Enterprise Role Commands

Manage enterprise roles.

Usage

enterprise-role command [--options] OR er command [--option]

Alias: er

Commands

Command

Description

Alias

view

View enterprise role

v

add

Create enterprise role(s)

a

edit

Edit enterprise role(s)

e

delete

Delete enterprise role(s)

admin

Manage enterprise admin role

membership

Manage enterprise role membership

m

copy

Copy role with enforcements

Enterprise Role view Command

View enterprise role.

Dotnet CLI

Command: enterprise-role name

Example:

My Vault> enterprise-role view "IT Admin" OR er view "IT Admin"

DotNet SDK

Data can be retrieved from RoleData

Function: RoleData

 public interface IRoleDataManagement

Example:

await roleData.Enterprise.Load();

PowerCommander

Command: Get-KeeperEnterpriseRole

Syntax:

Get-KeeperEnterpriseRole [[-RoleId] <long>] [<CommonParameters>]

Aliases: ker

Parameters:

-RoleId - Role ID (optional, lists all if omitted)

Examples:

# List all roles
Get-KeeperEnterpriseRole
ker

# Get specific role
Get-KeeperEnterpriseRole -RoleId 123453e

Command: Get-KeeperEnterpriseRoleUsers / Get-KeeperEnterpriseRoleTeams

Get role members

Syntax:

Get-KeeperEnterpriseRoleUsers [-RoleId] <long> [<CommonParameters>]
Get-KeeperEnterpriseRoleTeams [-RoleId] <long> [<CommonParameters>]

Aliases: keru, kert

Parameters:

-RoleId - Role ID (required)

Examples:

# Get users in role
Get-KeeperEnterpriseRoleUsers -RoleId 12345
keru 12345

# Get teams in role
Get-KeeperEnterpriseRoleTeams -RoleId 12345
kert 12345

Python CLI

Command: enterprise-role view

Parameter:

role - Role Name or ID (required)

Flag:

-v, --verbose - Print verbose information
--format - Output format: json
--output - Output filename

Python SDK

Function:

if isinstance(role_name, int):
    role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
    if role_name.isnumeric():
        role = enterprise_data.roles.get_entity(int(role_name))
    if not role:
        role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]

Enterprise Role Add Command

Create enterprise role(s).

Dotnet CLI

Command: enterprise-role add "Role Name" --node "Node Name" OR er add "Role Name" --node "Node Name"

Example:

My Vault> enterprise-role add "Help Desk" --node "IT Department"
OR 
er add "Help Desk" --node "IT Department"

DotNet SDK

Function: CreateRole

Task<EnterpriseRole> CreateRole(string roleName, long nodeId, bool newUserInherit);

Example:

await roleData.CreateRole(arguments.Role, nodeId, arguments.NewUser);

PowerCommander

Command: New-KeeperEnterpriseNode

Aliases: keradd

Parameters:

Parameter

Required

Description

-Role

Yes

Role name(s). Can specify multiple roles.

-Parent

Parent node name or ID. Defaults to root node.

-NewUser

Assign role to new users. Values: on, off. Default: off.

-VisibleBelow

Make role visible to subnodes. Values: on, off. Default: off.

-Enforcement

Role enforcement in KEY:VALUE format. Can be repeated. list can be found here

-Force

Skip confirmation when role name already exists.

Example:

PS> New-KeeperEnterpriseRole -Parent test_node_updated2 -Role PowerShellTest -NewUser on -VisibleBelow on -Enforcement "RESTRICT_IMPORT:True","RESTRICT_EXPORT:True"
Role with name "PowerShellTest" already exists. Do you want to create a new one? (Yes/No): yes
Role "PowerShellTest" created successfully (ID: 894448862131)

Id              DisplayName    NodeName           NewUserInherit Users Teams IsAdminRole
--              -----------    --------           -------------- ----- ----- -----------
894448862131    PowerShellTest test_node_updated2       X          0     0        -

Python CLI

Command: enterprise-role add

Parameter:

role - Role Name. Can be repeated. (required)

Flag:

--parent - Parent node name or ID
--new-user - Assign this role to new users: on or off
--visible-below - Visible to all nodes. 'add' only: on or off
--enforcement - Sets role enforcement. Format: KEY:VALUE. Can be repeated.
-f, --force - Do not prompt for confirmation

