• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Boundary
  • Install
  • Tutorials
  • Documentation
  • API
  • Try Cloud(opens in new tab)
  • Sign up
Boundary Home

API

Skip to main content
  • API

  • Account Service
  • Auth Method Service
  • Auth Token Service
  • Credential Library Service
  • Credential Service
  • Credential Store Service
  • Group Service
  • Host Catalog Service
  • Host Service
  • Host Set Service
  • Managed Group Service
  • Role Service
  • Scope Service
  • Session Service
  • Target Service
  • User Service
  • Worker Service

  • Resources

  • Tutorial Library
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. Boundary
  3. API
  4. Role Service

Boundary Controller HTTP API

Role Service


Lists all Roles.

Query Parameters

scope_id string
recursive boolean
filter string

Successful Response


id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Creates a single Role.

Body Parameters

scope_id string

The ID of the Scope containing this Role.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Gets a single Role.

Path Parameters

id string RequiredRequired

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Deletes a Role.

Path Parameters

id string RequiredRequired

Successful Response

No content.

Updates a Role.

Path Parameters

id string RequiredRequired

Query Parameters

update_mask string

Body Parameters

scope_id string

The ID of the Scope containing this Role.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Adds grants to a Role

Path Parameters

id string RequiredRequired

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Adds Users and/or Groups to a Role.

Path Parameters

id string RequiredRequired

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Removes grants from a Role.

Path Parameters

id string RequiredRequired

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Removes the specified Users and/or Groups from a Role.

Path Parameters

id string RequiredRequired

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Set grants for a Role, removing any grants that are not specified in the request.

Path Parameters

id string RequiredRequired

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_strings string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]

Set Users and/or Groups to a Role, removing any principals that are not specified in the request.

Path Parameters

id string RequiredRequired

Body Parameters

version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

principal_ids string[]

Successful Response

id string

Output only. The ID of the Role.

scope_id string

The ID of the Scope containing this Role.


id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

grant_scope_id string

The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.

principal_ids string[]

id string

Output only. The ID of the principal.

type string

Output only. The type of the principal.

scope_id string

Output only. The Scope of the principal.

grant_strings string[]

raw string

Output only. The original user-supplied string.

canonical string

Output only. The canonically-formatted string.


id string

Output only. The ID, if set.

type string

Output only. The type, if set.

actions string[]
authorized_actions string[]
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)