Import Roles

Last modified on April 4, 2024

This document will explain how to import multiple roles into StrongDM using a single command. It will also explain how to update roles and apply datasource grants via the sdm admin roles command.

Getting the JSON Template

You may use the sdm admin roles add --template > import.json command to get a JSON template to modify for later import.

Example Import JSON

Here’s an example JSON for adding two roles. Each role must have a unique name.

[
    {
        "name": "Sales"
    },
    {
        "name": "Engineers"
    }
]

Running the Import

Once you have created your JSON, you can easily import it into StrongDM.

sdm admin roles add --file import.json

Updating Roles

To get the current state of StrongDM roles in JSON format, run sdm admin roles list -j > export.json. Once you have the state, you can modify the JSON and update the roles by running sdm admin roles update --file export.json.

Granting Datasources and Servers

Similarly, you can batch grant datasource access to roles. Use this command to create a template: sdm admin roles grant --template > grants.json.

[
    {
        "datasourceID": "0",
        "datasourceName": "Datasource 1",
        "roles": [
            {
                "id": "0",
                "name": "Sales"
            }
        ]
    }
]

datasourceID is optional if you have a datasourceName. Similarly, the role id is optional if you have a role name supplied.

You can add multiple grants and roles into a single JSON. You can then apply these grants using sdm admin roles grant --file grants.json.

If you wish to revoke access from a datasource to a role, see sdm admin roles revoke. If you wish to revoke access from all datasources, see sdm admin roles revoke-all. To manage grants for users that are not in a role, see sdm admin users grant-temporary.

Top