# Enterprise Role Commands #### Usage ```bash enterprise-role command [--options] OR er command [--option] ``` **Alias:** `er` #### Commands | Command | Description | Alias | | ------------------------------------------- | --------------------------------- | ----- | | [`view`](#enterprise-role-view) | View enterprise role | `v` | | [`add`](#enterprise-info-tree) | Create enterprise role(s) | `a` | | [`edit`](#enterprise-info-tree-1) | Edit enterprise role(s) | `e` | | [`delete`](#enterprise-info-tree-2) | Delete enterprise role(s) | | | [`admin`](#enterprise-node-invite-email) | Manage enterprise admin role | | | [`membership`](#enterprise-role-membership) | Manage enterprise role membership | `m` | | [`copy`](#enterprise-role-copy) | Copy role with enforcements | | ### Enterprise Role view Command View enterprise role.

Dotnet CLI

**Command:** `enterprise-role name` **Example:** ``` My Vault> enterprise-role view "IT Admin" OR er view "IT Admin" ```

DotNet SDK

Data can be retrieved from `RoleData` **Function:** `RoleData` ```csharp public interface IRoleDataManagement ``` **Example:** ```csharp await roleData.Enterprise.Load(); ```

PowerCommander

**Command**: `Get-KeeperEnterpriseRole` **Syntax:** ```powershell Get-KeeperEnterpriseRole [[-Role] ] [] ``` **Aliases:** `ker` **Parameters:** * `-Name` - User email. * `-Filter` - Search filter. * `-Format` - Output format. * `-Output` - Output file name. **Examples**: ```powershell # List all roles PS> Get-KeeperEnterpriseRole ker # Get specific role PS> Get-KeeperEnterpriseRole -Role 123453e # Search role PS> Get-KeeperEnterpriseRole -Filter Test1 ``` **Command:** `Get-KeeperEnterpriseRoleUsers` / `Get-KeeperEnterpriseRoleTeams` Get role members **Syntax:** ```powershell Get-KeeperEnterpriseRoleUsers [-Role] [] Get-KeeperEnterpriseRoleTeams [-Role] [] ``` **Aliases:** `keru`, `kert` **Parameters:** * `-Role` - Role ID (required) **Examples:** ```powershell # Get users in role Get-KeeperEnterpriseRoleUsers -Role 12345 keru 12345 # Get teams in role Get-KeeperEnterpriseRoleTeams -Role 12345 kert 12345 ```

Python CLI

**Command:** `enterprise-role view` **Parameter**: `role` - Role Name or ID (required) **Flag:** * `-v`, `--verbose` - Print verbose information * `--format` - Output format: `json` * `--output` - Output filename

Python SDK

**Function:** ```python if isinstance(role_name, int): role = enterprise_data.roles.get_entity(role_name) elif isinstance(role_name, str): if role_name.isnumeric(): role = enterprise_data.roles.get_entity(int(role_name)) if not role: role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()] ```

### Enterprise Role Add Command Create enterprise role(s).

Dotnet CLI

**Command:** `enterprise-role add "Role Name" --node "Node Name" OR er add "Role Name" --node "Node Name"` **Example:** ``` My Vault> enterprise-role add "Help Desk" --node "IT Department" OR er add "Help Desk" --node "IT Department" ```

DotNet SDK

**Function:** `CreateRole` ``` Task CreateRole(string roleName, long nodeId, bool newUserInherit); ``` **Example:** ``` await roleData.CreateRole(arguments.Role, nodeId, arguments.NewUser); ```

PowerCommander

**Command:** `New-KeeperEnterpriseRole` **Aliases:** `keradd` **Parameters:**

Parameter	Required	Description
`-Role`	Yes	Role name(s). Can specify multiple roles.
`-ParentNode`	No	Parent node name or ID. Defaults to root node.
`-NewUser`	No	Assign role to new users. Values: `on`, `off`. Default: `off`.
`-VisibleBelow`	No	Make role visible to subnodes. Values: `on`, `off`. Default: `off`.
`-Enforcement`	No	Role enforcement in `KEY:VALUE` format. Can be repeated. list can be found here
`-Force`	No	Skip confirmation when role name already exists.

**Example:** ```powershell PS> New-KeeperEnterpriseRole -ParentNode test_node_updated2 -Role PowerShellTest -NewUser on -VisibleBelow on -Enforcement "RESTRICT_IMPORT:True","RESTRICT_EXPORT:True" Role with name "PowerShellTest" already exists. Do you want to create a new one? (Yes/No): yes Role "PowerShellTest" created successfully (ID: 894448862131) Id DisplayName NodeName NewUserInherit Users Teams IsAdminRole -- ----------- -------- -------------- ----- ----- ----------- 894448862131 PowerShellTest test_node_updated2 X 0 0 - ```

Python CLI

**Command:** `enterprise-role add` **Parameter**: `role` - Role Name. Can be repeated. (required) **Flag:** * `--parent` - Parent node name or ID * `--new-user` - Assign this role to new users: `on` or `off` * `--visible-below` - Visible to all nodes. 'add' only: `on` or `off` * `--enforcement` - Sets role enforcement. Format: `KEY:VALUE`. Can be repeated. * `-f`, `--force` - Do not prompt for confirmation

Python SDK

**Function:** ```python from keepersdk.enterprise import batch_management, enterprise_management roles = list['names of roles to add'] role_lookup: Dict[str, Union[enterprise_types.Role, List[enterprise_types.Role]]] = {} for role in e_data.roles.get_all_entities(): role_lookup[str(role.role_id)] = role if role.name: role_name = role.name.lower() n = role_lookup.get(role_name) if n is None: role_lookup[role_name] = role elif isinstance(n, list): n.append(role) elif isinstance(n, enterprise_types.Role): role_lookup[role_name] = [n, role] role_names: Optional[Dict[str, str]] = None if isinstance(roles, list): role_names = {x.lower(): x for x in roles} for role_key, role_name in list(role_names.items()): r = role_lookup.get(role_key) if r is not None: skip = False if isinstance(r, enterprise_types.Role): r = [r] for r1 in r: if r1.node_id == parent_node_id: logging.info('Role \"%s\" already exists', r1.name) skip = True break if skip: del role_names[role_key] roles_to_add = [enterprise_management.RoleEdit( role_id=enterprise_loader.get_enterprise_id(), name=x, node_id=parent_node_id, new_user_inherit=apply_to_new_user, visible_below=visible_to_all_nodes) for x in role_names.values()] batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger) batch.modify_roles(to_add=roles_to_add) batch.apply() ```

