Lightrun RBAC CLI Commands🔗

This reference describe the Lightrun CLI commands, options, and parameters available to Lightrun Administrators.

Prerequisites🔗

This tutorial assumes that you have:

Before your begin🔗

The commands in this reference are for managing users with the Lightrun Role-based access control (RBAC) feature.
The Lightrun Role-based access control feature is only available to users on our Enterprise plan; please contact our support team for more information.
Make sure to read the User management concepts guide before starting this tutorial to have a basic understanding of how user management works in Lightrun.

`groups & access`🔗

`create-group`🔗

The create-group command creates a group of users.

Synopsis🔗

java -jar lightrunc.jar create-group <Name>

Options🔗

Option	Description
Name	The name of the group.

Example🔗

Example

run java -jar lightrunc.jar create-group sysadmins to create a new group named sysadmins.

$ java -jar lightrunc create-group sysadmins                       
Group 'sysadmins' (id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b) successfully created

`update-group-name`🔗

The update-group-name command updates the name of a group.

Synopsis🔗

java -jar lightrunc.jar update-group-name <GroupId> <Name>

Options🔗

Option	Description
Group ID	The ID of the relevant group.
Name	The group’s new name.

Example🔗

Example

run java -jar lightrunc.jar update-group-name <group id> <new_name> to update the name of a group.

$ java -jar lightrunc update-group-name  5f8881b7-3e04-48ab-9bba-b2d1b9870a8b sys-managers
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`list-groups`🔗

The list-groups command returns a list of all groups available to the current user.

Note

The list-groups command will return all groups in the Lightrun organization if the user is a System Administrator.

Synopsis🔗

java -jar lightrunc.jar list-groups

Example🔗

Example

run java -jar lightrunc.jar list-groups.

$ java -jar lightrunc list-groups          
ID 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b NAME sysadmins USERS COUNT 0 GROUP ADMINS N/A
ID b1603a77-661c-44c6-89de-dfd1d126f0c9 NAME 664379ed-7b49-472b-9d08-19d2ab3b0c84 USERS COUNT 1 GROUP ADMINS N/A
Page 1 of 1

`list-accesses`🔗

The list-accesses command returns the role, elevated users, and agent pools associated with a group.

Synopsis🔗

java -jar lightrunc.jar list-accesses <GroupId>

Options🔗

Option	Description
Group ID	The ID of the relevant group.

Example🔗

Example

run java -jar lightrunc.jar list-accesses <GroupId>.

$ java -jar lightrunc list-accesses  5f8881b7-3e04-48ab-9bba-b2d1b9870a8b
Group "5f8881b7-3e04-48ab-9bba-b2d1b9870a8b" has access to agent-pools [Default Agent Pool] with role "Standard"

`update-group-role`🔗

The update-group-role command updates the role assigned to a group.

Synopsis🔗

java -jar lightrunc.jar update-group-role <GroupId> <RoleName>

Options🔗

Option	Description
Group ID	The ID of the relevant group.
Role Name	The role that should be assigned to the group. A group can be assigned one of the following roles. - Standard - Privileged

Example🔗

Example

run java -jar lightrunc.jar update-group-role <GroupId> <RoleName>.

$ java -jar lightrunc update-group-role  5f8881b7-3e04-48ab-9bba-b2d1b9870a8b privileged
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`add-group-members`🔗

The add-group-members adds users to a group.

Synopsis🔗

java -jar lightrunc.jar add-group-members <GroupId> [email...]

Options🔗

Option	Description
Group ID	The ID of the relevant group.
email	The email address of the relevant user.

Example🔗

Example

run java -jar lightrunc.jar add-group-members <GroupId> <email> to add a user to a group.

$ java -jar lightrunc add-group-members 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar add-group-members <GroupId> email1, email2 to add multiple users to a group.

$ java -jar lightrunc add-group-members 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user1@email.com user2@email.com 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`remove-group-members`🔗

The remove-group-members removes users from a group.

Synopsis🔗

java -jar lightrunc.jar remove-group-members <GroupId> [email...]

Options🔗

Option	Description
Group ID	The ID of the relevant group.
email	The email address of the relevant user.

Example🔗

Example

run java -jar lightrunc.jar remove-group-members <GroupId> <email> to add a user to a group.

$ java -jar lightrunc remove-group-members 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar remove-group-members <GroupId> email1, email2 to add multiple users to a group.

$ java -jar lightrunc remove-group-members 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user1@email.com user2@email.com 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`promote-to-group-admins`🔗

The promote-to-group-admins command promotes a user to a group admin role.

Synopsis🔗

java -jar lightrunc.jar promote-to-group-admins <GroupId> [email...]

Options🔗

Option	Description
Group ID	The ID of the relevant group.
email	The email address of the relevant user.

Example🔗

Example

run java -jar lightrunc.jar promote-to-group-admins <GroupId> <email> to promote a user to a group admin.

