GET Claims Available Roles

The GET /Claims/AvailableRoles method returns a list of possible roles for claims created in the Keyfactor ACME server. This method has no input parameters other than the standard headers (see Endpoint Common Features). This method returns HTTP 200 OK on a success with a list of available roles in Keyfactor ACME.

Tip:  To be able to make this call, the requesting user must have the SuperAdmin role in the claims list either directly or via a group/role (see Access Control and Claims).

Table 30: GET Claims Available Roles Response Data

Name

 Description
n/a

An array of strings containing the possible role(s). Supported roles are:

  • AccountAdmin: Users can administer accounts in the Keyfactor ACME database including listing and revoking accounts and associated EAB keys.

  • EnrollmentUser: Users can request external account binding (EAB) keys, register ACME clients and enroll for certificates. Users can revoke certificates if this functionality is enabled.

  • SuperAdmin: Users can configure the Keyfactor ACME implementation and manage claims and identifiers in the Keyfactor ACME database using the Keyfactor ACME API. SuperAdmin users inherit AccountAdmin permissions and can administer accounts in the Keyfactor ACME database. SuperAdmin users do not inherit EnrollmentUsers permissions and cannot request EAB keys, register ACME clients, or enroll for certificates unless specifically granted the EnrollmentUser permission.