### Enterprise Role Edit Command Edit enterprise role(s).

DotNet CLI

**Command**: `enterprise-role update` **Usage :** `enterprise-role update role-name --flags=values` **flags:**

Parameter	Description
`-new-user`	Set role as default for new users in the node
`-visible-below`	Set role visibility to subnodes
`-new-role-name`	New role display name

**Example:** ```console My Vault> enterprise-role update Analyst --new-user=true --visible-below=true Role "Analyst" updated successfully. Role Name: Analyst Visible Below: X New User Inherit: X My Vault> enterprise-role update Test1 --new-user=false --visible-below=false Role "Test1" updated successfully. Role Name: Test1 Visible Below: - New User Inherit: - ```

DotNet SDK

**Function:** `UpdateRole` **Usage:** ```csharp public async Task UpdateRole(EnterpriseRole role, bool? newUserInherit = null, bool? visibleBelow = null, string displayName = null) ``` **Parameters:**

	Description
`newUserInherit`	Sets the current role we are editing as a default role
`visibleBelow`	Set role visibility to subnodes. If null, property is not changed
`displayName`	New role display name. If null, property is not changed.

\ **Example:** ```csharp roleData.UpdateRole( updateParams['newUserInherit'], updateParams['visibleBelow'], updateParams['displayName'] ) ```

PowerCommander

**Command:** `Set-KeeperEnterpriseRole` **Usage:** `Set-KeeperEnterpriseRole -NewUserInherit $true` **Options:**

Parameter	Description
`-Role`	Role Name, ID, or EnterpriseRole object (mandatory)
`-NewUserInherit`	Set role as default for new users in the node
`-VisibleBelow`	Set role visibility to subnodes
`-NewDisplayName`	New role display name

**Example:** ```powershell PS> Set-KeeperEnterpriseRole Test1 -NewUserInherit $true Role "Test1" updated successfully Id DisplayName NodeName NewUserInherit Users Teams IsAdminRole -- ----------- -------- -------------- ----- ----- ----------- 894122414228537 Test1 Metronlabs X 1 0 - ```

Python CLI

**Command:** `enterprise-role edit` **Parameter**: `role` - Role Name or ID. Can be repeated. (required) **Flag:** * `--parent` - Parent node name or ID * `--name`, `--displayname` - Set role display name * `--new-user` - Assign this role to new users: `on` or `off` * `--visible-below` - Visible to all nodes: `on` or `off` * `--enforcement` - Sets role enforcement. Format: `KEY:VALUE`. Can be repeated.

Python SDK

### Enterprise Role Delete Command Delete enterprise role(s).

DotNet CLI

**Command:** `enterprise-role delete <"Role name"> OR er delete <"Role name">` **Example:** ``` My Vault> enterprise-role delete "Help Desk" ```

DotNet SDK

**Function:** `DeleteRole()` **Usage:** ```csharp public async Task DeleteRole(EnterpriseRole role) ``` **Example:** ```csharp await roleData.DeleteRole(role) ```

PowerCommander

**Command** : `Remove-KeeperEnterpriseRole` **Aliases** : `kerdel` **Parameters:** `-Force` : skips confirmation prompt **Example:** ```powershell PS> Remove-KeeperEnterpriseRole PowerShellTest Confirm Are you sure you want to perform this action? Performing the operation "Delete Enterprise Role" on target "Role "PowerShellTest" (ID: 894448414228628)". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A Role "PowerShellTest" (ID: 894448414228628) deleted successfully ```

Python CLI

**Command:** `enterprise-role delete` **Parameter:** * `role` - Role Name or ID. Can be repeated. (required)

Python SDK

### Enterprise Role Admin Command Manage enterprise admin role.

DotNet CLI

**Command :** `enterprise-role add-users-to-admin-role OR` `er add-users-to-admin-role ` **Example :** ``` enterprise-role add-users-to-admin-role "Administrator" "test@demo.com" ```

DotNet SDK

**Function:** `AddUserToAdminRole` **Usage:** ```csharp public async Task AddUserToAdminRole(EnterpriseRole role, EnterpriseUser user) ```

PowerCommander

The commands are seperated here and have different commands for each functionality check the below commands for details on functionality. | [Add-KeeperEnterpriseRoleManagedNode](#enterprise-role-managed-node-add-command) | | ----------------------------------------------------------------------------------------------- | | [Remove-KeeperEnterpriseRoleManagedNode](#enterprise-role-managed-node-delete-command) | | [Add-KeeperEnterpriseRolePrivilege](#enterprise-role-managed-node-privileges-add-command) | | [Remove-KeeperEnterpriseRolePrivilege](#enterprise-role-managed-node-privileges-remove-command) |

Python CLI

**Command:** `enterprise-role admin` **Parameter**: `role` - Role Name or ID (required) **Flag:** * `-aa`, `--add-admin` - Add managed node to role. Can be repeated. * `-ra`, `--remove-admin` - Remove managed node from role. Can be repeated. * `-ap`, `--add-privilege` - Add privilege to managed node. Can be repeated. * `-rp`, `--remove-privilege` - Remove privilege from managed node. Can be repeated. * `--cascade` - Apply to the child nodes. "--add-admin" only: `on` or `off`

