role_permissions
Creates, updates, deletes, gets or lists a role_permissions resource.
Overview
| Name | role_permissions |
| Type | Resource |
| Id | okta.iam.role_permissions |
Fields
The following fields are returned by SELECT queries:
- list_role_permissions
- get_role_permission
| Name | Datatype | Description |
|---|---|---|
permissions | array | Array of permissions assigned to the role. See Permissions. |
| Name | Datatype | Description |
|---|---|---|
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
conditions | object | Conditions for further restricting a permission. See Permission conditions. |
created | string (date-time) | Timestamp when the permission was assigned |
label | string | The assigned Okta permission (example: okta.users.read) |
lastUpdated | string (date-time) | Timestamp when the permission was last updated |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_role_permissions | select | subdomain | Lists all permissions for a custom role by roleIdOrLabel | |
get_role_permission | select | subdomain | Retrieves a permission (identified by permissionType) for a custom role | |
create_role_permission | insert | subdomain | Creates a permission (specified by permissionType) for a custom role | |
replace_role_permission | replace | subdomain | Replaces a permission (specified by permissionType) for a custom role | |
delete_role_permission | delete | subdomain | Deletes a permission (identified by permissionType) from a custom role |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
SELECT examples
- list_role_permissions
- get_role_permission
Lists all permissions for a custom role by roleIdOrLabel
SELECT
permissions
FROM okta.iam.role_permissions
WHERE subdomain = '{{ subdomain }}' -- required
;
Retrieves a permission (identified by permissionType) for a custom role
SELECT
_links,
conditions,
created,
label,
lastUpdated
FROM okta.iam.role_permissions
WHERE subdomain = '{{ subdomain }}' -- required
;
INSERT examples
- create_role_permission
- Manifest
Creates a permission (specified by permissionType) for a custom role
INSERT INTO okta.iam.role_permissions (
data__conditions,
subdomain
)
SELECT
'{{ conditions }}',
'{{ subdomain }}'
;
# Description fields are for documentation purposes
- name: role_permissions
props:
- name: subdomain
value: string
description: Required parameter for the role_permissions resource.
- name: conditions
value: object
description: >
Conditions for further restricting a permission. See [Permission conditions](https://help.okta.com/okta_help.htm?type=oie&id=ext-permission-conditions).
REPLACE examples
- replace_role_permission
Replaces a permission (specified by permissionType) for a custom role
REPLACE okta.iam.role_permissions
SET
data__conditions = '{{ conditions }}'
WHERE
subdomain = '{{ subdomain }}' --required
RETURNING
_links,
conditions,
created,
label,
lastUpdated
;
DELETE examples
- delete_role_permission
Deletes a permission (identified by permissionType) from a custom role
DELETE FROM okta.iam.role_permissions
WHERE subdomain = '{{ subdomain }}' --required
;