Skip to main content

Find Rolesets

Find role sets in the identity store. The command uses the PV_ROLESETS public view to find data. Any filters passed should apply to this public view.

GET https://instance.securid.com/aveksa/command.submit?cmd=findRolesets

Request

Parameters

findRolesets
formatproperties - (Default) Returns the response as key=value pairs. When multiple objects are returned, values are comma-delimited: key=value1,value2,value3.

json - Returns the response as JSON.

csv - Returns the response as comma-separated values.

tsv - Returns the response as tab-separated values.

xml - Returns the response as XML.
delimiterThe delimiter to use between values for csv and properties formats
returnColumns

The names of the columns to return. returnColumns may be a CSV list of multiple column names. The parameter may also be listed multiple times (ie returnColumns=col1,col2&returnColumns=col3,col4)

Refer to Columns table below.
returnMaxRowsThe maximum number of objects to return
distincttrue, false Returns only distinct values, equivalent to the distinct keyword in SQL.
sortByColumns

The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified.

Refer to Columns table below.
sortDirectionDetermines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used.
includeHeaderRowtrue, false Include column headers when the return format is csv or tsv. (Default) true
ignoreCasetrue, false Returns case-insensitive search results for specified filter parameters. (Default) false

Filter Parameters

Any column listed in the Columns table can be passed as a filter parameter to narrow results. Filters are matched against the PV_ROLESETS public view.

Query logic

ScenarioBehavior
Two different parameters: role_set_type=GR&name=AveksaRolesAND. Returns global role sets named AveksaRoles.
Same parameter repeated: role_set_type=GR&role_set_type=BROR within that field. Returns global or business role sets.
Mixed: name=Birthright+Roles&role_set_type=GR&role_set_type=BR(name is Birthright Roles) AND (type is GR or BR)
OR logic across different parameters is not supported

A single API call cannot return role sets where role_set_type=GR OR name=Birthright Roles. OR logic between different filter parameters is not supported.

Workaround: Make separate requests for each filter condition. Merge and deduplicate the results client-side.

Columns

id[Primary Key] Unique role set identifier
nameRole set name
descriptionDescription of the role set
role_set_typeType of role set. GR = Global Role Set, BR = Business Role Set
tagTag applied to the role set for grouping or filtering
user_constraintConstraint expression limiting which users are in scope for this role set
ent_constraintConstraint expression limiting which entitlements are in scope for this role set
manager_id[Foreign Key referencing USERS.ID] User ID of the role set manager
created_by[Foreign Key referencing USERS.ID] User ID of who created the role set
creation_dateDate and time the role set was created
policy_user_membersPolicy threshold for user membership violations
policy_group_membersPolicy threshold for group membership violations
policy_app_entsPolicy threshold for application entitlement violations
policy_app_rolesPolicy threshold for application role violations
policy_group_entsPolicy threshold for group entitlement violations
policy_technical_rolesPolicy threshold for technical role violations
policy_global_rolesPolicy threshold for global role violations
policy_hierarchyPolicy threshold for role hierarchy violations
policy_ooc_membersPolicy threshold for out-of-constraint membership violations
policy_ooc_entsPolicy threshold for out-of-constraint entitlement violations

Headers

Bearer token
Acceptapplication/json
Content-Typeapplication/json

Response

Parameters

The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.

Examples

All columns

Omit returnColumns to return every field for each role set.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>"

Response

{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"created_by": "0",
"creation_date": "2025-03-29 18:06:09.0",
"description": "",
"user_constraint": "",
"ent_constraint": "",
"policy_user_members": "20",
"policy_group_members": "0",
"policy_app_ents": "20",
"policy_app_roles": "20",
"policy_group_ents": "20",
"policy_technical_roles": "20",
"policy_global_roles": "20",
"policy_hierarchy": "20",
"policy_ooc_members": "10",
"policy_ooc_ents": "10",
"role_set_type": "GR",
"tag": "",
"manager_id": "0"
},
{
"id": "40",
"name": "Epic Non Employee Role Set",
"created_by": "0",
"creation_date": "2024-03-15 14:07:58.0",
"description": "",
"user_constraint": "",
"ent_constraint": "",
"policy_user_members": "20",
"policy_group_members": "0",
"policy_app_ents": "10",
"policy_app_roles": "10",
"policy_group_ents": "10",
"policy_technical_roles": "20",
"policy_global_roles": "20",
"policy_hierarchy": "20",
"policy_ooc_members": "10",
"policy_ooc_ents": "10",
"role_set_type": "BR",
"tag": "",
"manager_id": "0"
}
]
}