Python SDK

**Function:** ``` from keepersdk.enterprise import batch_management, enterprise_management batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger) if isinstance(role_name, int): role = enterprise_data.roles.get_entity(role_name) elif isinstance(role_name, str): if role_name.isnumeric(): role = enterprise_data.roles.get_entity(int(role_name)) if not role: role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()] existing_nodes = {x.managed_node_id: x for x in enterprise_data.managed_nodes.get_links_by_subject(role.role_id)} nodes_to_add_admin = ['list of nodes'] nodes_to_remove_admin = ['list of nodes'] nodes_to_add_admin: Optional[List[enterprise_types.Node]] = None nodes_to_remove_admin: Optional[List[enterprise_types.Node]] = None cascade: Optional[bool] = None add_admins = ['nodes'] if isinstance(add_admins, list): for admin in add_admins: if isintance(admin, int): node = enterprise_data.nodes.get_entity(admin) elif isintance(admin, str): node = [node for node in enterprise_data.nodes.get_all_entities() if node.name.lower() == admin] nodes_to_add_admin.append(node) remove_admins = ['nodes'] if isinstance(remove_admins, list): for admin in remove_admins: if isintance(admin, int): node = enterprise_data.nodes.get_entity(admin) elif isintance(admin, str): node = [node for node in enterprise_data.nodes.get_all_entities() if node.name.lower() == admin] nodes_to_remove_admin.append(node) add_privileges = ['privileges to be granted'] remove_priviliges = ['privileges to be removed'] if nodes_to_add_admin is not None: aps: Optional[Set[str]] = None rps: Optional[Set[str]] = None if isinstance(add_privileges, list): privilege = enterprise_types.RolePrivileges(role_id=0, managed_node_id=0) for p in add_privileges: if not privilege.set_by_name(p, True): logger.info('Invalid privilege "%s"', p) aps = privilege.to_set() if isinstance(remove_privileges, list): privilege = enterprise_types.RolePrivileges(role_id=0, managed_node_id=0) for p in remove_privileges: if not privilege.set_by_name(p, False): logger.info('Invalid privilege "%s"', p) rps = privilege.to_set() for node in nodes_to_add_admin: mne = enterprise_management.ManagedNodeEdit( role_id=role.role_id, managed_node_id=node.node_id, cascade_node_management=cascade) if aps and len(aps) > 0: if mne.privileges is None: mne.privileges = {} for p in aps: mne.privileges[p] = True if rps and len(rps) > 0: if mne.privileges is None: mne.privileges = {} for p in rps: mne.privileges[p] = False if node.node_id in existing_nodes: en = existing_nodes[node.node_id] assert en if (isinstance(cascade, bool) and en.cascade_node_management != cascade) or aps or rps: batch.modify_managed_nodes(to_update=[mne]) else: batch.modify_managed_nodes(to_add=[mne]) if nodes_to_remove_admin is not None: for node in nodes_to_remove_admin: if node.node_id in existing_nodes: batch.modify_managed_nodes(to_remove=[enterprise_management.ManagedNodeEdit( role_id=role.role_id, managed_node_id=node.node_id)]) batch.apply() ```

### Enterprise Role Membership Command Manage enterprise role membership.

DotNet CLI

**Command:** `enterprise-role add-members "Role Name"` **Aliases**: `er` **Example:** ``` My Vault> enterprise-role add-members "IT Admin" admin1@company.com My Vault> enterprise-role remove-members "IT Admin" admin1@company.com ```

DotNet SDK

**Function:** `AddUserToAdminRole` - To add user as admin `RemoveUserFromRole` - To remove admin role from user **Examples:** ```csharp public async Task AddUserToAdminRole(EnterpriseRole role, EnterpriseUser user) ``` ```csharp public async Task RemoveUserFromRole(EnterpriseRole role, EnterpriseUser user) ```

PowerCommander

**Add Users to a given Role** **Command:** `Grant-KeeperEnterpriseRoleToUser` **Aliases:** `kerua` **Flags:** * `-Role` : Role Name, ID, or EnterpriseRole object * `-User` : User email, ID, or EnterpriseUser object **Example:** ```ps1 PS > Grant-KeeperEnterpriseRoleToUser -Role "Administrator Role" -User "user@example.com" User "user@example.com" added to role "Administrator Role" ``` **Remove Users from a given role:** **Command:** `Revoke-KeeperEnterpriseRoleFromUser` **Aliases:** `kerur` **Flags:** * `-Role` : Role Name, ID, or EnterpriseRole object * `-User` : User email, ID, or EnterpriseUser object **Example:** ```ps1 PS > Revoke-KeeperEnterpriseRoleFromUser -Role "Administrator Role" -User "user@example.com" User "user@example.com" removed from role "Administrator Role" ```

Python CLI

**Command:** `enterprise-role membership` **Parameter:** * `role` - Role Name or ID (required) **Options**:\ `-h, --help` show this help message and exit\ `-au, --add-user` EMAIL - add user to role. Can be repeated.\ `-ru, --remove-user` EMAIL - remove user (Email, User ID, @all) from role. Can be repeated.\ `-at, --add-team` TEAM - add team to role. Can be repeated.\ `-rt, --remove-team` TEAM - remove team (Name, Team UID, @all) from role. Can be repeated. **Warning:** This action cannot be undone and will remove all users, roles, teams, and subnodes.

