Lightrun RBAC CLI Commands¶

This reference describe the Lightrun CLI commands, options, and parameters available to Lightrun Administrators.

Prerequisites¶

This tutorial assumes that you have:

Before your begin¶

The commands in this reference are for managing users with the Lightrun Role-based access control (RBAC) feature.
The Lightrun Role-based access control feature is only available to users on our Enterprise plan; please contact our support team for more information.
Make sure to read the User management concepts guide before starting this tutorial to have a basic understanding of how user management works in Lightrun.

`groups & access`¶

`create-group`¶

The create-group command creates a group of users.

Synopsis¶

java -jar lightrunc.jar create-group <Name>

Options¶

Option	Description
Name	The name of the group.

Example¶

Example

run java -jar lightrunc.jar create-group sysadmins to create a new group named sysadmins.

$ java -jar lightrunc create-group sysadmins                       
Group 'sysadmins' (id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b) successfully created

`update-group-name`¶

The update-group-name command updates the name of a group.

Synopsis¶

java -jar lightrunc.jar update-group-name <GroupId> <Name>

Options¶

Option	Description
Group ID	The ID of the relevant group.
Name	The group’s new name.

Example¶

Example

run java -jar lightrunc.jar update-group-name <group id> <new_name> to update the name of a group.

$ java -jar lightrunc update-group-name  5f8881b7-3e04-48ab-9bba-b2d1b9870a8b sys-managers
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`list-groups`¶

The list-groups command returns a list of all groups available to the current user.

Note

The list-groups command will return all groups in the Lightrun organization if the user is a System Administrator.

Synopsis¶

java -jar lightrunc.jar list-groups

Example¶

Example

run java -jar lightrunc.jar list-groups.

$ java -jar lightrunc list-groups          
ID 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b NAME sysadmins USERS COUNT 0 GROUP ADMINS N/A
ID b1603a77-661c-44c6-89de-dfd1d126f0c9 NAME 664379ed-7b49-472b-9d08-19d2ab3b0c84 USERS COUNT 1 GROUP ADMINS N/A
Page 1 of 1

`list-accesses`¶

The list-accesses command returns the role, elevated users, and agent pools associated with a group.

Synopsis¶

java -jar lightrunc.jar list-accesses <GroupId>

Options¶

Option	Description
Group ID	The ID of the relevant group.

Example¶

Example

run java -jar lightrunc.jar list-accesses <GroupId>.

$ java -jar lightrunc list-accesses  5f8881b7-3e04-48ab-9bba-b2d1b9870a8b
Group "5f8881b7-3e04-48ab-9bba-b2d1b9870a8b" has access to agent-pools [Default Agent Pool] with role "Standard"

`update-group-role`¶

The update-group-role command updates the role assigned to a group.

Synopsis¶

java -jar lightrunc.jar update-group-role <GroupId> <RoleName>

Options¶

Option	Description
Group ID	The ID of the relevant group.
Role Name	The role that should be assigned to the group. A group can be assigned one of the following roles. - Standard - Privileged

Example¶

Example

run java -jar lightrunc.jar update-group-role <GroupId> <RoleName>.

$ java -jar lightrunc update-group-role  5f8881b7-3e04-48ab-9bba-b2d1b9870a8b privileged
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`add-group-members`¶

The add-group-members adds users to a group.

Synopsis¶

java -jar lightrunc.jar add-group-members <GroupId> [email...]

Options¶

Option	Description
Group ID	The ID of the relevant group.
email	The email address of the relevant user.

Example¶

Example

run java -jar lightrunc.jar add-group-members <GroupId> <email> to add a user to a group.

$ java -jar lightrunc add-group-members 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar add-group-members <GroupId> email1, email2 to add multiple users to a group.

$ java -jar lightrunc add-group-members 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user1@email.com user2@email.com 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`remove-group-members`¶

The remove-group-members removes users from a group.

Synopsis¶

java -jar lightrunc.jar remove-group-members <GroupId> [email...]

Options¶

Option	Description
Group ID	The ID of the relevant group.
email	The email address of the relevant user.

Example¶

Example

run java -jar lightrunc.jar remove-group-members <GroupId> <email> to add a user to a group.

$ java -jar lightrunc remove-group-members 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar remove-group-members <GroupId> email1, email2 to add multiple users to a group.

$ java -jar lightrunc remove-group-members 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user1@email.com user2@email.com 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`promote-to-group-admins`¶

The promote-to-group-admins command promotes a user to a group admin role.

Synopsis¶

java -jar lightrunc.jar promote-to-group-admins <GroupId> [email...]

Options¶

Option	Description
Group ID	The ID of the relevant group.
email	The email address of the relevant user.

Example¶

Example

run java -jar lightrunc.jar promote-to-group-admins <GroupId> <email> to promote a user to a group admin.

$ java -jar lightrunc promote-to-group-admins 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar promote-to-group-admins <GroupId> email1, email2 to promote multiple users to group admin.

$ java -jar lightrunc promote-to-group-admins 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user1@email.com user2@email.com 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`demote-from-group-admins`¶

The demote-from-group-admins command removes a user as a group admin.

