Import Roles

This document will explain how to import multiple roles into StrongDM using a single command. It will also explain how to update roles and apply datasource grants via the sdm admin roles command.

Getting the JSON Template #

You may use the sdm admin roles add --template > import.json command to get a JSON template to modify for later import.

Example Import JSON #

Here’s an example JSON for adding two roles. Each role must have a unique name.

[
    {
        "name": "Sales"
    },
    {
        "name": "Engineers"
    }
]

Running the Import #

Once you have created your JSON, you can easily import it into StrongDM.

sdm admin roles add --file import.json

Updating Roles #

To get the current state of StrongDM roles in JSON format, run sdm admin roles list -j > export.json. Once you have the state, you can modify the JSON and update the roles by running sdm admin roles update --file export.json.

Granting Datasources and Servers #

Similarly, you can batch grant datasource access to roles. Use this command to create a template: sdm admin roles grant --template > grants.json.

[
    {
        "datasourceID": "0",
        "datasourceName": "Datasource 1",
        "roles": [
            {
                "id": "0",
                "name": "Sales"
            }
        ]
    }
]

datasourceID is optional if you have a datasourceName. Similarly, the role id is optional if you have a role name supplied.

You can add multiple grants and roles into a single JSON. You can then apply these grants using sdm admin roles grant --file grants.json.

If you wish to revoke access from a datasource to a role, see sdm admin roles revoke. If you wish to revoke access from all datasources, see sdm admin roles revoke-all. To manage grants for users that are not in a role, see sdm admin users grant-temporary.