Find Rolesets
Find role sets in the identity store. The command uses the PV_ROLESETS public view to find data. Any filters passed should apply to this public view.
GET https://instance.securid.com/aveksa/command.submit?cmd=findRolesets
Request
Parameters
| findRolesets | |
| format | properties - (Default) Returns the response as key=value pairs. When multiple objects are returned, values are comma-delimited: key=value1,value2,value3.json - Returns the response as JSON.csv - Returns the response as comma-separated values.tsv - Returns the response as tab-separated values.xml - Returns the response as XML. |
| delimiter | The delimiter to use between values for csv and properties formats |
| returnColumns | The names of the columns to return. |
| returnMaxRows | The maximum number of objects to return |
| distinct | true, false Returns only distinct values, equivalent to the distinct keyword in SQL. |
| sortByColumns | The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified. Refer to Columns table below. |
| sortDirection | Determines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used. |
| includeHeaderRow | true, false Include column headers when the return format is csv or tsv. (Default) true |
| ignoreCase | true, false Returns case-insensitive search results for specified filter parameters. (Default) false |
Filter Parameters
Any column listed in the Columns table can be passed as a filter parameter to narrow results. Filters are matched against the PV_ROLESETS public view.
Query logic
| Scenario | Behavior |
|---|---|
Two different parameters: role_set_type=GR&name=AveksaRoles | AND. Returns global role sets named AveksaRoles. |
Same parameter repeated: role_set_type=GR&role_set_type=BR | OR within that field. Returns global or business role sets. |
Mixed: name=Birthright+Roles&role_set_type=GR&role_set_type=BR | (name is Birthright Roles) AND (type is GR or BR) |
A single API call cannot return role sets where role_set_type=GR OR name=Birthright Roles. OR logic between different filter parameters is not supported.
Workaround: Make separate requests for each filter condition. Merge and deduplicate the results client-side.
Columns
| id | [Primary Key] Unique role set identifier |
| name | Role set name |
| description | Description of the role set |
| role_set_type | Type of role set. GR = Global Role Set, BR = Business Role Set |
| tag | Tag applied to the role set for grouping or filtering |
| user_constraint | Constraint expression limiting which users are in scope for this role set |
| ent_constraint | Constraint expression limiting which entitlements are in scope for this role set |
| manager_id | [Foreign Key referencing USERS.ID] User ID of the role set manager |
| created_by | [Foreign Key referencing USERS.ID] User ID of who created the role set |
| creation_date | Date and time the role set was created |
| policy_user_members | Policy threshold for user membership violations |
| policy_group_members | Policy threshold for group membership violations |
| policy_app_ents | Policy threshold for application entitlement violations |
| policy_app_roles | Policy threshold for application role violations |
| policy_group_ents | Policy threshold for group entitlement violations |
| policy_technical_roles | Policy threshold for technical role violations |
| policy_global_roles | Policy threshold for global role violations |
| policy_hierarchy | Policy threshold for role hierarchy violations |
| policy_ooc_members | Policy threshold for out-of-constraint membership violations |
| policy_ooc_ents | Policy threshold for out-of-constraint entitlement violations |
Headers
Bearer token | |
| Accept | application/json |
| Content-Type | application/json |
Response
Parameters
The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.
Examples
All columns
Omit returnColumns to return every field for each role set.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findRolesets",
"format": "json",
"returnMaxRows": "2"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findRolesets",
format: "json",
returnMaxRows: "2"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"created_by": "0",
"creation_date": "2025-03-29 18:06:09.0",
"description": "",
"user_constraint": "",
"ent_constraint": "",
"policy_user_members": "20",
"policy_group_members": "0",
"policy_app_ents": "20",
"policy_app_roles": "20",
"policy_group_ents": "20",
"policy_technical_roles": "20",
"policy_global_roles": "20",
"policy_hierarchy": "20",
"policy_ooc_members": "10",
"policy_ooc_ents": "10",
"role_set_type": "GR",
"tag": "",
"manager_id": "0"
},
{
"id": "40",
"name": "Epic Non Employee Role Set",
"created_by": "0",
"creation_date": "2024-03-15 14:07:58.0",
"description": "",
"user_constraint": "",
"ent_constraint": "",
"policy_user_members": "20",
"policy_group_members": "0",
"policy_app_ents": "10",
"policy_app_roles": "10",
"policy_group_ents": "10",
"policy_technical_roles": "20",
"policy_global_roles": "20",
"policy_hierarchy": "20",
"policy_ooc_members": "10",
"policy_ooc_ents": "10",
"role_set_type": "BR",
"tag": "",
"manager_id": "0"
}
]
}
Specific columns
Use returnColumns to limit the response to the fields you need.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,description,role_set_type" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findRolesets",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,description,role_set_type"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findRolesets",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,description,role_set_type"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
- 412 Invalid column
{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"description": "",
"role_set_type": "GR"
},
{
"id": "40",
"name": "Epic Non Employee Role Set",
"description": "",
"role_set_type": "BR"
},
{
"id": "42",
"name": "Privileged Roles",
"description": "",
"role_set_type": "BR"
}
]
}
<html>
<head><title>Error</title></head>
<body>The parameter returncolumns contains an invalid column - `invalid_col`.
