Skip to content

trimble.iam.roles.get

Namespace Reference

Definition

Provides a function to get roles assigned to an user from the IAM (Identity and access management).

trimble.iam.roles.get

trimble.iam.roles.get(userId, on, scopedToApplicationId, token)

Parameters

userId string The user ID for which to retrieve roles.

on string The on query parameter used to specific the entity(application/account/group) on which operations should be performed.

scopedToApplicationId string The scopedToApplicationId query string used to specify the application the entity should be scoped to.

token string The access token used to authenticate the request. This is typically the user’s JSON Web Token acquired from Trimble Identity.

Returns

A Rego array containing all roles for the user.

[
{
"id": "string",
"name": "string",
"description": "string",
"permissions": [
{
"id": "string",
"name": "string",
"description": "string"
}
]
}
]

Remarks

IAM Environment Configuration

The IAM environment takes the value of the TAM environment. Ensure that the TAM environment is correctly configured to reflect the desired settings for IAM.

Token

The token argument must be a valid JWT. In most cases, we recommend using the existing methods to inject tokens as part of the request to the appliance decision endpoint (see Input query format). The appliance validates all tokens that are injected via the POST request.

For example, specifying bearer authentication for the auth member of the POST request body of the decision API will allow you to access the token in Rego as input.caller_auth.jwt. The JWT used to authenticate the request to the appliance is also accessible via input.appliance_auth.jwt.

Errors

This built-in exits immediately if any errors are encountered during policy evaluation and returns a 500 status with error details from the appliance decision endpoint. These errors include:

  • Any non-2xx or invalid response from EMS. This built-in expects the response from EMS to contain a 2xx status code and a valid JSON body that contains paginated results.
  • Invalid Rego arguments.

Endpoints

The following base URLs are used for obtaining user roles from IAM:

EnvironmentURL
stagehttps://cloud.stage.api.trimblecloud.com/platform/iam/1.0
prodhttps://cloud.api.trimble.com/platform/iam/1.0

Caching

You can specify caching directives for data obtained from IAM during package registration. No data is cached by default unless cache durations for the URLs above are specified during package registration.

Query Parameters

on

Format: Trn

Possible values: Value must match regular expression

trn:2:iam:us:(account|application|group):[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}

Example: trn:2:iam:us:account:12345678-1234-1234-1234-123456789012

scopedToApplicationId

Format: uuid

Example: 12345678-1234-1234-1234-123456789012