Create a new external role.

  • Published on Jul 22, 2025
  • 1 minute(s) read
Prev Next
Post
/sys/v1/external_roles

Create a new external role.

Security
HTTP
Type bearer
API Key: apiKeyAuth
Header parameter nameAuthorization
Body parameters
object
add_groups
object | null
property*
object additionalProperties
users
Array

User's role(s) in a group.

Legacy user group role name or custom role id

OneOf
string
string
Valid values[ "GROUPAUDITOR", "GROUPADMINISTRATOR" ]
string (uuid)
string
apps
Array of string (AppPermissions) | null
string

Operations allowed to be performed by an app.

SIGN:

VERIFY:

ENCRYPT:

DECRYPT:

WRAPKEY:

UNWRAPKEY:

DERIVEKEY:

MACGENERATE:

MACVERIFY:

EXPORT:

MANAGE:

AGREEKEY:

MASKDECRYPT:

AUDIT:

TRANSFORM:

CREATE_SOBJECTS:

COPY_SOBJECTS:

ROTATE_SOBJECTS:

ACTIVATE_SOBJECTS:

REVOKE_SOBJECTS:

REVERT_SOBJECTS:

MOVE_SOBJECTS:

UPDATE_SOBJECTS_PROFILE:

UPDATE_SOBJECTS_ENABLED_STATE:

UPDATE_SOBJECT_POLICIES:

UPDATE_KEY_OPS:

DELETE_KEY_MATERIAL:

DELETE_SOBJECTS:

DESTROY_SOBJECTS:

RESTORE_EXTERNAL_SOBJECTS:

CALCULATE_DIGEST:

ENCAPSULATE:

DECAPSULATE:

Valid values[ "SIGN", "VERIFY", "ENCRYPT", "DECRYPT", "WRAPKEY", "UNWRAPKEY", "DERIVEKEY", "MACGENERATE", "MACVERIFY", "EXPORT", "MANAGE", "AGREEKEY", "MASKDECRYPT", "AUDIT", "TRANSFORM", "CREATE_SOBJECTS", "COPY_SOBJECTS", "ROTATE_SOBJECTS", "ACTIVATE_SOBJECTS", "REVOKE_SOBJECTS", "REVERT_SOBJECTS", "MOVE_SOBJECTS", "UPDATE_SOBJECTS_PROFILE", "UPDATE_SOBJECTS_ENABLED_STATE", "UPDATE_SOBJECT_POLICIES", "UPDATE_KEY_OPS", "DELETE_KEY_MATERIAL", "DELETE_SOBJECTS", "DESTROY_SOBJECTS", "RESTORE_EXTERNAL_SOBJECTS", "CALCULATE_DIGEST", "ENCAPSULATE", "DECAPSULATE" ]
del_groups
Array of string | null
string (uuid)
kind
string

Type of an external role.

Valid values[ "ldap-group" ]
mod_groups
object | null
property*
object additionalProperties
users
Array

User's role(s) in a group.

Legacy user group role name or custom role id

OneOf
string
string
Valid values[ "GROUPAUDITOR", "GROUPADMINISTRATOR" ]
string (uuid)
string
apps
Array of string (AppPermissions) | null
string

Operations allowed to be performed by an app.

SIGN:

VERIFY:

ENCRYPT:

DECRYPT:

WRAPKEY:

UNWRAPKEY:

DERIVEKEY:

MACGENERATE:

MACVERIFY:

EXPORT:

MANAGE:

AGREEKEY:

MASKDECRYPT:

AUDIT:

TRANSFORM:

CREATE_SOBJECTS:

COPY_SOBJECTS:

ROTATE_SOBJECTS:

ACTIVATE_SOBJECTS:

REVOKE_SOBJECTS:

REVERT_SOBJECTS:

MOVE_SOBJECTS:

UPDATE_SOBJECTS_PROFILE:

UPDATE_SOBJECTS_ENABLED_STATE:

UPDATE_SOBJECT_POLICIES:

UPDATE_KEY_OPS:

DELETE_KEY_MATERIAL:

DELETE_SOBJECTS:

DESTROY_SOBJECTS:

RESTORE_EXTERNAL_SOBJECTS:

CALCULATE_DIGEST:

ENCAPSULATE:

DECAPSULATE:

Valid values[ "SIGN", "VERIFY", "ENCRYPT", "DECRYPT", "WRAPKEY", "UNWRAPKEY", "DERIVEKEY", "MACGENERATE", "MACVERIFY", "EXPORT", "MANAGE", "AGREEKEY", "MASKDECRYPT", "AUDIT", "TRANSFORM", "CREATE_SOBJECTS", "COPY_SOBJECTS", "ROTATE_SOBJECTS", "ACTIVATE_SOBJECTS", "REVOKE_SOBJECTS", "REVERT_SOBJECTS", "MOVE_SOBJECTS", "UPDATE_SOBJECTS_PROFILE", "UPDATE_SOBJECTS_ENABLED_STATE", "UPDATE_SOBJECT_POLICIES", "UPDATE_KEY_OPS", "DELETE_KEY_MATERIAL", "DELETE_SOBJECTS", "DESTROY_SOBJECTS", "RESTORE_EXTERNAL_SOBJECTS", "CALCULATE_DIGEST", "ENCAPSULATE", "DECAPSULATE" ]
name
string | null
source_id
string (uuid) | null
Responses
2XX

Success result

object
external_role_id
string (uuid)
groups
object
property*
object additionalProperties
users
Array

User's role(s) in a group.

Legacy user group role name or custom role id

OneOf
string
string
Valid values[ "GROUPAUDITOR", "GROUPADMINISTRATOR" ]
string (uuid)
string
apps
Array of string (AppPermissions) | null
string

Operations allowed to be performed by an app.

SIGN:

VERIFY:

ENCRYPT:

DECRYPT:

WRAPKEY:

UNWRAPKEY:

DERIVEKEY:

MACGENERATE:

MACVERIFY:

EXPORT:

MANAGE:

AGREEKEY:

MASKDECRYPT:

AUDIT:

TRANSFORM:

CREATE_SOBJECTS:

COPY_SOBJECTS:

ROTATE_SOBJECTS:

ACTIVATE_SOBJECTS:

REVOKE_SOBJECTS:

REVERT_SOBJECTS:

MOVE_SOBJECTS:

UPDATE_SOBJECTS_PROFILE:

UPDATE_SOBJECTS_ENABLED_STATE:

UPDATE_SOBJECT_POLICIES:

UPDATE_KEY_OPS:

DELETE_KEY_MATERIAL:

DELETE_SOBJECTS:

DESTROY_SOBJECTS:

RESTORE_EXTERNAL_SOBJECTS:

CALCULATE_DIGEST:

ENCAPSULATE:

DECAPSULATE:

Valid values[ "SIGN", "VERIFY", "ENCRYPT", "DECRYPT", "WRAPKEY", "UNWRAPKEY", "DERIVEKEY", "MACGENERATE", "MACVERIFY", "EXPORT", "MANAGE", "AGREEKEY", "MASKDECRYPT", "AUDIT", "TRANSFORM", "CREATE_SOBJECTS", "COPY_SOBJECTS", "ROTATE_SOBJECTS", "ACTIVATE_SOBJECTS", "REVOKE_SOBJECTS", "REVERT_SOBJECTS", "MOVE_SOBJECTS", "UPDATE_SOBJECTS_PROFILE", "UPDATE_SOBJECTS_ENABLED_STATE", "UPDATE_SOBJECT_POLICIES", "UPDATE_KEY_OPS", "DELETE_KEY_MATERIAL", "DELETE_SOBJECTS", "DESTROY_SOBJECTS", "RESTORE_EXTERNAL_SOBJECTS", "CALCULATE_DIGEST", "ENCAPSULATE", "DECAPSULATE" ]
kind
string

Type of an external role.

Valid values[ "ldap-group" ]
last_synced
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
Example20170509T070912Z
name
string
source_id
string (uuid)
acct_id
string (uuid)