$ java -jar lightrunc promote-to-group-admins 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar promote-to-group-admins <GroupId> email1, email2 to promote multiple users to group admin.

$ java -jar lightrunc promote-to-group-admins 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user1@email.com user2@email.com 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`demote-from-group-admins`🔗

The demote-from-group-admins command removes a user as a group admin.

Synopsis🔗

java -jar lightrunc.jar demote-from-group-admins <GroupId> [email...]

Options🔗

Option	Description
Group ID	The ID of the relevant group.
email	The email address of the relevant user.

Example🔗

Example

run java -jar lightrunc.jar demote-from-group-admins <GroupId> <email> to remove a user as a group admin.

$ java -jar lightrunc demote-from-group-admins 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar demote-from-group-admins <GroupId> email1, email2 to remove multiple users as group admins.

$ java -jar lightrunc demote-from-group-admins 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user1@email.com user2@email.com 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`duplicate-group`🔗

The duplicate-group command duplicates a group of users.

Synopsis🔗

java -jar lightrunc.jar duplicate-group <GroupId> <Name>

Options🔗

Option	Description
Group ID	The ID of the group to be duplicated.
Name	The name of the duplicate group.

Example🔗

Example

run java -jar lightrunc.jar duplicate-group <GroupId> <Name>

$ java -jar lightrunc duplicate-group 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b newgroupname
Group 'newgroupname' (id: 2d71546a-6f5f-47d4-9754-73ee9ccfc959) successfully created

`add-access-to-pools`🔗

The add-access-to-pools command grants a group access to an agent pool.

Synopsis🔗

java -jar lightrunc.jar add-access-to-pools <GroupId> <PoolName1> [PoolName1...]

Options🔗

Option	Description
Group ID	The ID of the relevant group.
PoolName	Agent pool names.

Example🔗

Example

run java -jar lightrunc.jar add-access-to-pools <GroupId> <PoolName1> to grant access to an agent pool.

$ java -jar lightrunc add-access-to-pools 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b agentPool1 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar add-access-to-pools <GroupId> <PoolName1> <PoolName2 to grant access to multiple agent pools.

$ java -jar lightrunc add-access-to-pools 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b agentPool1 agentPool2
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`remove-access-to-pools`🔗

The remove-access-to-pools command removes the access that a group has to an agent pool.

Synopsis🔗

java -jar lightrunc.jar remove-access-to-pools <GroupId> <PoolName1> [PoolName2...]

Options🔗

Option	Description
Group ID	The ID of the relevant group.
PoolName	Agent pool names.

Example🔗

Example

run java -jar lightrunc.jar remove-access-to-pools <GroupId> <PoolName1> to remove access to an agent pool.

$ java -jar lightrunc remove-access-to-pools 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b agentPool1 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar remove-access-to-pools <GroupId> <PoolName1> <PoolName2 remove access to multiple agent pools.

$ java -jar lightrunc remove-access-to-pools 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b agentPool1 agentPool2
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`delete-group`🔗

The delete-group command deletes a group.

Warning

A group cannot be restored once deleted.

Synopsis🔗

java -jar lightrunc.jar delete-group <Name>

Options🔗

Option	Description
Name	The name of the group.

Example🔗

Example

- run java -jar lightrunc.jar delete-group <Name>

$ java -jar lightrunc delete-group  8986ca74-7044-438b-840e-2e3a1ae8898f
Group (id: 8986ca74-7044-438b-840e-2e3a1ae8898f) successfully deleted

`agent-pool`🔗

`create-agent-pool`🔗

The create-agent-pool command creates a new agent pool.

Synopsis🔗

java -jar lightrunc.jar create-agent-pool <Name> [Description]

Options🔗

Option	Description
Name	The name of the new agent pool.
email	Agent pool description.

Example🔗

Example

run java -jar lightrunc.jar create-agent-pool <Name> [Description].

$ java -jar lightrunc create-agent-pool agentPool1 new-agent-pool         
   Agent pool 'agentPool1' (id: 77eb44fc-e2e7-4358-b43d-ad1942b0b7f6) successfully created

`agent-pool`🔗

The agent-pool command specifies the agent pool to be used by the command line.

Synopsis🔗

java -jar lightrunc.jar agent-pool <AgentPoolId>

Note

After setting an agent pool with the agent-pool command, all results returned by the command line will only be relevant to that agent pool. To run a command for another agent pool, add the --agent-pool flag to the command.

`java -jar lightrunc.jar <current_command> --agent-pool <AgentPoolId>`

Options🔗

Option	Description
Agent Pool ID	The ID of the relevant agent pool.

Example🔗

Example

run java -jar lightrunc.jar agent-pool <AgentPoolId>

$ java -jar lightrunc agent-pool 77eb44fc-e2e7-4358-b43d-ad1942b0b7f6
   Agent pool set to (id: 77eb44fc-e2e7-4358-b43d-ad1942b0b7f6) successfully. All following commands will use this agent pool.