Python SDK

**Function:** ```python from keepersdk.enterprise import batch_management, enterprise_management if isinstance(role_name, int): role = enterprise_data.roles.get_entity(role_name) elif isinstance(role_name, str): if role_name.isnumeric(): role = enterprise_data.roles.get_entity(int(role_name)) if not role: role = [x for x in enterprise_data.roles.get_all_entities() if x.name.lower() == role_name.lower()] role_list = [role] users_to_add: Optional[List[enterprise_types.User]] = None teams_to_add: Optional[List[enterprise_types.Team]] = None users_to_remove: Optional[List[enterprise_types.User]] = None teams_to_remove: Optional[List[enterprise_types.Team]] = None add_users = ['list of user to add'] add_teams = ['list of teams to add'] remove_users = ['list of user to remove'] has_remove_all_users: bool = False remove_teams = ['list of teams to remove'] has_remove_all_teams: bool = False if isinstance(add_users, list): for add_user in add_users: user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == add_user.lower()] users_to_add.append(user) if isinstance(add_teams, list): team_lookup: Dict[str, Union[enterprise_types.Team, List[enterprise_types.Team]]] = {} for team in enterprise_data.teams.get_all_entities(): team_lookup[team.team_uid] = team team_name = team.name.lower() t = team_lookup.get(team_name) if t is None: team_lookup[team_name] = team elif isinstance(t, list): t.append(team) elif isinstance(t, enterprise_types.Team): team_lookup[team_name] = [t, team] found_teams: Dict[str, enterprise_types.Team] = {} t: Optional[enterprise_types.Team] for team_name in add_teams: t = None if isinstance(team_name, str): t = enterprise_data.teams.get_entity(team_name) if t is None: tt = team_lookup.get(team_name.lower()) if isinstance(tt, list): if len(tt) == 1: t = tt[0] elif len(tt) >= 2: continue elif isinstance(tt, enterprise_types.Team): t = tt if t is None: continue found_teams[t.team_uid] = t teams_to_add = list(found_teams.values()) if isinstance(remove_users, list): has_remove_all_users = any((True for x in remove_users if x == '@all')) if not has_remove_all_users: for remove_user in remove_users: user = [user for user in enterprise_data.users.get_all_entities() if user.username.lower() == remove_user.lower()] users_to_remove.append(user) if isinstance(remove_teams, list): has_remove_all_teams = any((True for x in remove_teams if x == '@all')) if not has_remove_all_teams: team_lookup: Dict[str, Union[enterprise_types.Team, List[enterprise_types.Team]]] = {} for team in enterprise_data.teams.get_all_entities(): team_lookup[team.team_uid] = team team_name = team.name.lower() t = team_lookup.get(team_name) if t is None: team_lookup[team_name] = team elif isinstance(t, list): t.append(team) elif isinstance(t, enterprise_types.Team): team_lookup[team_name] = [t, team] found_teams: Dict[str, enterprise_types.Team] = {} t: Optional[enterprise_types.Team] for team_name in remove_teams: t = None if isinstance(team_name, str): t = enterprise_data.teams.get_entity(team_name) if t is None: tt = team_lookup.get(team_name.lower()) if isinstance(tt, list): if len(tt) == 1: t = tt[0] elif len(tt) >= 2: continue elif isinstance(tt, enterprise_types.Team): t = tt if t is None: continue found_teams[t.team_uid] = t teams_to_remove = list(found_teams.values()) batch = batch_management.BatchManagement(loader=enterprise_loader, logger=enterprise_manager_logger) for role in role_list: existing_users = {x.enterprise_user_id for x in enterprise_data.role_users.get_links_by_subject(role.role_id)} existing_teams = {x.team_uid for x in enterprise_data.role_teams.get_links_by_subject(role.role_id)} if users_to_add: users_to_add = [x for x in users_to_add if x.enterprise_user_id not in existing_users] if users_to_add: batch.modify_role_users(to_add=[enterprise_management.RoleUserEdit( role_id=role.role_id, enterprise_user_id=x.enterprise_user_id) for x in users_to_add]) if teams_to_add: teams_to_add = [x for x in teams_to_add if x.team_uid not in existing_teams] if teams_to_add: batch.modify_role_teams(to_add=[enterprise_management.RoleTeamEdit( role_id=role.role_id, team_uid=x.team_uid) for x in teams_to_add]) if has_remove_all_users: batch.modify_role_users(to_remove=[enterprise_management.RoleUserEdit( role_id=role.role_id, enterprise_user_id=x) for x in existing_users]) elif users_to_remove: batch.modify_role_users(to_remove=[enterprise_management.RoleUserEdit( role_id=role.role_id, enterprise_user_id=x.enterprise_user_id) for x in users_to_remove]) if has_remove_all_teams: batch.modify_role_teams(to_remove=[enterprise_management.RoleTeamEdit( role_id=role.role_id, team_uid=x) for x in existing_teams]) elif teams_to_remove: batch.modify_role_teams(to_remove=[enterprise_management.RoleTeamEdit( role_id=role.role_id, team_uid=x.team_uid) for x in teams_to_remove]) batch.apply() ```

#### Enterprise Role Copy Command Copy role with enforcement.

DotNet CLI

**Command:** ```bash enterprise-role copy --node --new-role-name ``` **Parameters** | Parameter | Required | Description | | ----------------- | -------- | --------------------------------------------------------------- | | `copy` | Yes | Command: must be `copy`. | | `` | Yes | Role name or Role ID to copy from. Must match exactly one role. | | `--node` | Yes | Target node name or Node ID where the new role will be created. | | `--new-role-name` | Yes | Display name for the new role. | **Examples:** ```bash My Vault> enterprise-role copy "Test2 Role" --node "dev" --new-role-name "third dev 2" Role "third dev 2" created with enforcements from "Test2 Role" (10 user(s), 2 team(s) copied). ```

DotNet SDK

Not Implemented

PowerCommander

**Command:** ```powershell Copy-KeeperEnterpriseRole -SourceRole -TargetNode -NewRoleName [-CopyUsers ] [-CopyTeams ] [-Force] ``` **Alias:** `kercopy` **Parameters** | Parameter | Type | Required | Default | Description | | ------------- | ------- | -------- | ------- | --------------------------------------------------------------- | | `SourceRole` | Object | Yes | — | Role name, Role ID, or `EnterpriseRole` object to copy from. | | `TargetNode` | String | Yes | — | Target node name or Node ID where the new role will be created. | | `NewRoleName` | String | Yes | — | Display name for the new role. | | `CopyUsers` | Boolean | No | `$true` | Copy users from the source role to the new role. | | `CopyTeams` | Boolean | No | `$true` | Copy teams from the source role to the new role. | | `Force` | Switch | No | — | Reload enterprise data before running. | **Examples:** ```powershell PowerCommander> Copy-KeeperEnterpriseRole -SourceRole "Test2 Role" -TargetNode "dev" -NewRoleName "second dev" Role "second dev" created with enforcements from "Test2 Role" (10 user(s), 4 team(s) copied). ```

Python CLI

**Command:** `enterprise-role copy` **Parameter**: `role` - Role Name or ID (required) **Flag:** * `--node` - New role node name or ID (required) * `--name`, `--displayname` - New role name (required)

Python SDK

### Enterprise Role Team Management Command This command assigns or unassigne a role to team

DotNet CLI

**Command:** `enterprise-role` **Add Team to a Role:** **Action:** `add-members` **Flags:** * `--help` : Display this help screen. * `--version` : Display version information. * `value pos. 0` : KSM command: "add-members" * `value pos. 1` : Role Name or ID * `value pos. 2` : User Email, User ID, Team Name, or Team UID (space-separated list) **Example:** ``` My Vault > enterprise-role add-members "Administrator Role" "Engineering Team" Adding members to role "Administrator Role" Team: "Engineering Team" : Success ``` \ **Remove Team from a Role:** **Action:** `remove-members` **Flags:** * `--help` : Display this help screen. * `--version` : Display version information. * `value pos. 0` : KSM command: "remove-members" * `value pos. 1` : Role Name or ID * `value pos. 2` : User Email, User ID, Team Name, or Team UID (space-separated list) **Example:** ``` My Vault > enterprise-role remove-members "Administrator Role" "Engineering Team" Removing members from role "Administrator Role" Team: "Engineering Team" : Success ```

