Role

The Role table contains all roles that have been defined for the tenant.

ColumnTypeDescription
IDStringRole's UUID (primary key)
NameStringRole's name
RoleTypeStringRole's type: PrincipalList, Everybody, or Script.
ReadOnlyBooleanWhether role is read only.
DescriptionLocalized StringRole's localized description

Obtaining all Roles of a Specific Role Type

The following query returns Roles from the Role table that are of the PrincipalList type, ordered by Name:

POST https://mytenant.centrify.com/Redrock/query

{  
    Script: "Select * from Role 
    WHERE RoleType = 'PrincipalList' 
    ORDER BY Name COLLATE NOCASE"
}

Role table query response:

{
    "success": true,
    "Result": {
        "IsAggregate": false,
        "Count": 79,
        "Columns": [
            {
                "Name": "Description",
                "IsHidden": false,
                "DDName": "Description",
                "Title": "Description",
                "DDTitle": "Description",
                "Description": null,
                "Type": 12,
                "Format": null,
                "Width": 0,
                "TableKey": "NotAKey",
                "ForeignKey": null,
                "TableName": "Role"
            },
            ...
        ],
        "FullCount": 79,
        "Results": [
            {
                "Entities": [
                    {
                        "Type": "Role",
                        "Key": "ccbf30c...",
                        "IsForeignKey": false
                    }
                ],
                "Row": {
                    "Name": "admin portal",
                    "ID": "ccbf30c...",
                    "Description": null,
                    "_MatchFilter": null,
                    "RoleType": "PrincipalList",
                    "ReadOnly": false,
                    "DirectoryServiceUuid": "09B9A9B0..."
                }
            },
            ...
       ],
        "ReturnID": ""
    },
    "Message": null,
    "MessageID": null,
    "Exception": null,
    "ErrorID": null,
    "ErrorCode": null,
    "InnerExceptions": null
}

Obtaining Immediate Child Roles

The /SaasManage/GetRoleMembers endpoint can be used to obtain all child roles for a specified role type. Pass the ID from a row entity returned from the query above via the Name parameter to obtain child roles. The following example request shows the ID from the result of the previous query being passed in via the Name parameter to /SaasManage/GetRoleMembers:

POST https://mytenant.centrify.com/SaasManage/GetRoleMembers?Name=ccbf30c...

The following shows the response to the /SaasManage/GetRoleMembers request:

{
    "success": true,
    "Result": {
        "IsAggregate": false,
        "Count": 1,
        "Columns": [
            {
                "Name": "Name",
                "IsHidden": false,
                "DDName": null,
                "Title": "Name",
                "DDTitle": null,
                "Description": null,
                "Type": 12,
                "Format": null,
                "Width": 17,
                "TableKey": null,
                "ForeignKey": null,
                "TableName": null
            },
            ...
        ],
        "FullCount": 1,
        "Results": [
            {
                "Entities": [
                    {
                        "Type": "??",
                        "Key": "??",
                        "IsForeignKey": false
                    }
                ],
                "Row": {
                    "Name": "[email protected]",
                    "Guid": "cee2bfa4...",
                    "Type": "User"
                }
            }
        ],
        "ReturnID": ""
    },
    "Message": null,
    "MessageID": null,
    "Exception": null,
    "ErrorID": null,
    "ErrorCode": null,
    "InnerExceptions": null
}

See Also