Command: enterprise-role add "Role Name" --node "Node Name" OR er add "Role Name" --node "Node Name"
Example:
DotNet SDK
Function: CreateRole
Example:
PowerCommander
Not Implemented
Python CLI
Command: enterprise-role add
Parameter:
role - Role Name. Can be repeated. (required)
Flag:
--parent - Parent node name or ID
--new-user - Assign this role to new users: on or off
--visible-below - Visible to all nodes. 'add' only: on or off
--enforcement - Sets role enforcement. Format: KEY:VALUE. Can be repeated.
-f, --force - Do not prompt for confirmation
Python SDK
Function:
Enterprise Role Edit
Edit enterprise role(s).
Dotnet CLI
Not Implemented
DotNet SDK
Not Implemented
PowerCommander
Not Implemented
Python CLI
Command: enterprise-role edit
Parameter:
role - Role Name or ID. Can be repeated. (required)
Flag:
--parent - Parent node name or ID
--name, --displayname - Set role display name
--new-user - Assign this role to new users: on or off
--visible-below - Visible to all nodes: on or off
--enforcement - Sets role enforcement. Format: KEY:VALUE. Can be repeated.
Python SDK
Function:
Enterprise Role Delete
Delete enterprise node(s).
Dotnet CLI
Command: enterprise-role delete <"Node name"> OR er delete <"Node name">
Example:
DotNet SDK
Function:DeleteRole()
Usage:
Example:
PowerCommander
Not Implemented
Python CLI
Command: enterprise-node delete
Parameter:
role - Role Name or ID. Can be repeated. (required)
Python SDK
Function:
Enterprise Role Admin
Manage enterprise admin role.
Dotnet CLI
Not Implemented
DotNet SDK
Function:AddUserToAdminRole
Usage:
PowerCommander
Command: Get-KeeperEnterpriseAdminRole
Get roles with admin privileges for user
Syntax:
Aliases:kerap
Parameters:
-Email - User email
Examples:
Python CLI
Command: enterprise-role admin
Parameter:
role - Role Name or ID (required)
Flag:
-aa, --add-admin - Add managed node to role. Can be repeated.
-ra, --remove-admin - Remove managed node from role. Can be repeated.
-ap, --add-privilege - Add privilege to managed node. Can be repeated.
-rp, --remove-privilege - Remove privilege from managed node. Can be repeated.
--cascade - Apply to the child nodes. "--add-admin" only: on or off
Python SDK
Function:
Enterprise Role Membership
Manage enterprise role membership.
Dotnet CLI
Command: enterprise-role add-members "Role Name"
Aliases: er
Example:
DotNet SDK
Function:
AddUserToAdminRole - To add user as admin
RemoveUserFromRole - To remove admin role from user
Examples:
PowerCommander
Not Implemented
Python CLI
Command: enterprise-role membership
Parameter:
node - Node Name or ID (required)
Options:
-h, --help show this help message and exit
-au, --add-user EMAIL - add user to role. Can be repeated.
-ru, --remove-user EMAIL - remove user (Email, User ID, @all) from role. Can be repeated.
-at, --add-team TEAM - add team to role. Can be repeated.
-rt, --remove-team TEAM - remove team (Name, Team UID, @all) from role. Can be repeated.
Warning: This action cannot be undone and will remove all users, roles, teams, and subnodes.