DotNet SDK

**Add Team to a Role:** **Function:** `AddTeamToRole` ```csharp Task AddTeamToRole(EnterpriseRole role, EnterpriseTeam team); ``` **Arguments:** `role` - EnterpriseRole object representing the role to which the team will be added `team` - EnterpriseTeam object representing the team to be added to the role **Remove Team from a Role:** **Function:** `RemoveTeamFromRole` ```csharp Task RemoveTeamFromRole(EnterpriseRole role, EnterpriseTeam team); ``` **Arguments:** `role` - EnterpriseRole object representing the role from which the team will be removed `team` - EnterpriseTeam object representing the team to be removed from the role

PowerCommander

**Add Team to a Role:** **Command:** `Grant-KeeperEnterpriseRoleToTeam` **Aliases:** `kerta` **Flags:** * `-Role` : Role Name, ID, or EnterpriseRole object * `-Team` : Team UID, Name, or EnterpriseTeam object **Example:** ``` PS > Grant-KeeperEnterpriseRoleToTeam -Role "Administrator Role" -Team "Engineering Team" Team "Engineering Team" added to role "Administrator Role" ``` **Remove Team from a Role:** **Command:** `Revoke-KeeperEnterpriseRoleFromTeam` **Aliases:** `kertr` **Flags:** * `-Role` : Role Name, ID, or EnterpriseRole object * `-Team` : Team UID, Name, or EnterpriseTeam object **Example:** ``` PS > Revoke-KeeperEnterpriseRoleFromTeam -Role "Administrator Role" -Team "Engineering Team" Team "Engineering Team" removed from role "Administrator Role" ```

### Enterprise Role Managed Node Add Command This command/function helps to add a managed node to a role.

DotNet CLI

im**Command:** `enterprise-role roll_name --node= --cascade OR er roll_name --node= --cascade` **Parameter:** `roll_name` - Role name or ID. `node_name` - Node name or ID. `cascade` - cascade includes it is true else false **Examples:** ```sh My Vault> enterprise-role managed-node-add "Test4" --node="Test1" --cascade ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

DotNet SDK

**Add Managed Node:** **Function:** `RoleManagedNodeAdd` **Usage:** ```csharp public async Task RoleManagedNodeAdd(EnterpriseRole role, EnterpriseNode node, bool cascadeNodeManagement) ``` **Parameters:**

	Description
`role`	EnterpriseRole object representing the role
`node`	EnterpriseNode object representing the node
`cascade`	do the privileges for this managed node apply to the children nodes - `true / false`

**Example:** {% code overflow="wrap" %} ```csharp await EnterpriseManagementExamples.EnterpriseRoleExamples.RoleManagedNodeExample.RoleManagedNodeAdd(roleName: "Test2", nodeId: 70411693850884, cascadeNodeManagement: true); ``` {% endcode %} **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

PowerCommander

**Command:** `Add-KeeperEnterpriseRoleManagedNode` **Flags:**

Parameter	Description
`Role`	Role Name or ID
`Node`	Node name or ID to add as a managed node
`Cascade`	Cascade node management to subnodes

**Example:** ```powershell PS> Add-KeeperEnterpriseRoleManagedNode -Role PCRTest -Node PCTNode -Cascade Managed node "PCTNode" added to role "PCRTest" successfully. ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python CLI

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python SDK

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

### Enterprise Role Managed Node Update Command This command/function helps to update a managed node to a role.

DotNet CLI

**Command:** `enterprise-role roll_name --node= --cascade OR er roll_name --node= --cascade` **Parameter:** `roll_name` - Role name or ID. `node_name` - Node name or ID. `cascade` - cascade includes it is true else false **Examples:** ```sh My Vault> enterprise-role managed-node-update "Test4" --node="Test1" --cascade ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

DotNet SDK

**Update Managed Node:** **Function:** `RoleManagedNodeUpdate` **Usage:** ```csharp public async Task RoleManagedNodeUpdate(EnterpriseRole role, EnterpriseNode node, bool cascadeNodeManagement) ``` **Parameters:**

	Description
`role`	EnterpriseRole object representing the role
`node`	EnterpriseNode object representing the node
`cascade`	do the privileges for this managed node apply to the children nodes - `true / false`

**Example:** {% code overflow="wrap" %} ```csharp await EnterpriseManagementExamples.EnterpriseRoleExamples.RoleManagedNodeExample.RoleManagedNodeUpdate(roleName: "Test2", nodeId: 70411693850884, cascadeNodeManagement: true); ``` {% endcode %} **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

PowerCommander

**Command**:`Update-KeeperEnterpriseRoleManagedNode` **Flags**:

Parameter	Description
`Role`	Role Name or ID
`Node`	Node name or ID to add as a managed node
`Cascade`	Cascade node management to subnodes

**Example**: ```powershell PS> Update-KeeperEnterpriseRoleManagedNode -Role PCRTest -Node PCTNode Managed node "PCTNode" updated for role "PCRTest" successfully. ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python CLI

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python SDK

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

### Enterprise Role Managed Node Delete Command This command/function helps to delete a managed node to a role.

DotNet CLI

**Command:** `enterprise-role roll_name --node= OR er roll_name --node=` **Parameter:** `roll_name` - Role name or ID. `node_name` - Node name or ID. **Examples:** ```sh My Vault> enterprise-role managed-node-delete "Test4" --node="Test1" ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

DotNet SDK

**Remove Managed Node:** **Function:** `RoleManagedNodeRemove` **Usage:** ```csharp public async Task RoleManagedNodeRemove(EnterpriseRole role, EnterpriseNode node) ``` **Parameters:**

	Description
`role`	EnterpriseRole object representing the role
`node`	EnterpriseNode object representing the node

**Example:** {% code overflow="wrap" %} ```csharp await EnterpriseManagementExamples.EnterpriseRoleExamples.RoleManagedNodeExample.RoleManagedNodeRemove(roleName: "Test1", nodeId: 70411693850884); ``` {% endcode %} **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

PowerCommander

Command: `Remove-KeeperEnterpriseRoleManagedNode` Flags:

Parameter	Description
`Role`	Role Name or ID
`Node`	Node name or ID to add as a managed node

**Example:** ``` PS> Remove-KeeperEnterpriseRoleManagedNode -Role PCRTest -Node PCTNode Managed node PCTNode deleted from role PCRTest successfully. ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python CLI

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python SDK

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

### Enterprise Role Managed Node Privileges Add Command This command/function helps to add a batch or individual privileges to managed node.

