The built-in and custom administrator roles in the environment.

Table-Specific Information

We recommend using the built-in Client Application Developer role to read and write data for this table.

SELECT

Reading data from this table requires Read Custom Roles/permissions:read:roles permission.

To read data from this table, refer to the following query examples:

SELECT * FROM Administrators.AdminRoles;
SELECT * FROM Administrators.AdminRoles WHERE Id = '6f770b08-793f-4393-b2aa-b1d1587a0324';
SELECT * FROM Administrators.AdminRoles WHERE Name IN ('Environment Admin', 'Custom Admin Role');

INSERT

Creating data in this table requires Create Custom Roles/permissions:create:roles permission.

Refer to the query example below:

INSERT INTO Administrators.AdminRoles (Name, Description, Permissions, ApplicableTo, CanBeAssignedBy) VALUES ('Custom Admin Role 1', 'Custom Admin Role 1', '[{\"id\": \"permissions:read:userRoleAssignments\"}]', 'APPLICATION,POPULATION,ENVIRONMENT,ORGANIZATION', '[{\"id\":\"29ddce68-cd7f-4b2a-b6fc-f7a19553b496\"}]')

UPDATE

Updating data in this table requires Update Custom Roles/permissions:update:roles permission.

Refer to the query example below:

UPDATE Administrators.AdminRoles SET Description = 'Test Description' WHERE Id = '6f770b08-793f-4393-b2aa-b1d1587a0324'

NOTE: Only custom administrator roles (Type=CUSTOM) can be updated in PingOne.

DELETE

Deleting data from this table requires Delete Custom Roles/permissions:delete:roles permission.

Refer to the query example below:

DELETE FROM Administrators.AdminRoles WHERE Id = '6f770b08-793f-4393-b2aa-b1d1587a0324'

Columns

Name	Type	ReadOnly	References	Description
Id [KEY]	String	True		The role identifier (UUID).
Name	String	False		The name of the role.
Description	String	False		The role's description.
Type	String	False		The role's type. Possible values are: 'PLATFORM', 'CUSTOM'. 'PLATFORM' type indicates that the role is a built-in role. 'CUSTOM' type indicates that the role is a custom role.
Permissions	String	False		The set of permissions assigned to the role. This information is represented in JSON format (aggregate).
ApplicableTo	String	False		The scope/level to which the role can be applied. Possible values are: 'ORGANIZATION', 'ENVIRONMENT', 'POPULATION' and 'APPLICATION'.
EnvironmentId	String	True	Information.Environments.Id	The identifier (UUID) of the environment in which the role exists.
CanBeAssignedBy	String	False		The list of role identifiers which are allowed to assign this role to an actor. This information is represented in JSON format (aggregate).