Python SDK

Function:

from keepersdk.enterprise import batch_management,  enterprise_management

roles = list['names of roles to add']
role_lookup: Dict[str, Union[enterprise_types.Role, List[enterprise_types.Role]]] = {}

for role in e_data.roles.get_all_entities():
    role_lookup[str(role.role_id)] = role
    if role.name:
        role_name = role.name.lower()
        n = role_lookup.get(role_name)
        if n is None:
            role_lookup[role_name] = role
        elif isinstance(n, list):
            n.append(role)
        elif isinstance(n, enterprise_types.Role):
            role_lookup[role_name] = [n, role]
            
role_names: Optional[Dict[str, str]] = None
if isinstance(roles, list):
    role_names = {x.lower(): x for x in roles}
    for role_key, role_name in list(role_names.items()):
        r = role_lookup.get(role_key)
        if r is not None:
            skip = False
            if isinstance(r, enterprise_types.Role):
                r = [r]
            for r1 in r:
                if r1.node_id == parent_node_id:
                    logging.info('Role \"%s\" already exists', r1.name)
                    skip = True
                    break
            if skip:
                del role_names[role_key]
                
roles_to_add = [enterprise_management.RoleEdit(
    role_id=enterprise_loader.get_enterprise_id(), name=x, node_id=parent_node_id,
    new_user_inherit=apply_to_new_user, visible_below=visible_to_all_nodes)
    for x in role_names.values()]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
batch.modify_roles(to_add=roles_to_add)
batch.apply()

Enterprise Role Edit Command

Edit enterprise role(s).

DotNet CLI

Command: enterprise-role update

Usage : enterprise-role update role-name --flags=values

flags:

Parameter

Description

-new-user

Set role as default for new users in the node

-visible-below

Set role visibility to subnodes

-new-role-name

New role display name

Example:

My Vault> enterprise-role update Analyst --new-user=true --visible-below=true
Role "Analyst" updated successfully.
        Role Name:  Analyst
    Visible Below:  X
 New User Inherit:  X   

My Vault> enterprise-role update Test1 --new-user=false --visible-below=false
Role "Test1" updated successfully.
        Role Name:  Test1
    Visible Below:  -    
 New User Inherit:  -

DotNet SDK

Function: UpdateRole

Usage:

public async Task<EnterpriseRole> UpdateRole(EnterpriseRole role, bool? newUserInherit = null, bool? visibleBelow = null, string displayName = null)

Parameters:

Description

newUserInherit

Sets the current role we are editing as a default role

visibleBelow

Set role visibility to subnodes. If null, property is not changed

displayName

New role display name. If null, property is not changed.

Example:

roleData.UpdateRole(
                updateParams['newUserInherit'],
                updateParams['visibleBelow'],
                updateParams['displayName']
            )

PowerCommander

Command: Set-KeeperEnterpriseRole

Usage: Set-KeeperEnterpriseRole <Role Name> -NewUserInherit $true

Options:

Parameter

Description

-Role

Role Name, ID, or EnterpriseRole object (mandatory)

-NewUserInherit

Set role as default for new users in the node

-VisibleBelow

Set role visibility to subnodes

-NewDisplayName

New role display name

Example:

PS> Set-KeeperEnterpriseRole Test1 -NewUserInherit $true
Role "Test1" updated successfully

Id              DisplayName NodeName   NewUserInherit Users Teams IsAdminRole
--              ----------- --------   -------------- ----- ----- -----------
894122414228537 Test1       Metronlabs       X          1     0        -

Python CLI

Command: enterprise-role edit

Parameter:

role - Role Name or ID. Can be repeated. (required)

Flag:

--parent - Parent node name or ID
--name, --displayname - Set role display name
--new-user - Assign this role to new users: on or off
--visible-below - Visible to all nodes: on or off
--enforcement - Sets role enforcement. Format: KEY:VALUE. Can be repeated.

