assigned_roles
Creates, updates, deletes, gets or lists an assigned_roles resource.
Overview
| Name | assigned_roles |
| Type | Resource |
| Id | okta.groups.assigned_roles |
Fields
The following fields are returned by SELECT queries:
- list_group_assigned_roles
- get_group_assigned_role
| Name | Datatype | Description |
|---|
| Name | Datatype | Description |
|---|
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_group_assigned_roles | select | subdomain | expand | Lists all assigned roles of a group by groupId |
get_group_assigned_role | select | subdomain | Retrieves a role assigned to a group (identified by the groupId). The roleAssignmentId is the unique identifier for either a standard role group assignment object or a custom role resource set binding object. | |
assign_role_to_group | insert | subdomain | disableNotifications | Assigns a standard role to a group. You can also assign a custom role to a group, but the preferred method to assign a custom role to a group is to create a binding between the custom role, the resource set, and the group. See Create a role resource set binding. > Notes: > * The request payload is different for standard and custom role assignments. > * For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response. |
unassign_role_from_group | delete | subdomain | Unassigns a role assignment (identified by roleAssignmentId) from a group (identified by the groupId) |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
disableNotifications | boolean | Grants the group third-party admin status when set to true |
expand | string | An optional parameter used to return targets configured for the standard role assignment in the embedded property. Supported values: targets/groups or targets/catalog/apps |
SELECT examples
- list_group_assigned_roles
- get_group_assigned_role
Lists all assigned roles of a group by groupId
SELECT
*
FROM okta.groups.assigned_roles
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
Retrieves a role assigned to a group (identified by the groupId). The roleAssignmentId is the unique identifier for either a standard role group assignment object or a custom role resource set binding object.
SELECT
*
FROM okta.groups.assigned_roles
WHERE subdomain = '{{ subdomain }}' -- required;
INSERT examples
- assign_role_to_group
- Manifest
Assigns a standard role to a group.
You can also assign a custom role to a group, but the preferred method to assign a custom role to a group is to create a binding between the custom role, the resource set, and the group. See Create a role resource set binding.
> Notes:
> * The request payload is different for standard and custom role assignments.
> * For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.
INSERT INTO okta.groups.assigned_roles (
subdomain,
disableNotifications
)
SELECT
'{{ subdomain }}',
'{{ disableNotifications }}'
;
# Description fields are for documentation purposes
- name: assigned_roles
props:
- name: subdomain
value: string
description: Required parameter for the assigned_roles resource.
- name: disableNotifications
value: boolean
description: Grants the group third-party admin status when set to `true`
DELETE examples
- unassign_role_from_group
Unassigns a role assignment (identified by roleAssignmentId) from a group (identified by the groupId)
DELETE FROM okta.groups.assigned_roles
WHERE subdomain = '{{ subdomain }}' --required;