role assignment
role assignment
The OLP CLI supports the following functionality for role assignment management:
role assignment list
Retrieves list of roles assigned to an application or a user.
olp role assignment list <entity HRN> [command options]Required parameters:
<entity HRN>HRN of the application or user.
Optional parameters:
--role-name <role-name>Filters the assigned role list by role name. If not specified all assigned roles are returned. Possible values areOrgAdmin,OrgInviter,GroupAdmin,ResourceManager,ProjectAdmin,MonitoringDashboardEditor,LicensingAdmin,MarketplaceProvider,MarketplaceConsumer,CustomerManager,CrossRealmTrustManager,SupportAdmin,AppAdmin.--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--jsonDisplays the command result in JSON format.--quietDisplays a list of role HRNs with no additional information.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below lists roles assigned to the application:
olp role assignment list hrn:here:account::my-realm:app/my-app-1234Output:
HRN resource name
hrn:here:authorization::my-realm:role/ROLE-000292a5-77b9-4131-89ec-0931d2490588 hrn:here:authorization::my-realm:group/GROUP-f52587c2-8837-45ac-8c11-583660927b98 GroupAdmin
hrn:here:authorization::my-realm:role/ROLE-21ee9066-6e3f-4d92-9a5d-a17bf39ec81a hrn:here:authorization::my-realm:group/GROUP-58dfca9e-c461-425b-ab50-c554f2a922c3 GroupAdmin
hrn:here:authorization::my-realm:role/ROLE-204d6425-4190-4117-92af-76a0397117b6 hrn:here:account::my-realm:realm/org343505019 OrgAdmin
Use olp role show <role HRN> to display more information about a rolerole assignment add
Assigns the role to the application or user.
olp role assignment add <role HRN> <entity HRN> [command options]Required parameters:
<role HRN>HRN of the role.<entity HRN>HRN of the application or user role needs to be assigned.
Optional parameters:
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--quietDisplays empty output with no additional information.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below assigns the role to the application:
olp role assignment add hrn:here:authorization::my-realm:role/ROLE-1234 hrn:here:account::my-realm:app/my-app-1234Output:
Role hrn:here:authorization::my-realm:role/ROLE-1234 has been assigned to hrn:here:account::my-realm:app/my-app-1234role assignment remove
Revokes the role from the application or user.
olp role assignment remove <role HRN> <entity HRN> [command options]Required parameters:
<role HRN>HRN of the role.<entity HRN>HRN of the application or user to role needs to be assigned.
Optional parameters:
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--quietDisplays empty output with no additional information.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below revokes the role from the application:
olp role assignment remove hrn:here:authorization::my-realm:role/ROLE-1234 hrn:here:account::my-realm:app/my-app-1234Output:
Role hrn:here:authorization::my-realm:role/ROLE-1234 has been revoked from hrn:here:account::my-realm:app/my-app-1234Updated 22 days ago