GET Security Roles

The GET /Security/Roles method is used to return the list of security roles configured in Keyfactor Command. This method returns HTTP 200 OK on a success with the details of the security roles.

Tip:  The following permissions (see Security Overview) are required to use this feature:

SecuritySettings: Read

Table 474: GET Security Roles Input Parameters

Name In Description
validate Query

A boolean that specifies whether the optional parameter of validate is false, which allows the AuditXML validation to be skipped when loading records, or true (or not specified) in which case validation will occur. The default is true.

queryString Query

A string containing a query to limit the results (e.g. field1 -eq value1 AND field2 -gt value2). The default is to return all records. Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns for the same feature. For querying guidelines, refer to the Keyfactor Command Reference GuideUsing the Security Role Search Feature. The query fields supported for this endpoint are:

  • Name
pageReturned Query An integer that specifies how many multiples of the returnLimit to skip and offset by before returning results, to enable paging. The default is 1.
returnLimit Query An integer that specifies how many results to return per page. The default is 50.
sortField Query A string containing the property by which the results should be sorted. Fields available for sorting through the API for the most part match those that appear as sortable columns in the Keyfactor Command Management Portal. The default sort field is Name.
sortAscending Query An integer that sets the sort order on the returned results. A value of 0 sorts results in ascending order while a value of 1 sorts results in descending order. The default is ascending.

Table 475: GET Security Roles Response Data

Name Description
Id An integer containing the Keyfactor Command identifier for the security role.
Name A string containing the short reference name for the security role.
Description A string containing the description for the security role.
Enabled

A Boolean that indicates whether the security role is enabled (true) or not (false). Security roles that have been disabled cannot be assigned to security identities. The default is true.

This is considered deprecated and may be removed in a future release.

Immutable A Boolean that indicates whether the security role has been marked as editable (true) or not (false). Internal Keyfactor Command roles are not editable. This setting is reserved for Keyfactor Command internal use.
Valid A Boolean that indicates whether the security role's audit XML is valid (true) or not (false). A security role may become invalid if Keyfactor Command determines that it appears to have been tampered with. This setting is not end-user configurable.
Private

A Boolean that indicates whether the security role has been marked private (true) or not (false). The default is false.

This is considered deprecated and may be removed in a future release.

Identities

An array containing information about the security identities assigned to the security role. ClosedShow identity details.

Permissions

An object containing the permissions assigned to the role in a comma-separated list of Name:Value pairs.

For example:

"Permissions": [
   "AdminPortal:Read",
   "Dashboard:Read"
],
Tip:  For code examples, see the Keyfactor API Endpoint Utility. To find the embedded web copy of this utility, click the help icon () at the top of the Keyfactor Command Management Portal page next to the Log Out button.