Postman collection for role management
This guide helps you to test the CyberArk Identity role management APIs using postman collection. Postman is an HTTP testing API application that allows you to monitor requests and responses.
Prerequisites
- Install postman from https://www.postman.com/downloads/
- Get access to CyberArk Identity tenant
- Have an admin user with role management rights
Import postman collection
Get started with postman collection
Once the postman collection is imported, the following variables have to be pre-filled to run the collection based on the functionality you want to try out.
Authentication is required to access the APIs related to role management. The authenticated user should contain administrative rights to access the APIs.
The following variables should be pre-filled for role management:
| Variable Name | Description |
|---|---|
| tenant_url | The URL of the CyberArk Identity tenant (https://example.idaptive.app). The URL will be used for all API requests to CyberArk Identity. |
| username | The username of the CyberArk Identity directory user that has administrative rights to manage roles. |
| password | The password of the CyberArk Identity directory user. |
| role_name | The name of the role to be added |
| role_description | Description of the role |
| organization | Name of the organization to which the role should be added |
| role_type | Type of the role. It can either be "PrincipalList" (static) or "Script" (dynamic) |
| assigned_right_1 assigned_right_2 | The rights that need to be assigned to the role. Please follow https://identity-developer.cyberark.com/docs/postman-collection-for-role-management#administrative-rights-for-the-role to see the value of these parameters |
| add_role_uuid_1 | The UUID of the role that needs to be added to the role |
| suppress_principals_list | A boolean flag that specifies whether the principal list should be suppressed in the response or not |
| get_rights | A boolean flag that specifies whether the rights should be sent in the response or not |
| role_script | The dynamic role script |
Administrative rights for the role
To assign administrative rights for the role, the below value should be sent to the API:
| Administrative right | Value |
|---|---|
| Application Management | /lib/rights/appman.json |
| Device Management (All) | /lib/rights/mobman.json |
| Identity Verification | /lib/rights/identityverification.json |
| MFA Unlock | /lib/rights/mfaunlock.json |
| Read Only Role Management | /lib/rights/roroleman.json |
| Report Management | /lib/rights/reportman.json |
| Role Management | /lib/rights/roleman.json |
| Show Audit Service Tile | ServiceRight/auditShowTile |
| Show Cloud Onboarding Tile | ServiceRight/cloudonboardingShowTile |
| Show Connector Management Tile | ServiceRight/connectormanagementShowTile |
| User Management | /lib/rights/dsman.json |
Updated 11 months ago