Specific columns

Use returnColumns to limit the response to the fields you need.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,description,role_set_type" \
-H "Authorization: Bearer <token>"

Response

{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"description": "",
"role_set_type": "GR"
},
{
"id": "40",
"name": "Epic Non Employee Role Set",
"description": "",
"role_set_type": "BR"
},
{
"id": "42",
"name": "Privileged Roles",
"description": "",
"role_set_type": "BR"
}
]
}

Filter by a single value

Pass any column name as a query parameter to filter results. The example returns role sets where role_set_type is GR (Global Role Set).

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&role_set_type=GR" \
-H "Authorization: Bearer <token>"

Response

{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"role_set_type": "GR"
},
{
"id": "369",
"name": "Job Role Matrix - Documentum",
"role_set_type": "GR"
},
{
"id": "39",
"name": "Birthright Roles",
"role_set_type": "GR"
}
]
}

Filter with OR logic

Repeat the same parameter with different values to match any of them. The example returns role sets where role_set_type is GR or BR.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&role_set_type=GR&role_set_type=BR" \
-H "Authorization: Bearer <token>"

Response

{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"role_set_type": "GR"
},
{
"id": "40",
"name": "Epic Non Employee Role Set",
"role_set_type": "BR"
},
{
"id": "42",
"name": "Privileged Roles",
"role_set_type": "BR"
}
]
}

Case-insensitive filter

Filters are case-sensitive by default. Set ignoreCase=true to match regardless of case. The example passes role_set_type=gr in lowercase and still returns role sets with the stored value GR.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&role_set_type=gr&ignoreCase=true" \
-H "Authorization: Bearer <token>"

Response

{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"role_set_type": "GR"
},
{
"id": "369",
"name": "Job Role Matrix - Documentum",
"role_set_type": "GR"
},
{
"id": "39",
"name": "Birthright Roles",
"role_set_type": "GR"
}
]
}

Sort ascending

Use sortByColumns with a column name and sortDirection=asc to sort results A to Z. The example sorts by name.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&sortByColumns=name&sortDirection=asc" \
-H "Authorization: Bearer <token>"

Response

{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"role_set_type": "GR"
},
{
"id": "39",
"name": "Birthright Roles",
"role_set_type": "GR"
},
{
"id": "40",
"name": "Epic Non Employee Role Set",
"role_set_type": "BR"
}
]
}

Sort descending

Set sortDirection=desc to reverse the order.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&sortByColumns=name&sortDirection=desc" \
-H "Authorization: Bearer <token>"

Response

{
"findRolesets": [
{
"id": "43",
"name": "Security Admin roles",
"role_set_type": "BR"
},
{
"id": "169",
"name": "Role Set for RDC: Admin Roles",
"role_set_type": "GR"
},
{
"id": "42",
"name": "Privileged Roles",
"role_set_type": "BR"
}
]
}

CSV with custom delimiter

Set format=csv for a comma-separated response. Use delimiter to change the separator character.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=csv&returnMaxRows=3&returnColumns=id,name,role_set_type&delimiter=~" \
-H "Authorization: Bearer <token>"

Response

id~name~role_set_type
38~AveksaRoles~GR
40~Epic Non Employee Role Set~BR
42~Privileged Roles~BR

CSV without header row

Set includeHeaderRow=false when your downstream system expects raw data rows without a header.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=csv&returnMaxRows=3&returnColumns=id,name,role_set_type&includeHeaderRow=false" \
-H "Authorization: Bearer <token>"

Response

38,AveksaRoles,GR
40,Epic Non Employee Role Set,BR
42,Privileged Roles,BR

Error responses

A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column name that does not exist in the PV_ROLESETS public view.

<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findRolesets'. Token is invalid or expired</body>
</html>

Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.