`delete-agent-pool`🔗

The delete-agent-pool command deletes an agent pool.

Warning

An agent pool cannot be restored once deleted.

Synopsis🔗

java -jar lightrunc.jar delete-agent-pool <AgentPoolId>

Options🔗

Option	Description
Agent Pool ID	The ID of the relevant agent pool.

Example🔗

Example

run java -jar lightrunc.jar delete-agent-pool <AgentPoolId>

$ java -jar lightrunc delete-agent-pool 2f60469f-787b-41a0-8f39-5b4ae01c8495

`roles`🔗

`list-roles`🔗

The list-roles command outputs all roles and their permissions.

Synopsis🔗

java -jar lightrunc.jar list-roles

Example🔗

Example

run java -jar lightrunc.jar list-roles

$ java -jar lightrunc list-roles                            
ID 5ad5a113-05d1-4033-9dba-20346dee2477 NAME Standard PERMISSIONS [STANDARD]
ID d5e25064-7321-4f37-824d-369430a205b3 NAME Privileged PERMISSIONS [STANDARD, IGNORE_QUOTA]

`add-elevated-roles`🔗

The add-elevated-roles command grants a user an elevated role.

Synopsis🔗

java -jar lightrunc.jar add-elevated-roles <GroupId> <Email>:<RoleName> [Email:RoleName...]

Options🔗

Option	Description
Group ID	The ID of the relevant group.
Email	The email of the relevant user.
RoleName	The new role to be assigned to the user

Example🔗

Example

run java -jar lightrunc.jar add-elevated-roles <GroupId> <Email>:<RoleName> to grant a user an elevated role.

$ java -jar lightrunc add-elevated-roles 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com:Privileged 
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar add-elevated-roles <GroupId> <Email>:<RoleName> [Email:RoleName...] to grant multiple users in a group elevated roles.

$ java -jar lightrunc add-elevated-roles 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com:Privileged  user1@email:Privileged
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`remove-elevated-roles`🔗

The remove-elevated-roles command removes the elevated role assigned to a user.

Synopsis🔗

java -jar lightrunc.jar remove-elevated-roles <GroupId> <Email1> [Email2...]

Options🔗

Option	Description
Group ID	The ID of the relevant group.
Email	The email of the relevant user.

Example🔗

Example

run java -jar lightrunc.jar remove-elevated-roles <GroupId> <Email> to remove the elevated role granted to a user.

$ java -jar lightrunc remove-elevated-roles 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar remove-elevated-roles <GroupId> <Email> [Email..] to remove the elevated role granted to multiple users.

$ java -jar lightrunc remove-elevated-roles 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email user1@email
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

Last update: November 6, 2025

Lightrun RBAC CLI Commands🔗

Prerequisites🔗

Before your begin🔗

groups & access🔗

create-group🔗

Synopsis🔗

Options🔗

Example🔗

update-group-name🔗

Synopsis🔗

Options🔗

Example🔗

list-groups🔗

Synopsis🔗

Example🔗

list-accesses🔗

Synopsis🔗

Options🔗

Example🔗

update-group-role🔗

Synopsis🔗

Options🔗

Example🔗

add-group-members🔗

Synopsis🔗

Options🔗

Example🔗

remove-group-members🔗

Synopsis🔗

Options🔗

Example🔗

promote-to-group-admins🔗

Synopsis🔗

Options🔗

Example🔗

demote-from-group-admins🔗

Synopsis🔗

Options🔗

Example🔗

duplicate-group🔗

Synopsis🔗

Options🔗

Example🔗

add-access-to-pools🔗

Synopsis🔗

Options🔗

Example🔗

remove-access-to-pools🔗

Synopsis🔗

Options🔗

Example🔗

delete-group🔗

Synopsis🔗

Options🔗

Example🔗

agent-pool🔗

create-agent-pool🔗

Synopsis🔗

Options🔗

Example🔗

agent-pool🔗

Synopsis🔗

Options🔗

Example🔗

delete-agent-pool🔗

Synopsis🔗

Options🔗

Example🔗

roles🔗

list-roles🔗

Synopsis🔗

Example🔗

add-elevated-roles🔗

Synopsis🔗

Options🔗

Example🔗

remove-elevated-roles🔗

Synopsis🔗

Options🔗

Example🔗

`groups & access`🔗

`create-group`🔗

`update-group-name`🔗

`list-groups`🔗

`list-accesses`🔗

`update-group-role`🔗

`add-group-members`🔗

`remove-group-members`🔗

`promote-to-group-admins`🔗

`demote-from-group-admins`🔗

`duplicate-group`🔗

`add-access-to-pools`🔗

`remove-access-to-pools`🔗

`delete-group`🔗

`agent-pool`🔗

`create-agent-pool`🔗

`agent-pool`🔗

`delete-agent-pool`🔗

`roles`🔗

`list-roles`🔗

`add-elevated-roles`🔗

`remove-elevated-roles`🔗