DotNet CLI

**Command:** `enterprise-role roll_name --node= --privileges= OR er roll_name --node= --privileges=` **Parameter:** `roll_name` - Role name or ID. `node_name` - Node name or ID. `privileges` - comma separated privileges inside a string. **Examples:** ```sh My Vault> er add-privileges "Test4" --node="Ananth-Test" --privileges="manage_nodes,manage_user,run_reports" ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

DotNet SDK

**Add Privileges to Managed Node:** **Function:** `RoleManagedNodePrivilegeAddBatch` **Usage:** ```csharp public async Task> RoleManagedNodePrivilegeAddBatch(EnterpriseRole role, EnterpriseNode node, List privileges) ``` **Parameters:**

Description

role EnterpriseRole object representing the role

node EnterpriseNode object representing the node

privileges

Adds a list of privileges of type

List<RoleManagedNodePrivilege>

**Example:** {% code overflow="wrap" %} ```csharp await EnterpriseManagementExamples.EnterpriseRoleExamples.RoleManagedNodeExample.RoleManagedNodePrivilegeAdd(roleName: "Test1", nodeId: 70411693850884, privileges: new List { RoleManagedNodePrivilege.MANAGE_USER, RoleManagedNodePrivilege.TRANSFER_ACCOUNT }); ``` {% endcode %} **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

PowerCommander

**Command:** `Add-KeeperEnterpriseRolePrivilege` **Aliases:** `Add-KeeperRolePrivilege` **Flags:**

Flag	Description
`-Role`	Role Name or ID (Mandatory, Position 0)
`-Node`	Node name or ID of the managed node (Mandatory, Position 1)
`-Privilege`	One or more privilege names to add. Valid values: MANAGE_NODES, MANAGE_USER, MANAGE_LICENCES, MANAGE_ROLES, MANAGE_TEAMS, TRANSFER_ACCOUNT, RUN_REPORTS, VIEW_TREE, MANAGE_BRIDGE, MANAGE_COMPANIES, SHARING_ADMINISTRATOR, APPROVE_DEVICE, MANAGE_RECORD_TYPES, RUN_COMPLIANCE_REPORTS (Mandatory, Position 2)

Example: ```powershell PS> Add-KeeperEnterpriseRolePrivilege -Role PCRTest -Node PCTNode -Privilege MANAGE_NODES,MANAGE_USER,MANAGE_LICENCES,MANAGE_ROLES,MANAGE_TEAMS,TRANSFER_ACCOUNT,VIEW_TREE,MANAGE_COMPANIES,SHARING_ADMINISTRATOR,APPROVE_DEVICE,MANAGE_RECORD_TYPES,RUN_COMPLIANCE_REPORTS Command: managed_node_privilege_add, Privilege: MANAGE_NODES, Result: success Command: managed_node_privilege_add, Privilege: MANAGE_USER, Result: success Command: managed_node_privilege_add, Privilege: MANAGE_LICENCES, Result: success Command: managed_node_privilege_add, Privilege: MANAGE_ROLES, Result: success Command: managed_node_privilege_add, Privilege: MANAGE_TEAMS, Result: success Command: managed_node_privilege_add, Privilege: TRANSFER_ACCOUNT, Result: success Command: managed_node_privilege_add, Privilege: VIEW_TREE, Result: fail, Code: access_denied, Message: You do not have the required privilege to perform this operation. Command: managed_node_privilege_add, Privilege: MANAGE_COMPANIES, Result: fail, Code: access_denied, Message: You do not have the required privilege to perform this operation. Command: managed_node_privilege_add, Privilege: SHARING_ADMINISTRATOR, Result: success Command: managed_node_privilege_add, Privilege: APPROVE_DEVICE, Result: success Command: managed_node_privilege_add, Privilege: MANAGE_RECORD_TYPES, Result: success Command: managed_node_privilege_add, Privilege: RUN_COMPLIANCE_REPORTS, Result: success ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python CLI

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python SDK

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

### Enterprise Role Managed Node Privileges Remove Command This command/function helps to remove a batch or individual privileges to managed node.

DotNet CLI

**Command:** `enterprise-role roll_name --node= --privileges= OR er roll_name --node= --privileges=` **Parameter:** `roll_name` - Role name or ID. `node_name` - Node name or ID. `privileges` - comma separated privileges inside a string. **Examples:** ```sh My Vault> er remove-privileges "Test4" --node="Ananth-Test" --privileges="manage_nodes,manage_user,run_reports" ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

DotNet SDK

**Remove Privileges of Managed Node:** **Function:** `RoleManagedNodePrivilegeRemoveBatch` **Usage:** ```csharp public async Task> RoleManagedNodePrivilegeRemoveBatch(EnterpriseRole role, EnterpriseNode node, List privileges) ``` **Parameters:**

Description

role EnterpriseRole object representing the role

node EnterpriseNode object representing the node

privileges

Removes a list of privileges of type

List<RoleManagedNodePrivilege>

**Example:** {% code overflow="wrap" %} ```csharp await EnterpriseManagementExamples.EnterpriseRoleExamples.RoleManagedNodeExample.RoleManagedNodePrivilegeRemove(roleName: "Test1", nodeId: 70411693850884, privileges: new List { RoleManagedNodePrivilege.MANAGE_USER, RoleManagedNodePrivilege.TRANSFER_ACCOUNT }); ``` {% endcode %} **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

PowerCommander

**Command:** `Remove-KeeperEnterpriseRolePrivilege` **Aliases:** `Remove-KeeperRolePrivilege` **Flags:**

Flag	Description
`-Role`	Role Name or ID (Mandatory, Position 0)
`-Node`	Node name or ID of the managed node (Mandatory, Position 1)
`-Privilege`	One or more privilege names to remove. Valid values: MANAGE_NODES, MANAGE_USER, MANAGE_LICENCES, MANAGE_ROLES, MANAGE_TEAMS, TRANSFER_ACCOUNT, RUN_REPORTS, VIEW_TREE, MANAGE_BRIDGE, MANAGE_COMPANIES, SHARING_ADMINISTRATOR, APPROVE_DEVICE, MANAGE_RECORD_TYPES, RUN_COMPLIANCE_REPORTS (Mandatory, Position 2)