# Get users in role
Get-KeeperEnterpriseRoleUsers -RoleId 12345
keru 12345
# Get teams in role
Get-KeeperEnterpriseRoleTeams -RoleId 12345
kert 12345
if isinstance(role_name, int):
role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
if role_name.isnumeric():
role = enterprise_data.roles.get_entity(int(role_name))
if not role:
role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]
My Vault> enterprise-role add "Help Desk" --node "IT Department"
OR
er add "Help Desk" --node "IT Department"
Task<EnterpriseRole> CreateRole(string roleName, long nodeId, bool newUserInherit);
from keepersdk.enterprise import batch_management, enterprise_management
roles = list['names of roles to add']
role_lookup: Dict[str, Union[enterprise_types.Role, List[enterprise_types.Role]]] = {}
for role in e_data.roles.get_all_entities():
role_lookup[str(role.role_id)] = role
if role.name:
role_name = role.name.lower()
n = role_lookup.get(role_name)
if n is None:
role_lookup[role_name] = role
elif isinstance(n, list):
n.append(role)
elif isinstance(n, enterprise_types.Role):
role_lookup[role_name] = [n, role]
role_names: Optional[Dict[str, str]] = None
if isinstance(roles, list):
role_names = {x.lower(): x for x in roles}
for role_key, role_name in list(role_names.items()):
r = role_lookup.get(role_key)
if r is not None:
skip = False
if isinstance(r, enterprise_types.Role):
r = [r]
for r1 in r:
if r1.node_id == parent_node_id:
logging.info('Role \"%s\" already exists', r1.name)
skip = True
break
if skip:
del role_names[role_key]
roles_to_add = [enterprise_management.RoleEdit(
role_id=enterprise_loader.get_enterprise_id(), name=x, node_id=parent_node_id,
new_user_inherit=apply_to_new_user, visible_below=visible_to_all_nodes)
for x in role_names.values()]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
batch.modify_roles(to_add=roles_to_add)
batch.apply()
from keepersdk.enterprise import batch_management, enterprise_management
if isinstance(role_name, int):
role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
if role_name.isnumeric():
role = enterprise_data.roles.get_entity(int(role_name))
if not role:
role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]
role_list = [role]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
roles_to_update = [enterprise_management.RoleEdit(
role_id=x.role_id, name=role_name, node_id=parent_id,
new_user_inherit=new_user_inherit, visible_below=visible_below)
for x in role_list]
batch.modify_roles(to_update=roles_to_update
batch.apply()
My Vault> enterprise-role delete "Help Desk"
public async Task DeleteRole(EnterpriseRole role)
await roleData.DeleteRole(role)
from keepersdk.enterprise import batch_management, enterprise_management
if isinstance(role_name, int):
role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
if role_name.isnumeric():
role = enterprise_data.roles.get_entity(int(role_name))
if not role:
role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]
role_list = [role]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
batch.modify_roles(to_remove=(enterprise_management.RoleEdit(role_id=x.role_id) for x in role_list))
batch.apply()
public async Task AddUserToAdminRole(EnterpriseRole role, EnterpriseUser user)
from keepersdk.enterprise import batch_management, enterprise_management
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
if isinstance(role_name, int):
role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
if role_name.isnumeric():
role = enterprise_data.roles.get_entity(int(role_name))
if not role:
role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]
existing_nodes = {x.managed_node_id: x for x in enterprise_data.managed_nodes.get_links_by_subject(role.role_id)}
nodes_to_add_admin = ['list of nodes']
nodes_to_remove_admin = ['list of nodes']
nodes_to_add_admin: Optional[List[enterprise_types.Node]] = None
nodes_to_remove_admin: Optional[List[enterprise_types.Node]] = None
cascade: Optional[bool] = None
add_admins = ['nodes']
if isinstance(add_admins, list):
for admin in add_admins:
if isintance(admin, int):
