipalList",
                    "ReadOnly": false,
                    "DirectoryServiceUuid": "09B9A9B0..."
                }
            },
            ...
       ],
        "ReturnID": ""
    },
    "Message": null,
    "MessageID": null,
    "Exception": null,
    "ErrorID": null,
    "ErrorCode": null,
    "InnerExceptions": null
}

Obtaining Immediate Child Roles

The /SaasManage/GetRoleMembers endpoint can be used to obtain all child roles for a specified role type. Pass the ID from a row entity returned from the query above via the Name parameter to obtain child roles. The following example request shows the ID from the result of the previous query being passed in via the Name parameter to /SaasManage/GetRoleMembers:

POST https://mytenant.centrify.com/SaasManage/GetRoleMembers?Name=ccbf30c...

The following shows the response to the /SaasManage/GetRoleMembers request:

{
    "success": true,
    "Result": {
        "IsAggregate": false,
        "Count": 1,
        "Columns": [
            {
                "Name": "Name",
                "IsHidden": false,
                "DDName": null,
                "Title": "Name",
                "DDTitle": null,
                "Description": null,
                "Type": 12,
                "Format": null,
                "Width": 17,
                "TableKey": null,
                "ForeignKey": null,
                "TableName": null
            },
            ...
        ],
        "FullCount": 1,
        "Results": [
            {
                "Entities": [
                    {
                        "Type": "??",
                        "Key": "??",
                        "IsForeignKey": false
                    }
                ],
                "Row": {
                    "Name": "[email protected]",
                    "Guid": "cee2bfa4...",
                    "Type": "User"
                }
            }
        ],
        "ReturnID": ""
    },
    "Message": null,
    "MessageID": null,
    "Exception": null,
    "ErrorID": null,
    "ErrorCode": null,
    "InnerExceptions": null
}

See Also