**Example:** ```powershell PS> Remove-KeeperEnterpriseRolePrivilege -Role PCRTest -Node PCTNode -Privilege MANAGE_NODES,MANAGE_USER,MANAGE_LICENCES,MANAGE_ROLES,MANAGE_TEAMS,TRANSFER_ACCOUNT,VIEW_TREE,MANAGE_COMPANIES,SHARING_ADMINISTRATOR,APPROVE_DEVICE,MANAGE_RECORD_TYPES,RUN_COMPLIANCE_REPORTS Command: managed_node_privilege_remove, Privilege: MANAGE_NODES, Result: success Command: managed_node_privilege_remove, Privilege: MANAGE_USER, Result: success Command: managed_node_privilege_remove, Privilege: MANAGE_LICENCES, Result: success Command: managed_node_privilege_remove, Privilege: MANAGE_ROLES, Result: success Command: managed_node_privilege_remove, Privilege: MANAGE_TEAMS, Result: success Command: managed_node_privilege_remove, Privilege: TRANSFER_ACCOUNT, Result: success Command: managed_node_privilege_remove, Privilege: VIEW_TREE, Result: fail, Code: doesnt_exist, Message: This object no longer exists. Command: managed_node_privilege_remove, Privilege: MANAGE_COMPANIES, Result: fail, Code: doesnt_exist, Message: This object no longer exists. Command: managed_node_privilege_remove, Privilege: SHARING_ADMINISTRATOR, Result: success Command: managed_node_privilege_remove, Privilege: APPROVE_DEVICE, Result: success Command: managed_node_privilege_remove, Privilege: MANAGE_RECORD_TYPES, Result: success Command: managed_node_privilege_remove, Privilege: RUN_COMPLIANCE_REPORTS, Result: success ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python CLI

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python SDK

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

### Enterprise Role Add Enforcement Policies Command This command/function helps to add a batch or individual enforcement policies to a role.

DotNet CLI

**Command:** `enterprise-role role_name --enforcements="key1=value1; key2="value2"" OR er role_name --enforcements="key1=value1; key2="value2""` **Parameter:** `roll_name` - Role name or ID. `enforcements` - Give enforcements in the form of key and value pair inside the string. **Examples:** ```sh My Vault> er add-enforcements "Test4" --enforcements="RESTRICT_FILE_UPLOAD=true; TWO_FACTOR_DURATION_WEB="0,12,24"" ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

DotNet SDK

**Add Enforcement Policies to Role:** **Function:** `RoleEnforcementAddBatch` **Usage:** ```csharp public async Task> RoleEnforcementAddBatch(EnterpriseRole role, IDictionary enforcements) ``` **Parameters:**

Description

role EnterpriseRole object representing the role

	Description
`role`	`EnterpriseRole` object representing the role
`enforcements`	Adds a batch of enforcement policies of type `Dictionary<RoleEnforcementPolicies, string>`

enforcements

Adds a batch of enforcement policies of type

Dictionary<RoleEnforcementPolicies, string>

**Example:** {% code overflow="wrap" %} ```csharp var enforcements = new Dictionary { { RoleEnforcementPolicies.RESTRICT_FILE_UPLOAD, "true" }, { RoleEnforcementPolicies.RESTRICT_IP_ADDRESSES, "1.1.1.1-2.2.2.2" }, { RoleEnforcementPolicies.MASTER_PASSWORD_MINIMUM_LENGTH, "10"}, { RoleEnforcementPolicies.RESTRICT_DOMAIN_ACCESS, "192.168.1.100/app123"}, { RoleEnforcementPolicies.GENERATED_PASSWORD_COMPLEXITY, "google.com|12|4|1|3|1"}, }; await EnterpriseManagementExamples.EnterpriseRoleExamples.RoleManagedNodeExample.RoleEnforcementAdd(roleName: , enforcements: enforcements); ``` {% endcode %} **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

PowerCommander

**Command:** `Add-KeeperEnterpriseRoleEnforcement` **Aliases:** `Add-KeeperRoleEnforcement` **Flags:** | Flag | Description | | -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `-Role` | Role Name or ID (Mandatory, Position 0) | | `-Enforcement` | Enforcement(s) in KEY=value format. Can be semicolon or comma separated. Multiple enforcements can be provided as an array. Supports both `=` and `:` as separators. (Mandatory, Position 1) | **Example:** ``` PS > Add-KeeperEnterpriseRoleEnforcement -Role PCRTest -Enforcement RESTRICT_FILE_UPLOAD=$true,RESTRICT_EXPORT=$true Command: role_enforcement_add, Enforcement: RESTRICT_FILE_UPLOAD=True, Result: success Command: role_enforcement_add, Enforcement: RESTRICT_EXPORT=True, Result: success ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python CLI

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python SDK

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

### Enterprise Role Update Enforcement Policies Command This command/function helps to update a batch or individual enforcement policies to a role.

DotNet CLI

**Command:** `enterprise-role role_name --enforcements="key1=value1; key2=value2" OR er role_name --enforcements="key1=value1; key2=value2"` **Parameter:** `roll_name` - Role name or ID. `enforcements` - Give enforcements in the form of key and value pair inside the string. **Examples:** ```sh My Vault> er update-enforcements "Test4" --enforcements="RESTRICT_FILE_UPLOAD=false; TWO_FACTOR_DURATION_WEB="0,12,24,30"" ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

DotNet SDK

**Update Enforcement Policies to Role:** **Function:** `RoleEnforcementUpdateBatch` **Usage:** ```csharp public async Task> RoleEnforcementUpdateBatch(EnterpriseRole role, IDictionary enforcements) ``` **Parameters:**

