Get PAM roles
Used by a privileged account to list the PAM roles for which the account is a candidate.
Note
The URLs in this article are relative to the hostname that's chosen during API deployment, such as https://api.contoso.com
.
Request
Method | Request URL |
---|---|
GET | /api/pamresources/pamroles |
Query parameters
Parameter | Description |
---|---|
$filter | Optional. Specify any of the PAM role properties in a filter expression to return a filtered list of responses. For more information about supported operators, see Filtering in PAM REST API service details. |
v | Optional. The API version. If not included, the current (most recently released) version of the API is used. For more information, see Versioning in PAM REST API service details. |
Request headers
For common request headers, see HTTP request and response headers in PAM REST API service details.
Request body
None.
Response
This section describes the response.
Response codes
Code | Description |
---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
408 | Request Timeout |
500 | Internal Server Error |
503 | Service Unavailable |
Response headers
For common request headers, see HTTP request and response headers in PAM REST API service details.
Response body
A successful response contains a collection of one or more PAM roles, each of which has the following properties:
Property | Description |
---|---|
RoleID | The unique identifier (GUID) of the PAM role. |
DisplayName | THe PAM role’s display name in the MIM service. |
Description | The PAM role’s description in the MIM service. |
TTL | The role’s access rights maximum expiration timeout in seconds. |
AvailableFrom | The earliest time of day when a request is activated. |
AvailableTo | The latest time of day when a request is activated. |
MFAEnabled | A Boolean value that indicates whether activation requests for this role require an MFA challenge. |
ApprovalEnabled | A Boolean value that indicates whether activation requests for this role require approval by a role owner. |
AvailabilityWindowEnabled | A Boolean value that indicates whether the role can only be activated during a specified time interval. |
Example
This section provides an example to get the PAM roles.
Example: Request
GET /api/pamresources/pamroles HTTP/1.1
Example: Response
HTTP/1.1 200 OK
{
"odata.metadata":"http://localhost:8086/api/pamresources/%24metadata#pamroles",
"value":[
{
"RoleId":"00000000-0000-0000-0000-000000000000",
"DisplayName":"Allow AD Access ",
"Description":null,
"TTL":"3600",
"AvailableFrom":"0001-01-01T00:00:00",
"AvailableTo":"0001-01-01T00:00:00",
"MFAEnabled":false,
"ApprovalEnabled":false,
"AvailabilityWindowEnabled":false
},
{
"RoleId":"00000000-0000-0000-0000-000000000000",
"DisplayName":"ApprovalRole",
"Description":null,
"TTL":"3600",
"AvailableFrom":"0001-01-01T00:00:00",
"AvailableTo":"0001-01-01T00:00:00",
"MFAEnabled":false,
"ApprovalEnabled":true,
"AvailabilityWindowEnabled":false
}
]
}