GuidesChangelogData Inspector Library API Reference
Guides
  1. Command Line Interface
  2. OLP CLI Command reference

permission access

permission access

The OLP CLI supports the following:

  • set the access filter attached to the realm, user, or app.
  • show the access filter attached to the realm, user, app, or role.
  • delete the access filter attached to the user or app.

permission access set

Sets the access filter attached to the realm, user, or app.

olp permission access set <entity HRN> <filter HRN> [command options]

Required Parameters:

  • <entity HRN> HRN of a realm, user, or app.
  • <filter HRN> HRN of an access filter to be attached to a particular entity.

Optional Parameters:

  • --expires-at <yyyy-MM-ddTHH:mm:ss> The expiration date of the access filter attachment. The timestamp must match the ISO-8601 format yyyy-MM-ddTHH:mm:ss, but only yyyy is mandatory. If not specified, the access filter attachment doesn't expire. This parameter is ignored when the entity HRN is realm.

  • --force Must be used with closed access filter to block access to all resources and services by default.

    Note

    Use the --force flag to attach closed filter. If the flag is omitted, a warning will be shown.

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.

  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.

  • --json Displays the attached access filter information in the JSON format.

  • --quiet Displays the access filter HRN only.

For more information on using credentials and profiles, see Credentials setup.

Note

  • The set command will only work if an app has the Org Admin role. Otherwise, the command will fail.

Example:

The command below sets an access filter attached to a user.

olp permission access set hrn:here:account::org:user/HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 hrn:here:authorization::org:filter/FILTER-99b7c7d7-867a-4573-8730-4689be1718c9

Output:

The access filter hrn:here:authorization::org:filter/FILTER-99b7c7d7-867a-4573-8730-4689be1718c9 has been set for the user hrn:here:account::org:user/HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3

permission access show

Lists the access filter attached to the realm, user, app, or role.

olp permission access show <entity HRN> [command options]

Required Parameters:

  • <entity HRN> HRN of a realm, user, app, or role.

Optional Parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Displays the command result in JSON format.
  • --quiet Displays the access filter HRNs only.

For more information on using credentials and profiles, see Credentials setup.

Example:

The command below shows an access filter attached to a realm.

olp permission access show hrn:here:account::org:user/HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3

Output:

HRN                                                                             Expires At
hrn:here:authorization::org:filter/FILTER-99b7c7d7-867a-4573-8730-4689be1718c9  2026-03-07T12:30:31.329Z
hrn:here:authorization::org:filter/FILTER-4689be17-8730-867a-4573-18c999b7c7d7
hrn:here:authorization::HERE:platform:filter/open                               2027-03-07T15:20:40.293Z

Use the olp permission access filter show <filter HRN> command to display more information about an access filter

permission access delete

Detaches the access filter from the user, or app.

olp permission access delete <entity HRN> <filter HRN> [command options]

Required Parameters:

  • <entity HRN> HRN of a user or app.
  • <filter HRN> HRN of an access filter to be deleted from a particular entity.

Optional Parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --quiet Displays empty output with no additional information.

For more information on using credentials and profiles, see Credentials setup.

Note

  • The delete command will only work if an app has the Org Admin role. Otherwise, the command will fail.

Example:

The command below deletes the access filter attached to the user.

olp permission access delete hrn:here:account::org:user/HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 hrn:here:authorization::org:filter/FILTER-99b7c7d7-867a-4573-8730-4689be1718c9

Output:

The access filter hrn:here:authorization::org:filter/FILTER-99b7c7d7-867a-4573-8730-4689be1718c9 has been removed from the HERE-05966c89-aaf1-4ae2-b0e4-3676b3f8b8c3 user

Updated 22 days ago