node = enterprise_data.nodes.get_entity(admin)
elif isintance(admin, str):
node = [node for node in enterprise_data.nodes.get_all_entities() if node.name.lower() == admin]
nodes_to_add_admin.append(node)
remove_admins = ['nodes']
if isinstance(remove_admins, list):
for admin in remove_admins:
if isintance(admin, int):
node = enterprise_data.nodes.get_entity(admin)
elif isintance(admin, str):
node = [node for node in enterprise_data.nodes.get_all_entities() if node.name.lower() == admin]
nodes_to_remove_admin.append(node)
add_privileges = ['privileges to be granted']
remove_priviliges = ['privileges to be removed']
if nodes_to_add_admin is not None:
aps: Optional[Set[str]] = None
rps: Optional[Set[str]] = None
if isinstance(add_privileges, list):
privilege = enterprise_types.RolePrivileges(role_id=0, managed_node_id=0)
for p in add_privileges:
if not privilege.set_by_name(p, True):
logger.info('Invalid privilege "%s"', p)
aps = privilege.to_set()
if isinstance(remove_privileges, list):
privilege = enterprise_types.RolePrivileges(role_id=0, managed_node_id=0)
for p in remove_privileges:
if not privilege.set_by_name(p, False):
logger.info('Invalid privilege "%s"', p)
rps = privilege.to_set()
for node in nodes_to_add_admin:
mne = enterprise_management.ManagedNodeEdit(
role_id=role.role_id, managed_node_id=node.node_id, cascade_node_management=cascade)
if aps and len(aps) > 0:
if mne.privileges is None:
mne.privileges = {}
for p in aps:
mne.privileges[p] = True
if rps and len(rps) > 0:
if mne.privileges is None:
mne.privileges = {}
for p in rps:
mne.privileges[p] = False
if node.node_id in existing_nodes:
en = existing_nodes[node.node_id]
assert en
if (isinstance(cascade, bool) and en.cascade_node_management != cascade) or aps or rps:
batch.modify_managed_nodes(to_update=[mne])
else:
batch.modify_managed_nodes(to_add=[mne])
if nodes_to_remove_admin is not None:
for node in nodes_to_remove_admin:
if node.node_id in existing_nodes:
batch.modify_managed_nodes(to_remove=[enterprise_management.ManagedNodeEdit(
role_id=role.role_id, managed_node_id=node.node_id)])
batch.apply()
public async Task AddUserToAdminRole(EnterpriseRole role, EnterpriseUser user)
public async Task RemoveUserFromRole(EnterpriseRole role, EnterpriseUser user)
from keepersdk.enterprise import batch_management, enterprise_management
if isinstance(role_name, int):
role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
if role_name.isnumeric():
role = enterprise_data.roles.get_entity(int(role_name))
if not role:
role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]
role_list = [role]
users_to_add: Optional[List[enterprise_types.User]] = None
teams_to_add: Optional[List[enterprise_types.Team]] = None
users_to_remove: Optional[List[enterprise_types.User]] = None
teams_to_remove: Optional[List[enterprise_types.Team]] = None
add_users = ['list of user to add']
add_teams = ['list of teams to add']
remove_users = ['list of user to remove']
has_remove_all_users: bool = False
remove_teams = ['list of teams to remove']
has_remove_all_teams: bool = False
if isinstance(add_users, list):
for add_user in add_users:
user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == add_user.lower()]
users_to_add.append(user)
if isinstance(add_teams, list):
team_lookup: Dict[str, Union[enterprise_types.Team, List[enterprise_types.Team]]] = {}
for team in enterprise_data.teams.get_all_entities():
team_lookup[team.team_uid] = team
team_name = team.name.lower()
t = team_lookup.get(team_name)
if t is None:
team_lookup[team_name] = team
elif isinstance(t, list):
t.append(team)
elif isinstance(t, enterprise_types.Team):
team_lookup[team_name] = [t, team]
found_teams: Dict[str, enterprise_types.Team] = {}
t: Optional[enterprise_types.Team]
for team_name in add_teams:
t = None
if isinstance(team_name, str):
t = enterprise_data.teams.get_entity(team_name)
if t is None:
tt = team_lookup.get(team_name.lower())
if isinstance(tt, list):
if len(tt) == 1:
t = tt[0]
elif len(tt) >= 2:
continue
elif isinstance(tt, enterprise_types.Team):
t = tt
