The GET /Security/Roles method is used to return the list of security roles configured in Keyfactor Command. This method returns HTTP 200 OK on a success with the details of the security roles.
This method has two available versions. Keyfactor strongly recommends using the newer method when possible; the v1 method has been deprecated since it supports Active Directory identities only. The v2 method has been redesigned to provide support for alternate identity providers and the newer claims-based authentication model that accompanies this. This version of the method supports both Active Directory and other identity providers. For more information about versioning, see Versioning.
Version 2 of the GET /Security/Roles method has been redesigned to provide support for alternate identity providers and the newer claims-based authentication model that accompanies this. All new development should use this version.
Table 624: GET Security Roles v2 Input Parameters
| Name | In | Description |
|---|---|---|
| QueryString | Query |
A string containing a query to limit the results (e.g. field1 -eq value1 AND field2 -gt value2). The default is to return all records. Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns for the same feature. For querying guidelines, refer to: Using the Security Role Search Feature. The query fields supported for this endpoint are:
|
| PageReturned | Query | An integer that specifies how many multiples of the returnLimit to skip and offset by before returning results, to enable paging. The default is 1. |
| ReturnLimit | Query | An integer that specifies how many results to return per page. The default is 50. |
| SortField | Query | A string containing the property by which the results should be sorted. Fields available for sorting through the API for the most part match those that appear as sortable columns in the Keyfactor Command Management Portal. The default sort field is Name. |
| SortAscending | Query | An integer that sets the sort order on the returned results. A value of 0 sorts results in ascending order while a value of 1 sorts results in descending order. The default is ascending. |
Table 625: GET Security Roles v2 Response Data
| Name | Description |
|---|---|
| Id |
An integer containing the Keyfactor Command identifier for the security role. |
| Name | A string containing the short reference name for the security role. |
| Immutable | A Boolean indicating if the role is immutable or not. Only the built-in Administrators role is considered immutable. The value of this parameter cannot be changed. |
| Permission SetId |
A string containing the Keyfactor Command reference GUID of the permission set to which the role is assigned (see Permission Sets). Tip: For details of the permissions associated with the role, use the GET /SecurityRoles/{id} method (see GET Security Roles ID) for the desired role. For details of the permissions associated withe the permission set to which the role belongs, use GET /PermissionSets/{id} method (see GET Permission Sets ID) using this permission set GUID. A role may be only granted a subset of the permissions available in a permission set.
|
| Claims Count |
An integer indicating the number of claims mapped to the role. Tip: For details of the claims associated with the role, use the GET /SecurityRoles/{id} method (see GET Security Roles ID) for the desired role.
|
Version 1 of the GET /Security/Roles method includes the same capabilities as version 2, but offers support for managing legacy formatted Active Directory identities only.
Table 626: GET Security Roles v1 Input Parameters
| Name | In | Description |
|---|---|---|
| Validate | Query |
A Boolean that specifies whether the optional parameter of validate is false, which allows the AuditXML validation to be skipped when loading records, or true (or not specified) in which case validation will occur. The default is true. |
| QueryString | Query |
A string containing a query to limit the results (e.g. field1 -eq value1 AND field2 -gt value2). The default is to return all records. Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns for the same feature. For querying guidelines, refer to: Using the Security Role Search Feature. The query fields supported for this endpoint are:
|
| PageReturned | Query | An integer that specifies how many multiples of the returnLimit to skip and offset by before returning results, to enable paging. The default is 1. |
| SkipCount | Query | An integer indicating the number of records that should be skipped in providing results, starting from the beginning of the records (for pagination). This field is optional and no records will be skipped if not provided. |
| ReturnLimit | Query | An integer that specifies how many results to return per page. The default is 50. |
| SortField | Query | A string containing the property by which the results should be sorted. Fields available for sorting through the API for the most part match those that appear as sortable columns in the Keyfactor Command Management Portal. The default sort field is Name. |
| SortAscending | Query | An integer that sets the sort order on the returned results. A value of 0 sorts results in ascending order while a value of 1 sorts results in descending order. The default is ascending. |
Table 627: GET Security Roles v1 Response Data
| Name | Description |
|---|---|
| Id |
An integer containing the Keyfactor Command identifier for the security role. |
| Name | A string containing the short reference name for the security role. |
| Description | A string containing the description for the security role. |
| Enabled |
A Boolean that indicates whether the security role is enabled (true) or not (false). Security roles that have been disabled cannot be assigned to security identities. The default is true. This is considered deprecated and may be removed in a future release. |
| Immutable | A Boolean that indicates whether the security role has been marked as editable (false) or not (true). Internal Keyfactor Command roles are not editable. This setting is reserved for Keyfactor Command internal use. |
| Valid | A Boolean that indicates whether the security role's audit XML is valid (true) or not (false). A security role may become invalid if Keyfactor Command determines that it appears to have been tampered with. This setting is not end-user configurable. |
| Private |
A Boolean that indicates whether the security role has been marked private (true) or not (false). The default is false. This is considered deprecated and may be removed in a future release. |
| Permission SetId | A string indicating the Keyfactor Command reference GUID of the permission set associated with the role (see Permission Sets). |
| Identities |
An array of objects containing information about the security identities assigned to the security role. |
| Permissions |
An array of strings containing the permissions assigned to the role in a comma-separated list of Name:Value pairs. See Version One Permission Model for an overview of the possible permissions. For example: Copy
|
A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (
) at the top of the Management Portal page next to the Log Out button.