Grant, grantedRole & allGrantedRoles
API
The objects grant, grantedRole and allGrantedRoles are used to assing roles to accounts and roles.
| Attribute | Type | Description |
|---|---|---|
| id | Long | grant id |
| grantedRole | String | granted role name |
| grantedRoleSystem | String | granted role managed system (agent) name |
| grantedRoleId | Long | granted role id |
| domainValue | String | grant value (if any) |
| ownerAccount | String | grantee account name |
| ownerSystem | String | grantee account or role managed system name |
| ownerGroup | String | grantee group name |
| ownerRoleId | String | grantee role id |
| ownerRoleName | String | grantee role name |
| ownerUser | String | grantee user name |
| grantedRoleObject | role object | granted role |
| ownerAccountObject | account object | grantee account |
Examples
Grant
Example to map a grant object (assign a role to an account):
| System attribute | Direction | Soffid attribute |
|---|---|---|
| role_name | => | grantedRole |
| account_name | => | ownerAccount |
GrantedRole
Example to map a grantedRole object (assign a role as a child of another role):
| System attribute | Direction | Soffid attribute |
|---|---|---|
| role_name | => | grantedRole |
| parent_role_name | => | ownerRoleName |
AllGrantedRoles
Example to map a allGrantedRoles object in a holderGroup (assign a role to an account in a specific group):
| System attribute | Direction | Soffid attribute |
|---|---|---|
| role_name | => | grantedRole |
| parent_role_name | => | ownerRoleName |
| group_code | => | domainValue |
| group_code | => | holderGroup |
| userName | => | ownerUser |