Query subjects for Role Configuration namespace

Query subjects for Role Configuration namespace

The following table lists the query subjects in the Role Configuration namespace.

Query subject Description

Role Represents a role and some of its configuration attributes.

Role Owner Represents an owner of a role associated with the audit action. The owner can be a user or role. You must use this query subject with the Role query subject.

Parent Roles Represents the parent of a role. You must use this query subject with the Role query subject to obtain information about the parent of the role.

Role Assignment Attributes Represents an assignment attributes for a role. You must use this query subject with the Role query subject to obtain information about the assignment attributes for the role.

Role Members Represents the user members of a role. You must use this query subject with the Role query subject to obtain information about the members of the role.

Role ACI Represents an ACI that is applicable on the roles. You must use this query subject with the Role query subject to obtain information about the roles that are managed by an ACI.

ACI Operations Represents information about operations that are governed by an ACI. You must use this query subject with the Role ACI query subject to obtain information about an ACI associated with the role.

ACI Attribute Permissions Represents information about the attributes and operations that can be performed on the attributes. You must use this query subject with the Role ACI query subject to obtain information about an ACI associated with a role.

Recertification Policy Represents the recertification policy and some of its configuration attributes. You must use this query subject with the Role query subject to obtain information about the roles that are recertified by the recertification policy.

Recertification Policy Business Unit Represents a business unit to which the recertification policy is applicable.

Provisioning Policy Represents the provisioning policy and some of its configuration attributes. You must use this query subject with the Role query subject to obtain information about the roles who are member of a provisioning policy.

Shared Access Policy Represents the shared access policy that provides entitlements for the credentials and credential pools. You must use this query subject with the Role query subject to obtain information about the role members of the shared access policy.

Separation of Duty Policy Represents a separation of duty policy and some of its configuration attributes. You must use this query subject with the Role query subject to obtain information about the roles to which the policy applies.

Separation of Duty Rule Represents the rule defined for a separation of duty policy. You must use this query subject with the Separation of Duty Policy and Role query subjects to obtain information about:
The rules defined for a separation of duty policy.
The roles that are covered by a separation of duty rule.

Parent topic: Role Configuration namespace

Query subject	Description
Role	Represents a role and some of its configuration attributes.
Role Owner	Represents an owner of a role associated with the audit action. The owner can be a user or role. You must use this query subject with the Role query subject.
Parent Roles	Represents the parent of a role. You must use this query subject with the Role query subject to obtain information about the parent of the role.
Role Assignment Attributes	Represents an assignment attributes for a role. You must use this query subject with the Role query subject to obtain information about the assignment attributes for the role.
Role Members	Represents the user members of a role. You must use this query subject with the Role query subject to obtain information about the members of the role.
Role ACI	Represents an ACI that is applicable on the roles. You must use this query subject with the Role query subject to obtain information about the roles that are managed by an ACI.
ACI Operations	Represents information about operations that are governed by an ACI. You must use this query subject with the Role ACI query subject to obtain information about an ACI associated with the role.
ACI Attribute Permissions	Represents information about the attributes and operations that can be performed on the attributes. You must use this query subject with the Role ACI query subject to obtain information about an ACI associated with a role.
Recertification Policy	Represents the recertification policy and some of its configuration attributes. You must use this query subject with the Role query subject to obtain information about the roles that are recertified by the recertification policy.
Recertification Policy Business Unit	Represents a business unit to which the recertification policy is applicable.
Provisioning Policy	Represents the provisioning policy and some of its configuration attributes. You must use this query subject with the Role query subject to obtain information about the roles who are member of a provisioning policy.
Shared Access Policy	Represents the shared access policy that provides entitlements for the credentials and credential pools. You must use this query subject with the Role query subject to obtain information about the role members of the shared access policy.
Separation of Duty Policy	Represents a separation of duty policy and some of its configuration attributes. You must use this query subject with the Role query subject to obtain information about the roles to which the policy applies.
Separation of Duty Rule	Represents the rule defined for a separation of duty policy. You must use this query subject with the Separation of Duty Policy and Role query subjects to obtain information about: The rules defined for a separation of duty policy. The roles that are covered by a separation of duty rule.