grant_role_to_object_by_Name

This command assigns a role to a specified object by names.

Guardium checks the dependencies before it adds the role. For example, before Guardium adds a role to a Classification process, the role must be assigned to all components that are contained by that process (that is, the classification policy and any datasources that it references).

This API is available in Guardium V9.5 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/grant_role_to_object_by_Name

GuardAPI syntax

grant_role_to_object_by_Name parameter=value

Parameters

Parameter Value type Description
objectName String Required. The name of the object (such as a query or report) to which to assign the role.

When objectName is set to ALL, the role that is specified is assigned to all objects.

objectType String Required. The type of object to which to assign the role. For valid values, call grant_role_to_object_by_Name from the command line with --help=true.
role String Required. The name of the role to assign. Specify any existing role.

Specify all_roles to allow access by all roles.

api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

GuardAPI examples

grdapi grant_role_to_object_by_Name objectType=Datasource objectName= "swanSybase" role=admin 
grdapi grant_role_to_object_by_Name objectType="SecurityAssessment" objectName="ALL" role="user" 

When the object Name is set to ALL, the role of user is assigned to all objects of type SecurityAssessment.