NSX-T Data Center REST API
RoleBinding (type)
{
"extends": {
"$ref": "ManagedResource
},
"id": "RoleBinding",
"module_id": "AAA",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"identity_source_id": {
"description": "The ID of the external identity source that holds the referenced external entity. Currently, only external LDAP and OIDC servers are allowed.",
"required": false,
"title": "ID of the external identity source",
"type": "string"
},
"identity_source_type": {
"default": "VIDM",
"enum": [
"VIDM",
"LDAP",
"OIDC",
"CSP"
],
"required": false,
"title": "Identity source type",
"type": "string"
},
"name": {
"readonly": true,
"required": true,
"title": "User/Group's name",
"type": "string"
},
"read_roles_for_paths": {
"description": "Set this property to true to cause the user's role definition to be read from the roles_for_paths property. Set it to false to cause the user's role definition to be read from the roles property.",
"readonly": false,
"required": false,
"title": "Read from roles_for_paths instead of roles",
"type": "boolean"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"roles": {
"deprecated": true,
"deprecation_advice": "This property is deprecated in favour of roles_for_paths.",
"items": {
"$ref": "Role
},
"readonly": true,
"required": false,
"title": "Roles",
"type": "array"
},
"roles_for_paths": {
"description": "The roles that are associated with the user, limiting them to a path. In case the path is '/', the roles apply everywhere i.e. it is same as the deprecated property roles.",
"items": {
"$ref": "RolesForPath
},
"readonly": false,
"required": false,
"title": "Roles for Paths",
"type": "array"
},
"stale": {
"description": "Property 'stale' can be considered to have these values - absent - This type of rolebinding does not support stale property TRUE - Rolebinding is stale in vIDM meaning the user is no longer present in vIDM FALSE - Rolebinding is available in vIDM UNKNOWN - Rolebinding's state of staleness in unknown Once rolebindings become stale, they can be deleted using the API POST /aaa/role-bindings?action=delete_stale_bindings",
"enum": [
"TRUE",
"FALSE",
"UNKNOWN"
],
"readonly": true,
"required": false,
"title": "Stale in vIDM",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"type": {
"description": "Indicates the type of the user. remote_user - This is a user which is external to NSX. remote_group - This is a group of users which is external to NSX. local_user - This is a user local to NSX. These are linux users. principal_identity - This is a principal identity user. remote - The the principal is remote but whether it is a user or group is not known. Currently this is applicable only to LDAP identity_source_type.",
"enum": [
"remote_user",
"remote_group",
"local_user",
"principal_identity",
"remote"
],
"readonly": true,
"required": true,
"title": "Type",
"type": "string"
},
"user_id": {
"description": "Local user's numeric id on the system.",
"readonly": true,
"required": false,
"title": "Local user's numeric id",
"type": "string"
}
},
"title": "User/Group's role binding",
"type": "object"
}