get-id-broker-mappings¶

Description¶

Gets all ID Broker mappings for an environment.

Synopsis¶

  get-id-broker-mappings
--environment-name <value>
[--cli-input-json <value>]
[--generate-cli-skeleton]

Options¶

--environment-name (string)

The name or CRN of the environment.

--cli-input-json (string)

Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (boolean)

Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for --cli-input-json.

Output¶

mappingsVersion -> (integer)

The version of the mappings.

dataAccessRole -> (string)

The cloud provider role to which data access services will be mapped (e.g. an ARN in AWS, a Resource ID in Azure).

rangerAuditRole -> (string)

The cloud provider role to which services that write to Ranger audit logs will be mapped (e.g. an ARN in AWS, a Resource ID in Azure). Note that some data access services also write to Ranger audit logs; such services will be mapped to the dataAccessRole, not the rangerAuditRole.

rangerCloudAccessAuthorizerRole -> (string)

The cloud provider role to which the Ranger RAZ service will be mapped (e.g. an ARN in AWS, a Resource ID in Azure).

mappings -> (array)

ID Broker mappings for individual actors and groups. Does not include mappings for data access services. May be empty if no individual mappings are needed.

item -> (object)

A mapping of an actor or group to a cloud provider role.

accessorCrn -> (string)

The CRN of the actor or group.

role -> (string)

The cloud provider role (e.g., ARN in AWS, Resource ID in Azure) to which the actor or group is mapped.

Form Factors¶

public, private