4.6.8. System Roles¶
API for working with system roles.
- class axonius_api_client.api.system.system_roles.SystemRoles(auth, log_level='debug', **kwargs)[source]¶
Bases:
ModelMixins
API for working with system roles.
Examples
Get all roles:
get()
Get a role by name:
get_by_name()
Get a role by uuid:
get_by_uuid()
Add a role:
add()
Change the name of a role:
set_name()
Change the permissions of a role:
set_perms()
Delete a role:
delete_by_name()
Get a user readable version of the permissions for a role:
pretty_perms()
- Parameters:
auth (
axonius_api_client.auth.model.AuthModel
) –log_level (
typing.Union
[int
,str
]) –
- get(generator=False)[source]¶
Get Axonius system roles.
Examples
Create a
client
usingaxonius_api_client.connect.Connect
>>> roles = client.system_roles.get() >>> [x['name'] for x in roles] ['Admin', 'Viewer', 'Restricted', 'No Access', 'abc']
- Parameters:
generator (
bool
) – return an iterator for objects that will yield rows as they are fetched- Return type:
typing.Union
[typing.Generator
[dict
,None
,None
],typing.List
[dict
]]
- get_cached()[source]¶
Get Axonius system roles using a caching mechanism.
- Return type:
typing.List
[axonius_api_client.api.json_api.system_roles.SystemRole
]
- get_cached_single(value)[source]¶
Pass.
- Parameters:
value (
typing.Union
[str
,dict
,axonius_api_client.api.json_api.system_roles.SystemRole
]) –- Return type:
axonius_api_client.api.json_api.system_roles.SystemRole
- get_by_name(name)[source]¶
Get a role by name.
Examples
Create a
client
usingaxonius_api_client.connect.Connect
>>> role = client.system_roles.get_by_name(name="Admin") >>> role["uuid"] '5f76721bebd8d8b5459b56c8'
- Parameters:
name (
str
) – name of role to get- Raises:
NotFoundError – if role not found
- Return type:
- get_by_uuid(uuid)[source]¶
Get a role by uuid.
Examples
Create a
client
usingaxonius_api_client.connect.Connect
>>> role = client.system_roles.get_by_name(name="5f76721bebd8d8b5459b56c8") >>> role["name"] 'Admin'
- Parameters:
uuid (
str
) – uuid of role to get- Raises:
NotFoundError – if role not found
- Return type:
- add(name, data_scope=None, **kwargs)[source]¶
Add a role.
Examples
Create a
client
usingaxonius_api_client.connect.Connect
Create a role with the default permissions (none except dashboard view)
>>> role = client.system_roles.add(name="test1")
Create a role with specific permissions:
>>> role = client.system_roles.add( ... name="test2", adapters="get", users_assets="get,saved_queries.run" ... )
Create a role with all permissions for all categories:
>>> role = client.system_roles.add( ... name="test2", ... adapters="all", ... dashboard="all", ... devices_assets="all", ... enforcements="all", ... instances="all", ... reports="all", ... settings="all", ... users_assets="all", ... )
- Parameters:
name (
str
) – name of role to adddata_scope (
typing.Optional
[str
]) – name or UUID of data scope to assign to role**kwargs – keys as categories, values as list or CSV of actions to allow for category
- Raises:
ApiError – if role already exists matching name
- Return type:
- set_name(name, new_name)[source]¶
Change the name of a role.
Examples
Create a
client
usingaxonius_api_client.connect.Connect
>>> role = client.system_roles.set_name(name="test1", new_name="test3") >>> role["name"] 'test3'
- set_perms(name, grant=True, **kwargs)[source]¶
Change the permissions of a role.
Examples
Create a
client
usingaxonius_api_client.connect.Connect
Add all permissions for adapters to a role
>>> role = client.system_roles.set_perms(name="test1", adapters="all")
Remove all permissions for adapters to a role
>>> role = client.system_roles.set_perms(name="test1", grant=False, adapters="all")
Add all permissions for all categories to a role:
>>> role = client.system_roles.set_perms( ... name="test1", ... adapters="all", ... dashboard="all", ... devices_assets="all", ... enforcements="all", ... instances="all", ... reports="all", ... settings="all", ... users_assets="all", ... )
- delete_by_name(name)[source]¶
Delete a role.
Examples
Create a
client
usingaxonius_api_client.connect.Connect
>>> role = client.system_roles.delete_by_name(name="test1")
- pretty_perms(role)[source]¶
Get a user readable version of the permissions for a role.
Examples
Create a
client
usingaxonius_api_client.connect.Connect
Pretty print a roles permission sets:
>>> print(client.system_roles.pretty_perms(role=role)) adapters Adapters connections.delete Delete connection False connections.post Edit connections False (...trimmed...)
- Parameters:
role (
dict
) – role returned fromget_by_name()
,get()
, orget_by_uuid()
- Return type:
- _get()[source]¶
Direct API method to get all users.
- Parameters:
limit – limit to N rows per page
offset – start at row N
- Return type:
typing.List
[axonius_api_client.api.json_api.system_roles.SystemRole
]
- _add(name, permissions, data_scope_restriction=None)[source]¶
Direct API method to add a role.
- Parameters:
name (
str
) – name of new rolepermissions (
dict
) – permissions for new roledata_scope_restriction (
typing.Optional
[dict
]) –
- Return type:
axonius_api_client.api.json_api.system_roles.SystemRole
- _update(uuid, name, permissions, data_scope_restriction=None)[source]¶
Direct API method to update a roles permissions.
- Parameters:
name (
str
) – name of role to updatepermissions (
dict
) – permissions to update on new roleuuid (
str
) –data_scope_restriction (
typing.Optional
[dict
]) –
- Return type:
axonius_api_client.api.json_api.system_roles.SystemRole
- _delete(uuid)[source]¶
Direct API method to delete a role.
- Parameters:
name – name of role to delete
uuid (
str
) –
- Return type:
axonius_api_client.api.json_api.system_roles.SystemRole
- cat_actions_to_perms(role_perms=None, grant=True, src=None, **kwargs)[source]¶
Create an updated set of role permissions based on categories and actions.
- Parameters:
role_perms (
typing.Optional
[dict
]) – permissions of a role to updategrant (
bool
) – add or remove access to the actions supplied**kwargs – keys as categories, values as list of actions to allow for category
src (
typing.Optional
[str
]) –
- Return type:
- property data_scopes¶
Work with data scopes.
-
LOG:
logging.Logger
= None¶ Logger for this object.
- __init__(auth, log_level='debug', **kwargs)¶
Mixins for API Models.
- Parameters:
auth (
axonius_api_client.auth.model.AuthModel
) – object to use for auth and sending API requestslog_level (
typing.Union
[int
,str
]) – logging level to use for this objects logger**kwargs – passed to
_init()
- _init_auth(**kwargs)¶
Post init method for subclasses to use for overriding auth setup.
-
auth:
axonius_api_client.auth.model.AuthModel
= None¶ Authentication model with bound Http object to use for requests.
-
http:
axonius_api_client.http.Http
= None¶ Http object to use for requests.