Python SDK

Function:

from keepersdk.enterprise import batch_management,  enterprise_management

if isinstance(role_name, int):
    role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
    if role_name.isnumeric():
        role = enterprise_data.roles.get_entity(int(role_name))
    if not role:
        role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]

role_list = [role]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)

roles_to_update = [enterprise_management.RoleEdit(
    role_id=x.role_id, name=role_name, node_id=parent_id,
    new_user_inherit=new_user_inherit, visible_below=visible_below)
    for x in role_list]
batch.modify_roles(to_update=roles_to_update
batch.apply()

Enterprise Role Delete Command

Delete enterprise role(s).

DotNet CLI

Command: enterprise-role delete <"Role name"> OR er delete <"Role name">

Example:

My Vault> enterprise-role delete "Help Desk"

DotNet SDK

Function: DeleteRole()

Usage:

public async Task DeleteRole(EnterpriseRole role)

Example:

 await roleData.DeleteRole(role)

PowerCommander

Command : Remove-KeeperEnterpriseRole

Aliases : kerdel

Example:

PS> Remove-KeeperEnterpriseRole PowerShellTest                

Confirm
Are you sure you want to perform this action?
Performing the operation "Delete Enterprise Role" on target "Role "PowerShellTest" (ID: 894448414228628)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A
Role "PowerShellTest" (ID: 894448414228628) deleted successfully

Python CLI

Command: enterprise-role delete

Parameter:

role - Role Name or ID. Can be repeated. (required)

Python SDK

Function:

from keepersdk.enterprise import batch_management,  enterprise_management

if isinstance(role_name, int):
    role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
    if role_name.isnumeric():
        role = enterprise_data.roles.get_entity(int(role_name))
    if not role:
        role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]

role_list = [role]
batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)

batch.modify_roles(to_remove=(enterprise_management.RoleEdit(role_id=x.role_id) for x in role_list))
batch.apply()

Enterprise Role Admin Command

Manage enterprise admin role.

DotNet CLI

Command : enterprise-role add-users-to-admin-role <Role name> <Username> OR

er add-users-to-admin-role <Role name> <Username>

Example :

enterprise-role add-users-to-admin-role "Administrator" "[email protected]"

DotNet SDK

Function: AddUserToAdminRole

Usage:

public async Task AddUserToAdminRole(EnterpriseRole role, EnterpriseUser user)

PowerCommander

Command: Get-KeeperEnterpriseAdminRole

Get roles with admin privileges for user

Syntax:

Get-KeeperEnterpriseAdminRole [-Email] <string> [<CommonParameters>]

Aliases: kerap

Parameters:

-Email - User email

Examples:

Get-KeeperEnterpriseAdminRole
OR
Get-KeeperEnterpriseAdminRole -Email "[email protected]"
kerap "[email protected]"

Python CLI

Command: enterprise-role admin

Parameter:

role - Role Name or ID (required)

Flag:

-aa, --add-admin - Add managed node to role. Can be repeated.
-ra, --remove-admin - Remove managed node from role. Can be repeated.
-ap, --add-privilege - Add privilege to managed node. Can be repeated.
-rp, --remove-privilege - Remove privilege from managed node. Can be repeated.
--cascade - Apply to the child nodes. "--add-admin" only: on or off

Python SDK

Function:

from keepersdk.enterprise import batch_management,  enterprise_management

batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)

if isinstance(role_name, int):
    role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
    if role_name.isnumeric():
        role = enterprise_data.roles.get_entity(int(role_name))
    if not role:
        role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]

existing_nodes = {x.managed_node_id: x for x in enterprise_data.managed_nodes.get_links_by_subject(role.role_id)}

nodes_to_add_admin = ['list of nodes']
nodes_to_remove_admin = ['list of nodes']

nodes_to_add_admin: Optional[List[enterprise_types.Node]] = None
nodes_to_remove_admin: Optional[List[enterprise_types.Node]] = None
cascade: Optional[bool] = None
add_admins = ['nodes']
if isinstance(add_admins, list):
    for admin in add_admins:
        if isintance(admin, int):
            node = enterprise_data.nodes.get_entity(admin)
        elif isintance(admin, str):
            node = [node for node in enterprise_data.nodes.get_all_entities() if node.name.lower() == admin]
        nodes_to_add_admin.append(node)

remove_admins = ['nodes']
if isinstance(remove_admins, list):
    for admin in remove_admins:
        if isintance(admin, int):
            node = enterprise_data.nodes.get_entity(admin)
        elif isintance(admin, str):
            node = [node for node in enterprise_data.nodes.get_all_entities() if node.name.lower() == admin]
        nodes_to_remove_admin.append(node)