Description

role EnterpriseRole object representing the role

enforcements

Adds a batch of enforcement policies of type

Dictionary<RoleEnforcementPolicies, string>

**Example:** {% code overflow="wrap" %} ```csharp var enforcements = new Dictionary { { RoleEnforcementPolicies.RESTRICT_FILE_UPLOAD, "false" }, { RoleEnforcementPolicies.RESTRICT_IP_ADDRESSES, "2.2.2.2-3.3.3.3" }, { RoleEnforcementPolicies.MASTER_PASSWORD_MINIMUM_LENGTH, "20"}, { RoleEnforcementPolicies.RESTRICT_DOMAIN_ACCESS, "192.168.1.100/app345"}, { RoleEnforcementPolicies.GENERATED_PASSWORD_COMPLEXITY, "google.com|12|4|1|3|1"}, }; await EnterpriseManagementExamples.EnterpriseRoleExamples.RoleManagedNodeExample.RoleEnforcementUpdate(roleName: , enforcements: enforcements); ``` {% endcode %} **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

PowerCommander

**Command:** `Update-KeeperEnterpriseRoleEnforcement` **Aliases:** `Update-KeeperRoleEnforcement` **Flags:** | Flag | Description | | -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `-Role` | Role Name or ID (Mandatory, Position 0) | | `-Enforcement` | Enforcement(s) in KEY=value format. Can be semicolon or comma separated. Multiple enforcements can be provided as an array. Supports both `=` and `:` as separators. (Mandatory, Position 1) | **Example:** ```powershell PS > Update-KeeperEnterpriseRoleEnforcement -Role PCRTest -Enforcement RESTRICT_FILE_UPLOAD=$true,RESTRICT_EXPORT=$true Command: role_enforcement_add, Enforcement: RESTRICT_FILE_UPLOAD=True, Result: success Command: role_enforcement_add, Enforcement: RESTRICT_EXPORT=True, Result: success ``` Separator as Semicolon: ```powershell PS > Update-KeeperEnterpriseRoleEnforcement -Role "AdminRole" -Enforcement "TWO_FACTOR_DURATION_WEB=7200;MASTER_PASSWORD_MINIMUM_LENGTH=16" Command: role_enforcement_update, Enforcement: TWO_FACTOR_DURATION_WEB=7200, Result: success Command: role_enforcement_update, Enforcement: MASTER_PASSWORD_MINIMUM_LENGTH=16, Result: success ``` Separator as Comma: ```powershell PS > Update-KeeperEnterpriseRoleEnforcement -Role "AdminRole" -Enforcement "TWO_FACTOR_DURATION_WEB=7200,MASTER_PASSWORD_MINIMUM_LENGTH=16" Command: role_enforcement_update, Enforcement: TWO_FACTOR_DURATION_WEB=7200, Result: success Command: role_enforcement_update, Enforcement: MASTER_PASSWORD_MINIMUM_LENGTH=16, Result: success ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python CLI

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python SDK

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

### Enterprise Role Remove Enforcement Policies Command This command/function helps to Remove a batch or individual enforcement policies to a role.

DotNet CLI

**Command:** `enterprise-role role_name --enforcements="key1; key2; key3" OR er role_name --enforcements="key1; key2; key3"` **Parameter:** `roll_name` - Role name or ID. `enforcements` - comma separated enforcements inside a string. **Examples:** ```sh My Vault> er remove-enforcements "Test4" --enforcements="RESTRICT_FILE_UPLOAD; TWO_FACTOR_DURATION_WEB" ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

DotNet SDK

**Remove Enforcement Policies to Role:** **Function:** `RoleEnforcementRemoveBatch` **Usage:** ```csharp public async Task> RoleEnforcementRemoveBatch(EnterpriseRole role, List enforcements) ``` **Parameters:**

Description

role EnterpriseRole object representing the role

enforcements

Adds a batch of enforcement policies of type

List<RoleEnforcementPolicies>

**Example:** {% code overflow="wrap" %} ```csharp var enforcements = new List { { RoleEnforcementPolicies.RESTRICT_FILE_UPLOAD}, { RoleEnforcementPolicies.RESTRICT_IP_ADDRESSES}, { RoleEnforcementPolicies.MASTER_PASSWORD_MINIMUM_LENGTH}, { RoleEnforcementPolicies.RESTRICT_DOMAIN_ACCESS}, { RoleEnforcementPolicies.GENERATED_PASSWORD_COMPLEXITY}, }; await EnterpriseManagementExamples.EnterpriseRoleExamples.RoleManagedNodeExample.RoleEnforcementRemove(roleName: , enforcement: enforcements); ``` {% endcode %} **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

PowerCommander

**Command:** `Remove-KeeperEnterpriseRoleEnforcement` **Aliases:** `Remove-KeeperRoleEnforcement` **Flags:** | Flag | Description | | -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `-Role` | Role Name or ID (Mandatory, Position 0) | | `-Enforcement` | Enforcement key(s) to remove. Can be semicolon or comma separated. For remove operations, use KEY only (no value). If KEY=value format is provided, only the key portion will be used. (Mandatory, Position 1) | **Example:** ```powershell PS> Remove-KeeperEnterpriseRoleEnforcement -Role PCRTest -Enforcement RESTRICT_FILE_UPLOAD Command: role_enforcement_remove, Enforcement: RESTRICT_FILE_UPLOAD, Result: success ``` Separator as Semicolon: ```powershell PS > Remove-KeeperEnterpriseRoleEnforcement -Role "AdminRole" -Enforcement "TWO_FACTOR_DURATION_WEB;MASTER_PASSWORD_MINIMUM_LENGTH" Command: role_enforcement_remove, Enforcement: TWO_FACTOR_DURATION_WEB, Result: success Command: role_enforcement_remove, Enforcement: MASTER_PASSWORD_MINIMUM_LENGTH, Result: success ``` Separator as Comma: ```powershell PS > Remove-KeeperEnterpriseRoleEnforcement -Role "AdminRole" -Enforcement "TWO_FACTOR_DURATION_WEB,MASTER_PASSWORD_MINIMUM_LENGTH" Command: role_enforcement_remove, Enforcement: TWO_FACTOR_DURATION_WEB, Result: success Command: role_enforcement_remove, Enforcement: MASTER_PASSWORD_MINIMUM_LENGTH, Result: success ``` **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python CLI

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

Python SDK

Comming Soon **Reference:** [Commander Reference](/keeperpam/commander-cli/command-reference/enterprise-management-commands.md#changing-role-enforcements-and-privileges)

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/keeperpam/commander-sdk/keeper-commander-sdks/sdk-command-reference/enterprise-management-commands/enterprise-role-commands.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.