Custom role permissions.

Table Specific Information

Required Scopes

To query this table, Scope must include okta.roles.read. To edit this table, it must include okta.roles.manage.

Select

The driver uses the Okta API to process WHERE clause conditions built with the following columns and operators.

• Label supports the '=' operator
• RoleId supports the '=' operator

All other filters are processed client-side within the driver.

For example, the following queries are processed server-side:

SELECT * FROM RolePermissions WHERE RoleId = 'cr0Yq6IJxGIr0ouum0g3'

SELECT * FROM RolePermissions WHERE RoleId = 'cr0Yq6IJxGIr0ouum0g3' AND Label = 'okta.users.read'

Insert

At minimum the Label and RoleId are required to insert into this table. Note that a permission with the given label must already be available for the specified RoleId.

Sample Inserts are given below.

INSERT INTO RolePermissions (Label, RoleId) VALUES ('okta.users.read', 'cr0kvdjoe2VOEEYuP5d7')

INSERT INTO RolePermissions (Label, RoleId, ConditionsExclude) VALUES ('okta.users.read', 'cr0kvdjoe2VOEEYuP5d7', '{"okta:ResourceAttribute/User/Profile" : ["city", "state"]}')

Update

A sample Update is given below.

UPDATE RolePermissions SET ConditionsInclude = '{\"okta:ResourceAttribute/User/Profile\" : [\"city\", \"state\"]}' WHERE Label = 'okta.users.read' AND RoleId = 'cr0kvdjoe2VOEEYuP5d7'

Delete

A sample Delete is given below.

DELETE FROM RolePermissions WHERE Label = 'okta.users.read' AND RoleId = 'cr0kvdjoe2VOEEYuP5d7'

Columns

Name	Type	ReadOnly	Description
Label [KEY]	String	False	Permission type or label
Created	Datetime	True	When the item was created
LastUpdated	Datetime	True	When the item was last updated
RoleId [KEY]	String	False	Role id or label
ConditionsExclude	String	False	Exclude attributes with specific values for the permission
ConditionsInclude	String	False	Include attributes with specific values for the permission