roles

Creates, updates, deletes, gets or lists a roles resource.

Overview

Name	roles
Type	Resource
Id	okta.iam.roles

Fields

The following fields are returned by SELECT queries:

list_roles

Name	Datatype	Description
_links	object	Specifies link relations (see Web Linking) available for the current status of an application using the JSON Hypertext Application Language specification. Use the LinksNext object for dynamic discovery of related resources and lifecycle operations.
roles	array

get_role

Name	Datatype	Description
id	string	Unique key for the role
_links	object	Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations.
created	string (date-time)	Timestamp when the role was created
description	string	Description of the role
label	string	Unique label for the role
lastUpdated	string (date-time)	Timestamp when the role was last updated

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
list_roles	select	subdomain	after	Lists all custom roles with pagination support
get_role	select	subdomain		Retrieves a role by roleIdOrLabel
create_role	insert	subdomain, data__label, data__description, data__permissions		Creates a custom role
replace_role	replace	subdomain, data__label, data__description		Replaces the label and description for a custom role by roleIdOrLabel
delete_role	delete	subdomain		Deletes a custom role by roleIdOrLabel

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
subdomain	string	The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org)
after	string	The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination.

SELECT examples

list_roles

Lists all custom roles with pagination support

SELECT
_links,
roles
FROM okta.iam.roles
WHERE subdomain = '{{ subdomain }}' -- required
AND after = '{{ after }}'
;

get_role

Retrieves a role by roleIdOrLabel

SELECT
id,
_links,
created,
description,
label,
lastUpdated
FROM okta.iam.roles
WHERE subdomain = '{{ subdomain }}' -- required
;

INSERT examples

create_role

Creates a custom role

INSERT INTO okta.iam.roles (
data__description,
data__label,
data__permissions,
subdomain
)
SELECT 
'{{ description }}' /* required */,
'{{ label }}' /* required */,
'{{ permissions }}' /* required */,
'{{ subdomain }}'
RETURNING
id,
_links,
created,
description,
label,
lastUpdated
;

Manifest

# Description fields are for documentation purposes
- name: roles
  props:
    - name: subdomain
      value: string
      description: Required parameter for the roles resource.
    - name: description
      value: string
      description: >
        Description of the role
        
    - name: label
      value: string
      description: >
        Unique label for the role
        
    - name: permissions
      value: array
      description: >
        Array of permissions that the role grants. See [Permissions](https://developer.okta.com/docs/api/openapi/okta-management/guides/permissions).
        

REPLACE examples

replace_role

Replaces the label and description for a custom role by roleIdOrLabel

REPLACE okta.iam.roles
SET 
data__description = '{{ description }}',
data__label = '{{ label }}'
WHERE 
subdomain = '{{ subdomain }}' --required
AND data__label = '{{ label }}' --required
AND data__description = '{{ description }}' --required
RETURNING
id,
_links,
created,
description,
label,
lastUpdated
;

DELETE examples

delete_role

Deletes a custom role by roleIdOrLabel

DELETE FROM okta.iam.roles
WHERE subdomain = '{{ subdomain }}' --required
;