add_privileges = ['privileges to be granted']
remove_priviliges = ['privileges to be removed']
if nodes_to_add_admin is not None:
    aps: Optional[Set[str]] = None
    rps: Optional[Set[str]] = None
    if isinstance(add_privileges, list):
        privilege = enterprise_types.RolePrivileges(role_id=0, managed_node_id=0)
        for p in add_privileges:
            if not privilege.set_by_name(p, True):
                logger.info('Invalid privilege "%s"', p)
        aps = privilege.to_set()

    if isinstance(remove_privileges, list):
        privilege = enterprise_types.RolePrivileges(role_id=0, managed_node_id=0)
        for p in remove_privileges:
            if not privilege.set_by_name(p, False):
                logger.info('Invalid privilege "%s"', p)
        rps = privilege.to_set()

    for node in nodes_to_add_admin:
        mne = enterprise_management.ManagedNodeEdit(
            role_id=role.role_id, managed_node_id=node.node_id, cascade_node_management=cascade)
        if aps and len(aps) > 0:
            if mne.privileges is None:
                mne.privileges = {}
            for p in aps:
                mne.privileges[p] = True
        if rps and len(rps) > 0:
            if mne.privileges is None:
                mne.privileges = {}
            for p in rps:
                mne.privileges[p] = False
        if node.node_id in existing_nodes:
            en = existing_nodes[node.node_id]
            assert en
            if (isinstance(cascade, bool) and en.cascade_node_management != cascade) or aps or rps:
                batch.modify_managed_nodes(to_update=[mne])
        else:
            batch.modify_managed_nodes(to_add=[mne])

if nodes_to_remove_admin is not None:
    for node in nodes_to_remove_admin:
        if node.node_id in existing_nodes:
            batch.modify_managed_nodes(to_remove=[enterprise_management.ManagedNodeEdit(
                role_id=role.role_id, managed_node_id=node.node_id)])

batch.apply()

Enterprise Role Membership Command

Manage enterprise role membership.

DotNet CLI

Command: enterprise-role add-members "Role Name"

Aliases: er

Example:

My Vault> enterprise-role add-members "IT Admin" [email protected]
My Vault> enterprise-role remove-members "IT Admin" [email protected]

DotNet SDK

Function:

AddUserToAdminRole - To add user as admin

RemoveUserFromRole - To remove admin role from user

Examples:

public async Task AddUserToAdminRole(EnterpriseRole role, EnterpriseUser user)

 public async Task RemoveUserFromRole(EnterpriseRole role, EnterpriseUser user)

PowerCommander

Add Users to a given Role

Command: Grant-KeeperEnterpriseRoleToUser

Aliases: kerua

Flags:

-Role : Role Name, ID, or EnterpriseRole object
-User : User email, ID, or EnterpriseUser object

Example:

PS > Grant-KeeperEnterpriseRoleToUser -Role "Administrator Role" -User "[email protected]"
User "[email protected]" added to role "Administrator Role"

Remove Users from a given role:

Command: Revoke-KeeperEnterpriseRoleFromUser

Aliases: kerur

Flags:

-Role : Role Name, ID, or EnterpriseRole object
-User : User email, ID, or EnterpriseUser object

Example:

PS > Revoke-KeeperEnterpriseRoleFromUser -Role "Administrator Role" -User "[email protected]"
User "[email protected]" removed from role "Administrator Role"

Python CLI

Command: enterprise-role membership

Parameter:

role - Role Name or ID (required)

Options: -h, --help show this help message and exit -au, --add-user EMAIL - add user to role. Can be repeated. -ru, --remove-user EMAIL - remove user (Email, User ID, @all) from role. Can be repeated. -at, --add-team TEAM - add team to role. Can be repeated. -rt, --remove-team TEAM - remove team (Name, Team UID, @all) from role. Can be repeated.

Warning: This action cannot be undone and will remove all users, roles, teams, and subnodes.