Query String=cmd=findRolesets&format=json&returnMaxRows=2&returnColumns=id,invalid_col</body>
</html>
Filter by a single value
Pass any column name as a query parameter to filter results. The example returns role sets where role_set_type is GR (Global Role Set).
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&role_set_type=GR" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findRolesets",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,role_set_type",
"role_set_type": "GR"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findRolesets",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,role_set_type",
role_set_type: "GR"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"role_set_type": "GR"
},
{
"id": "369",
"name": "Job Role Matrix - Documentum",
"role_set_type": "GR"
},
{
"id": "39",
"name": "Birthright Roles",
"role_set_type": "GR"
}
]
}
Filter with OR logic
Repeat the same parameter with different values to match any of them. The example returns role sets where role_set_type is GR or BR.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&role_set_type=GR&role_set_type=BR" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = [
("cmd", "findRolesets"),
("format", "json"),
("returnMaxRows", "3"),
("returnColumns", "id,name,role_set_type"),
("role_set_type", "GR"),
("role_set_type", "BR")
]
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
const params = new URLSearchParams();
params.append('cmd', 'findRolesets');
params.append('format', 'json');
params.append('returnMaxRows', '3');
params.append('returnColumns', 'id,name,role_set_type');
params.append('role_set_type', 'GR');
params.append('role_set_type', 'BR');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params,
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"role_set_type": "GR"
},
{
"id": "40",
"name": "Epic Non Employee Role Set",
"role_set_type": "BR"
},
{
"id": "42",
"name": "Privileged Roles",
"role_set_type": "BR"
}
]
}
Case-insensitive filter
Filters are case-sensitive by default. Set ignoreCase=true to match regardless of case. The example passes role_set_type=gr in lowercase and still returns role sets with the stored value GR.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&role_set_type=gr&ignoreCase=true" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findRolesets",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,role_set_type",
"role_set_type": "gr",
"ignoreCase": "true"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findRolesets",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,role_set_type",
role_set_type: "gr",
ignoreCase: "true"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"role_set_type": "GR"
},
{
"id": "369",
"name": "Job Role Matrix - Documentum",
"role_set_type": "GR"
},
{
"id": "39",
"name": "Birthright Roles",
"role_set_type": "GR"
}
]
}
Sort ascending
Use sortByColumns with a column name and sortDirection=asc to sort results A to Z. The example sorts by name.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&sortByColumns=name&sortDirection=asc" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findRolesets",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,role_set_type",
"sortByColumns": "name",
"sortDirection": "asc"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findRolesets",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,role_set_type",
sortByColumns: "name",
sortDirection: "asc"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findRolesets": [
{
"id": "38",
"name": "AveksaRoles",
"role_set_type": "GR"
},
{
"id": "39",
"name": "Birthright Roles",
"role_set_type": "GR"
},
{
"id": "40",
"name": "Epic Non Employee Role Set",
"role_set_type": "BR"
}
]
}
Sort descending
Set sortDirection=desc to reverse the order.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=json&returnMaxRows=3&returnColumns=id,name,role_set_type&sortByColumns=name&sortDirection=desc" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findRolesets",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,role_set_type",
"sortByColumns": "name",
"sortDirection": "desc"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findRolesets",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,role_set_type",
sortByColumns: "name",
sortDirection: "desc"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findRolesets": [
{
"id": "43",
"name": "Security Admin roles",
"role_set_type": "BR"
},
{
"id": "169",
"name": "Role Set for RDC: Admin Roles",
"role_set_type": "GR"
},
{
"id": "42",
"name": "Privileged Roles",
"role_set_type": "BR"
}
]
}
CSV with custom delimiter
Set format=csv for a comma-separated response. Use delimiter to change the separator character.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=csv&returnMaxRows=3&returnColumns=id,name,role_set_type&delimiter=~" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findRolesets",
"format": "csv",
"returnMaxRows": "3",
"returnColumns": "id,name,role_set_type",
"delimiter": "~"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.text)
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findRolesets",
format: "csv",
returnMaxRows: "3",
returnColumns: "id,name,role_set_type",
delimiter: "~"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
id~name~role_set_type
38~AveksaRoles~GR
40~Epic Non Employee Role Set~BR
42~Privileged Roles~BR
CSV without header row
Set includeHeaderRow=false when your downstream system expects raw data rows without a header.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findRolesets&format=csv&returnMaxRows=3&returnColumns=id,name,role_set_type&includeHeaderRow=false" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findRolesets",
"format": "csv",
"returnMaxRows": "3",
"returnColumns": "id,name,role_set_type",
"includeHeaderRow": "false"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.text)
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findRolesets",
format: "csv",
returnMaxRows: "3",
returnColumns: "id,name,role_set_type",
includeHeaderRow: "false"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
38,AveksaRoles,GR
40,Epic Non Employee Role Set,BR
42,Privileged Roles,BR
Error responses
A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column name that does not exist in the PV_ROLESETS public view.
- 401 Invalid token
- 412 Invalid column
<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findRolesets'. Token is invalid or expired</body>
</html>
<html>
<head><title>Error</title></head>
<body>The parameter returncolumns contains an invalid column - `invalid_col`.
Query String=cmd=findRolesets&format=json&returnMaxRows=2&returnColumns=id,invalid_col</body>
</html>
Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.