Just announced HashiConf Global full schedule: keynotes, sessions, labs & more. Register Now

A new platform for documentation and tutorials is launching soon.

We are migrating Boundary documentation into HashiCorp Developer, our new developer experience.

Join Now

Boundary Controller HTTP API

Role Service

Lists all Roles.

Request

Query Parameters

scope_id string
recursive boolean
filter string

Response

Successful Response

items object[]

Role contains all fields related to a Role resource

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Creates a single Role.

Request

Body Parameters

scope_id string

The ID of the Scope containing this Role.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Gets a single Role.

Request

Path Parameters

id string Required

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Deletes a Role.

Request

Path Parameters

id string Required

Response

Successful Response

No content.

Updates a Role.

Request

Path Parameters

id string Required

Query Parameters

update_mask string

Body Parameters

scope_id string

The ID of the Scope containing this Role.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Adds grants to a Role

Request

Path Parameters

id string Required

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Adds Users and/or Groups to a Role.

Request

Path Parameters

id string Required

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Removes grants from a Role.

Request

Path Parameters

id string Required

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Removes the specified Users and/or Groups from a Role.

Request

Path Parameters

id string Required

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Set grants for a Role, removing any grants that are not specified in the request.

Request

Path Parameters

id string Required

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Set Users and/or Groups to a Role, removing any principals that are not specified in the request.

Request

Path Parameters

id string Required

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Response

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]
principals object[]
id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]
grants object[]
raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.

json object

Output only. The JSON representation of the grant.

id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]