Python SDK

Function:

from keepersdk.enterprise import batch_management,  enterprise_management

if isinstance(role_name, int):
    role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
    if role_name.isnumeric():
        role = enterprise_data.roles.get_entity(int(role_name))
    if not role:
        role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]

role_list = [role]
users_to_add: Optional[List[enterprise_types.User]] = None
teams_to_add: Optional[List[enterprise_types.Team]] = None
users_to_remove: Optional[List[enterprise_types.User]] = None
teams_to_remove: Optional[List[enterprise_types.Team]] = None
add_users = ['list of user to add']
add_teams = ['list of teams to add']
remove_users = ['list of user to remove']
has_remove_all_users: bool = False
remove_teams = ['list of teams to remove']
has_remove_all_teams: bool = False

if isinstance(add_users, list):
    for add_user in add_users:
        user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == add_user.lower()]
        users_to_add.append(user)
if isinstance(add_teams, list):
    team_lookup: Dict[str, Union[enterprise_types.Team, List[enterprise_types.Team]]] = {}
    for team in enterprise_data.teams.get_all_entities():
        team_lookup[team.team_uid] = team
        team_name = team.name.lower()
        t = team_lookup.get(team_name)
        if t is None:
            team_lookup[team_name] = team
        elif isinstance(t, list):
            t.append(team)
        elif isinstance(t, enterprise_types.Team):
            team_lookup[team_name] = [t, team]

    found_teams: Dict[str, enterprise_types.Team] = {}
    t: Optional[enterprise_types.Team]
    for team_name in add_teams:
        t = None
        if isinstance(team_name, str):
            t = enterprise_data.teams.get_entity(team_name)
            if t is None:
                tt = team_lookup.get(team_name.lower())
                if isinstance(tt, list):
                    if len(tt) == 1:
                        t = tt[0]
                    elif len(tt) >= 2:
                        continue
                elif isinstance(tt, enterprise_types.Team):
                    t = tt
        if t is None:
            continue
        found_teams[t.team_uid] = t
    teams_to_add = list(found_teams.values())
if isinstance(remove_users, list):
    has_remove_all_users = any((True for x in remove_users if x == '@all'))
    if not has_remove_all_users:
        for remove_user in remove_users:
            user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == remove_user.lower()]
            users_to_remove.append(user)
if isinstance(remove_teams, list):
    has_remove_all_teams = any((True for x in remove_teams if x == '@all'))
    if not has_remove_all_teams:

        team_lookup: Dict[str, Union[enterprise_types.Team, List[enterprise_types.Team]]] = {}
        for team in enterprise_data.teams.get_all_entities():
            team_lookup[team.team_uid] = team
            team_name = team.name.lower()
            t = team_lookup.get(team_name)
            if t is None:
                team_lookup[team_name] = team
            elif isinstance(t, list):
                t.append(team)
            elif isinstance(t, enterprise_types.Team):
                team_lookup[team_name] = [t, team]

        found_teams: Dict[str, enterprise_types.Team] = {}
        t: Optional[enterprise_types.Team]
        for team_name in remove_teams:
            t = None
            if isinstance(team_name, str):
                t = enterprise_data.teams.get_entity(team_name)
                if t is None:
                    tt = team_lookup.get(team_name.lower())
                    if isinstance(tt, list):
                        if len(tt) == 1:
                            t = tt[0]
                        elif len(tt) >= 2:
                            continue
                    elif isinstance(tt, enterprise_types.Team):
                        t = tt
            if t is None:
                continue
            found_teams[t.team_uid] = t
        teams_to_remove = list(found_teams.values())

batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
for role in role_list:
    existing_users = {x.enterprise_user_id for x in enterprise_data.role_users.get_links_by_subject(role.role_id)}
    existing_teams = {x.team_uid for x in enterprise_data.role_teams.get_links_by_subject(role.role_id)}
    if users_to_add:
        users_to_add = [x for x in users_to_add if x.enterprise_user_id not in existing_users]
        if users_to_add:
            batch.modify_role_users(to_add=[enterprise_management.RoleUserEdit(
                role_id=role.role_id, enterprise_user_id=x.enterprise_user_id) for x in users_to_add])
    if teams_to_add:
        teams_to_add = [x for x in teams_to_add if x.team_uid not in existing_teams]
        if teams_to_add:
            batch.modify_role_teams(to_add=[enterprise_management.RoleTeamEdit(
                role_id=role.role_id, team_uid=x.team_uid) for x in teams_to_add])
    if has_remove_all_users:
        batch.modify_role_users(to_remove=[enterprise_management.RoleUserEdit(
            role_id=role.role_id, enterprise_user_id=x) for x in existing_users])
    elif users_to_remove:
        batch.modify_role_users(to_remove=[enterprise_management.RoleUserEdit(
            role_id=role.role_id, enterprise_user_id=x.enterprise_user_id) for x in users_to_remove])
    if has_remove_all_teams:
        batch.modify_role_teams(to_remove=[enterprise_management.RoleTeamEdit(
            role_id=role.role_id, team_uid=x) for x in existing_teams])
    elif teams_to_remove:
        batch.modify_role_teams(to_remove=[enterprise_management.RoleTeamEdit(
            role_id=role.role_id, team_uid=x.team_uid) for x in teams_to_remove])

