role_resource_set_bindings
Creates, updates, deletes, gets or lists a role_resource_set_bindings resource.
Overview
| Name | role_resource_set_bindings |
| Type | Resource |
| Id | okta.iam.role_resource_set_bindings |
Fields
The following fields are returned by SELECT queries:
- list_bindings
- get_binding
| Name | Datatype | Description |
|---|---|---|
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
roles | array | Roles associated with the resource set binding. If there are more than 100 bindings for the specified resource set, then the _links.next resource is returned with the next list of bindings. |
| Name | Datatype | Description |
|---|---|---|
id | string | id of the role resource set binding |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_bindings | select | subdomain | after | Lists all bindings for a resource set with pagination support. The returned roles array contains the roles for each binding associated with the specified resource set. If there are more than 100 bindings for the specified resource set, links.next provides the resource with pagination for the next list of bindings. |
get_binding | select | subdomain | Retrieves the binding of a role (identified by roleIdOrLabel) for a resource set (identified by resourceSetIdOrLabel) | |
create_resource_set_binding | insert | subdomain | Creates a binding for the resource set, custom role, and members (users or groups) > Note: If you use a custom role with permissions that don't apply to the resources in the resource set, it doesn't affect the admin role. For example, the okta.users.userprofile.manage permission gives the admin no privileges if it's granted to a resource set that only includes https://{yourOktaDomain}/api/v1/groups/{targetGroupId}resources. If you want the admin to be able to manage the users within the group, the resource set must include the corresponding https://{yourOktaDomain}/api/v1/groups/{targetGroupId}/users resource. | |
delete_binding | delete | subdomain | Deletes a binding of a role (identified by roleIdOrLabel) and a resource set (identified by resourceSetIdOrLabel) |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination. |
SELECT examples
- list_bindings
- get_binding
Lists all bindings for a resource set with pagination support.
The returned roles array contains the roles for each binding associated with the specified resource set. If there are more than 100 bindings for the specified resource set, links.next provides the resource with pagination for the next list of bindings.
SELECT
_links,
roles
FROM okta.iam.role_resource_set_bindings
WHERE subdomain = '{{ subdomain }}' -- required
AND after = '{{ after }}'
;
Retrieves the binding of a role (identified by roleIdOrLabel) for a resource set (identified by resourceSetIdOrLabel)
SELECT
id,
_links
FROM okta.iam.role_resource_set_bindings
WHERE subdomain = '{{ subdomain }}' -- required
;
INSERT examples
- create_resource_set_binding
- Manifest
Creates a binding for the resource set, custom role, and members (users or groups)
> Note: If you use a custom role with permissions that don't apply to the resources in the resource set, it doesn't affect the admin role. For example,
the okta.users.userprofile.manage permission gives the admin no privileges if it's granted to a resource set that only includes https://{yourOktaDomain}/api/v1/groups/{targetGroupId}
resources. If you want the admin to be able to manage the users within the group, the resource set must include the corresponding https://{yourOktaDomain}/api/v1/groups/{targetGroupId}/users resource.
INSERT INTO okta.iam.role_resource_set_bindings (
data__members,
data__role,
subdomain
)
SELECT
'{{ members }}',
'{{ role }}',
'{{ subdomain }}'
RETURNING
_links
;
# Description fields are for documentation purposes
- name: role_resource_set_bindings
props:
- name: subdomain
value: string
description: Required parameter for the role_resource_set_bindings resource.
- name: members
value: array
description: >
URLs to user and/or group instances that are assigned to the role
- name: role
value: string
description: >
Unique key for the role
DELETE examples
- delete_binding
Deletes a binding of a role (identified by roleIdOrLabel) and a resource set (identified by resourceSetIdOrLabel)
DELETE FROM okta.iam.role_resource_set_bindings
WHERE subdomain = '{{ subdomain }}' --required
;