| Name | Type | Description | Notes |
|---|---|---|---|
| effect | String | Set to “Allow.” By default, all actions are denied, this Statement allows the listed actions to be executed. | |
| action | List<ActionEnum> | An array of strings that represent actions within OneLogin. Actions are prefixed with the class of object they are related to and followed by a specific action for the given class. e.g. users:List, where the class is users and the specific action is List. Don’t mix classes within an Action array. To create a privilege that includes multiple different classes, create multiple statements. A wildcard * that includes all actions is supported. Use wildcards to create a Super User privilege. | |
| scope | List<String> | Target the privileged action against specific resources with the scope. The scope pattern is the class of object used by the Action, followed by an ID that represents a resource in OneLogin. e.g. apps/1234, where apps is the class and 1234 is the ID of an app. The wildcard * is supported and indicates that all resources of the class type declared, in the Action, are in scope. The Action and Scope classes must match. However, there is an exception, a scope of roles/{role_id} can be combined with Actions on the user or app class. The exception allows you to target groups of users or apps with specific actions. |
| Name | Value |
|---|---|
| APPS_CREATE | "Apps:Create" |
| APPS_DELETE | "Apps:Delete" |
| APPS_LIST | "Apps:List" |
| APPS_GET | "Apps:Get" |
| APPS_UPDATE | "Apps:Update" |
| APPS_MANAGECONNECTORS | "Apps:ManageConnectors" |
| APPS_MANAGEROLES | "Apps:ManageRoles" |
| APPS_MANAGETABS | "Apps:ManageTabs" |
| APPS_MANAGEUSERS | "Apps:ManageUsers" |
| APPS_REAPPLYMAPPINGS | "Apps:ReapplyMappings" |
| USERS_CREATE | "Users:Create" |
| USERS_DELETE | "Users:Delete" |
| USERS_LIST | "Users:List" |
| USERS_GET | "Users:Get" |
| USERS_UPDATE | "Users:Update" |
| USERS_ASSUMEUSER | "Users:AssumeUser" |
| USERS_MANAGEAPPS | "Users:ManageApps" |
| USERS_UNLOCK | "Users:Unlock" |
| USERS_GENERATETEMPMFATOKEN | "Users:GenerateTempMfaToken" |
| USERS_RESETPASSWORD | "Users:ResetPassword" |
| USERS_REAPPLYMAPPINGS | "Users:ReapplyMappings" |
| USERS_MANAGELICENSE | "Users:ManageLicense" |
| USERS_INVITE | "Users:Invite" |
| USERS_MANAGEROLES | "Users:ManageRoles" |
| ROLES_CREATE | "Roles:Create" |
| ROLES_GET | "Roles:Get" |
| ROLES_LIST | "Roles:List" |
| ROLES_UPDATE | "Roles:Update" |
| ROLES_DELETE | "Roles:Delete" |
| ROLES_MANAGEUSERS | "Roles:ManageUsers" |
| ROLES_MANAGEAPPS | "Roles:ManageApps" |
| REPORTS_CREATE | "Reports:Create" |
| REPORTS_GET | "Reports:Get" |
| REPORTS_LIST | "Reports:List" |
| REPORTS_UPDATE | "Reports:Update" |
| REPORTS_DELETE | "Reports:Delete" |
| REPORTS_CLONE | "Reports:Clone" |
| EVENTS_GET | "Events:Get" |
| EVENTS_LIST | "Events:List" |
| GROUPS_CREATE | "Groups:Create" |
| GROUPS_GET | "Groups:Get" |
| GROUPS_LIST | "Groups:List" |
| GROUPS_UPDATE | "Groups:Update" |
| GROUPS_DELETE | "Groups:Delete" |
| POLICIES_CREATE | "Policies:Create" |
| POLICIES_GET | "Policies:Get" |
| POLICIES_LIST | "Policies:List" |
| POLICIES_UPDATE | "Policies:Update" |
| POLICIES_DELETE | "Policies:Delete" |
| POLICIES_SETDEFAULT | "Policies:SetDefault" |