batch.apply()

Enterprise Role Copy Command

Copy role with enforcement.

DotNet CLI

Command:

enterprise-role copy <source-role> --node <target-node> --new-role-name <new-name>

Parameters

Parameter

Required

Description

copy

Yes

Command: must be copy.

<source-role>

Yes

Role name or Role ID to copy from. Must match exactly one role.

--node

Yes

Target node name or Node ID where the new role will be created.

--new-role-name

Yes

Display name for the new role.

Examples:

My Vault> enterprise-role copy "Test2 Role" --node "dev" --new-role-name "third dev 2"
Role "third dev 2" created with enforcements from "Test2 Role" (10 user(s), 2 team(s) copied).

DotNet SDK

Not Implemented

PowerCommander

Command:

Copy-KeeperEnterpriseRole -SourceRole <role> -TargetNode <node> -NewRoleName <name> [-CopyUsers <bool>] [-CopyTeams <bool>] [-Force]

Alias: kercopy

Parameters

Parameter

Type

Required

Default

Description

SourceRole

Object

Yes

—

Role name, Role ID, or EnterpriseRole object to copy from.

TargetNode

String

Yes

—

Target node name or Node ID where the new role will be created.

NewRoleName

String

Yes

—

Display name for the new role.

CopyUsers

Boolean

$true

Copy users from the source role to the new role.

CopyTeams

Boolean

$true

Copy teams from the source role to the new role.

Force

Switch

—

Reload enterprise data before running.

Examples:

PowerCommander> Copy-KeeperEnterpriseRole -SourceRole "Test2 Role" -TargetNode "dev" -NewRoleName "second dev"
Role "second dev" created with enforcements from "Test2 Role" (10 user(s), 4 team(s) copied).

Python CLI

Command: enterprise-role copy

Parameter:

role - Role Name or ID (required)

Flag:

--node - New role node name or ID (required)
--name, --displayname - New role name (required)

Python SDK

Function:

from keepersdk.enterprise import batch_management,  enterprise_management

if isinstance(role_name, int):
    role = enterprise_data.roles.get_entity(role_name)
elif isinstance(role_name, str):
    if role_name.isnumeric():
        role = enterprise_data.roles.get_entity(int(role_name))
    if not role:
        role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()]

node_id = 'node uid or name'
if isintance(node_id, int):
    node = enterprise_data.nodes.get_entity(node_id)
elif isintance(node_id, str):
    node = [node for node in enterprise_data.nodes.get_all_entities() if node.name.lower() == node_id]
    
role_name = 'name for role copy'

batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger)
role_id = enterprise_loader.get_enterprise_id()
role_to_add = enterprise_management.RoleEdit(role_id=role_id, node_id=node.node_id, name=role_name, visible_below=role.visible_below,
                                                new_user_inherit=role.new_user_inherit)
batch.modify_roles(to_add=[role_to_add])

enforcements = [enterprise_management.RoleEnforcementEdit(role_id=role_id, name=x.enforcement_type, value=x.value)
                for x in enterprise_data.role_enforcements.get_links_by_subject(role.role_id)]
batch.modify_role_enforcements(enforcements=enforcements)
batch.apply()

Enterprise Role Team Management Command

This command assigns or unassigne a role to team

DotNet CLI

Command: enterprise-role

Add Team to a Role:

Action: add-members

Flags:

--help : Display this help screen.
--version : Display version information.
value pos. 0 : KSM command: "add-members"
value pos. 1 : Role Name or ID
value pos. 2 : User Email, User ID, Team Name, or Team UID (space-separated list)

Example:

My Vault > enterprise-role add-members "Administrator Role" "Engineering Team"
Adding members to role "Administrator Role"
Team: "Engineering Team" : Success

Remove Team from a Role:

Action: remove-members

Flags:

--help : Display this help screen.
--version : Display version information.
value pos. 0 : KSM command: "remove-members"
value pos. 1 : Role Name or ID
value pos. 2 : User Email, User ID, Team Name, or Team UID (space-separated list)

Example:

My Vault > enterprise-role remove-members "Administrator Role" "Engineering Team"
Removing members from role "Administrator Role"
Team: "Engineering Team" : Success

DotNet SDK

Add Team to a Role:

Function: AddTeamToRole

Task AddTeamToRole(EnterpriseRole role, EnterpriseTeam team);

Arguments:

role - EnterpriseRole object representing the role to which the team will be added

team - EnterpriseTeam object representing the team to be added to the role

Remove Team from a Role:

Function: RemoveTeamFromRole

Task RemoveTeamFromRole(EnterpriseRole role, EnterpriseTeam team);

Arguments:

role - EnterpriseRole object representing the role from which the team will be removed

team - EnterpriseTeam object representing the team to be removed from the role

PowerCommander

Add Team to a Role:

Command: Grant-KeeperEnterpriseRoleToTeam

Aliases: kerta

Flags:

-Role : Role Name, ID, or EnterpriseRole object
-Team : Team UID, Name, or EnterpriseTeam object

Example:

PS > Grant-KeeperEnterpriseRoleToTeam -Role "Administrator Role" -Team "Engineering Team"
Team "Engineering Team" added to role "Administrator Role"

Remove Team from a Role:

Command: Revoke-KeeperEnterpriseRoleFromTeam

Aliases: kertr

Flags:

-Role : Role Name, ID, or EnterpriseRole object
-Team : Team UID, Name, or EnterpriseTeam object

Example:

PS > Revoke-KeeperEnterpriseRoleFromTeam -Role "Administrator Role" -Team "Engineering Team"
Team "Engineering Team" removed from role "Administrator Role"

Enterprise Role Managed Node Add Command

This command/function helps to add a managed node to a role.

DotNet CLI

imCommand: enterprise-role <action> roll_name --node=<node_name> --cascade OR er <action> roll_name --node=<node_name> --cascade

Parameter:

roll_name - Role name or ID.

node_name - Node name or ID.

cascade - cascade includes it is true else false

Examples:

My Vault> enterprise-role managed-node-add "Test4" --node="Test1" --cascade

Reference:

hashtagUsage

hashtagCommands

hashtag Enterprise Role view Command

hashtagEnterprise Role Add Command

hashtagEnterprise Role Edit Command

hashtagEnterprise Role Delete Command

hashtagEnterprise Role Admin Command

hashtagEnterprise Role Membership Command

hashtagEnterprise Role Copy Command

hashtagParameters

hashtagParameters

hashtagEnterprise Role Team Management Command

hashtagEnterprise Role Managed Node Add Command

hashtagEnterprise Role Managed Node Update Command

hashtagEnterprise Role Managed Node Delete Command

hashtagEnterprise Role Managed Node Privileges Add Command

hashtagEnterprise Role Managed Node Privileges Remove Command

hashtagEnterprise Role Add Enforcement Policies Command

hashtagEnterprise Role Update Enforcement Policies Command

hashtagEnterprise Role Remove Enforcement Policies Command

Usage

Commands

Enterprise Role view Command

Enterprise Role Add Command

Enterprise Role Edit Command

Enterprise Role Delete Command

Enterprise Role Admin Command

Enterprise Role Membership Command

Enterprise Role Copy Command

Parameters

Parameters

Enterprise Role Team Management Command

Enterprise Role Managed Node Add Command

Enterprise Role Managed Node Update Command

Enterprise Role Managed Node Delete Command

Enterprise Role Managed Node Privileges Add Command

Enterprise Role Managed Node Privileges Remove Command

Enterprise Role Add Enforcement Policies Command

Enterprise Role Update Enforcement Policies Command

Enterprise Role Remove Enforcement Policies Command