if t is None:
continue
found_teams[t.team_uid] = t
teams_to_add = list(found_teams.values())
if isinstance(remove_users, list):
has_remove_all_users = any((True for x in remove_users if x == '@all'))
if not has_remove_all_users:
for remove_user in remove_users:
user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == remove_user.lower()]
users_to_remove.append(user)
if isinstance(remove_teams, list):
has_remove_all_teams = any((True for x in remove_teams if x == '@all'))
if not has_remove_all_teams:
team_lookup: Dict[str, Union[enterprise_types.Team, List[enterprise_types.Team]]] = {}
for team in enterprise_data.teams.get_all_entities():
team_lookup[team.team_uid] = team
team_name = team.name.lower()
t = team_lookup.get(team_name)
if t is None:
team_lookup[team_name] = team
elif isinstance(t, list):
t.append(team)
elif isinstance(t, enterprise_types.Team):
team_lookup[team_name] = [t, team]
found_teams: Dict[str, enterprise_types.Team] = {}
t: Optional[enterprise_types.Team]
for team_name in remove_teams:
t = None
if isinstance(team_name, str):
t = enterprise_data.teams.get_entity(team_name)
if t is None:
tt = team_lookup.get(team_name.lower())
if isinstance(tt, list):
if len(tt) == 1:
t = tt[0]
elif len(tt) >= 2:
continue
elif isinstance(tt, enterprise_types.Team):
t = tt
if t is None:
continue
found_teams[t.team_uid] = t
teams_to_remove = list(found_teams.values())
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
for role in role_list:
existing_users = {x.enterprise_user_id for x in enterprise_data.role_users.get_links_by_subject(role.role_id)}
existing_teams = {x.team_uid for x in enterprise_data.role_teams.get_links_by_subject(role.role_id)}
if users_to_add:
users_to_add = [x for x in users_to_add if x.enterprise_user_id not in existing_users]
if users_to_add:
batch.modify_role_users(to_add=[enterprise_management.RoleUserEdit(
role_id=role.role_id, enterprise_user_id=x.enterprise_user_id) for x in users_to_add])
if teams_to_add:
teams_to_add = [x for x in teams_to_add if x.team_uid not in existing_teams]
if teams_to_add:
batch.modify_role_teams(to_add=[enterprise_management.RoleTeamEdit(
role_id=role.role_id, team_uid=x.team_uid) for x in teams_to_add])
if has_remove_all_users:
batch.modify_role_users(to_remove=[enterprise_management.RoleUserEdit(
role_id=role.role_id, enterprise_user_id=x) for x in existing_users])
elif users_to_remove:
batch.modify_role_users(to_remove=[enterprise_management.RoleUserEdit(
role_id=role.role_id, enterprise_user_id=x.enterprise_user_id) for x in users_to_remove])
if has_remove_all_teams:
batch.modify_role_teams(to_remove=[enterprise_management.RoleTeamEdit(
role_id=role.role_id, team_uid=x) for x in existing_teams])
elif teams_to_remove:
batch.modify_role_teams(to_remove=[enterprise_management.RoleTeamEdit(
role_id=role.role_id, team_uid=x.team_uid) for x in teams_to_remove])
batch.apply()
from keepersdk.enterprise import batch_management, enterprise_management
if isinstance(role_name, int):
role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
if role_name.isnumeric():
role = enterprise_data.roles.get_entity(int(role_name))
if not role:
role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]
node_id = 'node uid or name'
if isintance(node_id, int):
node = enterprise_data.nodes.get_entity(node_id)
elif isintance(node_id, str):
node = [node for node in enterprise_data.nodes.get_all_entities() if node.name.lower() == node_id]
role_name = 'name for role copy'
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
role_id = enterprise_loader.get_enterprise_id()
role_to_add = enterprise_management.RoleEdit(role_id=role_id, node_id=node.node_id, name=role_name, visible_below=role.visible_below,
new_user_inherit=role.new_user_inherit)
batch.modify_roles(to_add=[role_to_add])
enforcements = [enterprise_management.RoleEnforcementEdit(role_id=role_id, name=x.enforcement_type, value=x.value)
for x in enterprise_data.role_enforcements.get_links_by_subject(role.role_id)]
batch.modify_role_enforcements(enforcements=enforcements)
batch.apply()