Synopsis¶

java -jar lightrunc.jar demote-from-group-admins <GroupId> [email...]

Options¶

Option	Description
Group ID	The ID of the relevant group.
email	The email address of the relevant user.

Example¶

Example

run java -jar lightrunc.jar demote-from-group-admins <GroupId> <email> to remove a user as a group admin.

$ java -jar lightrunc demote-from-group-admins 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar demote-from-group-admins <GroupId> email1, email2 to remove multiple users as group admins.

$ java -jar lightrunc demote-from-group-admins 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user1@email.com user2@email.com 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`duplicate-group`¶

The duplicate-group command duplicates a group of users.

Synopsis¶

java -jar lightrunc.jar duplicate-group <GroupId> <Name>

Options¶

Option	Description
Group ID	The ID of the group to be duplicated.
Name	The name of the duplicate group.

Example¶

Example

run java -jar lightrunc.jar duplicate-group <GroupId> <Name>

$ java -jar lightrunc duplicate-group 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b newgroupname
Group 'newgroupname' (id: 2d71546a-6f5f-47d4-9754-73ee9ccfc959) successfully created

`add-access-to-pools`¶

The add-access-to-pools command grants a group access to an agent pool.

Synopsis¶

java -jar lightrunc.jar add-access-to-pools <GroupId> <PoolName1> [PoolName1...]

Options¶

Option	Description
Group ID	The ID of the relevant group.
PoolName	Agent pool names.

Example¶

Example

run java -jar lightrunc.jar add-access-to-pools <GroupId> <PoolName1> to grant access to an agent pool.

$ java -jar lightrunc add-access-to-pools 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b agentPool1 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar add-access-to-pools <GroupId> <PoolName1> <PoolName2 to grant access to multiple agent pools.

$ java -jar lightrunc add-access-to-pools 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b agentPool1 agentPool2
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`remove-access-to-pools`¶

The remove-access-to-pools command removes the access that a group has to an agent pool.

Synopsis¶

java -jar lightrunc.jar remove-access-to-pools <GroupId> <PoolName1> [PoolName2...]

Options¶

Option	Description
Group ID	The ID of the relevant group.
PoolName	Agent pool names.

Example¶

Example

run java -jar lightrunc.jar remove-access-to-pools <GroupId> <PoolName1> to remove access to an agent pool.

$ java -jar lightrunc remove-access-to-pools 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b agentPool1 
Group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar remove-access-to-pools <GroupId> <PoolName1> <PoolName2 remove access to multiple agent pools.

$ java -jar lightrunc remove-access-to-pools 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b agentPool1 agentPool2
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`delete-group`¶

The delete-group command deletes a group.

Warning

A group cannot be restored once deleted.

Synopsis¶

java -jar lightrunc.jar delete-group <Name>

Options¶

Option	Description
Name	The name of the group.

Example¶

Example

- run java -jar lightrunc.jar delete-group <Name>

$ java -jar lightrunc delete-group  8986ca74-7044-438b-840e-2e3a1ae8898f
Group (id: 8986ca74-7044-438b-840e-2e3a1ae8898f) successfully deleted

`agent-pool`¶

`create-agent-pool`¶

The create-agent-pool command creates a new agent pool.

Synopsis¶

java -jar lightrunc.jar create-agent-pool <Name> [Description]

Options¶

Option	Description
Name	The name of the new agent pool.
email	Agent pool description.

Example¶

Example

run java -jar lightrunc.jar create-agent-pool <Name> [Description].

$ java -jar lightrunc create-agent-pool agentPool1 new-agent-pool         
   Agent pool 'agentPool1' (id: 77eb44fc-e2e7-4358-b43d-ad1942b0b7f6) successfully created

`agent-pool`¶

The agent-pool command specifies the agent pool to be used by the command line.

Synopsis¶

java -jar lightrunc.jar agent-pool <AgentPoolId>

Note

After setting an agent pool with the agent-pool command, all results returned by the command line will only be relevant to that agent pool. To run a command for another agent pool, add the --agent-pool flag to the command.

`java -jar lightrunc.jar <current_command> --agent-pool <AgentPoolId>`

Options¶

Option	Description
Agent Pool ID	The ID of the relevant agent pool.

Example¶

Example

run java -jar lightrunc.jar agent-pool <AgentPoolId>

$ java -jar lightrunc agent-pool 77eb44fc-e2e7-4358-b43d-ad1942b0b7f6
   Agent pool set to (id: 77eb44fc-e2e7-4358-b43d-ad1942b0b7f6) successfully. All following commands will use this agent pool.

`delete-agent-pool`¶

The delete-agent-pool command deletes an agent pool.

Warning

An agent pool cannot be restored once deleted.

Synopsis¶

java -jar lightrunc.jar delete-agent-pool <AgentPoolId>

Options¶

Option	Description
Agent Pool ID	The ID of the relevant agent pool.

Example¶

Example

run java -jar lightrunc.jar delete-agent-pool <AgentPoolId>

$ java -jar lightrunc delete-agent-pool 2f60469f-787b-41a0-8f39-5b4ae01c8495

`roles`¶

`list-roles`¶

The list-roles command outputs all roles and their permissions.

Synopsis¶

java -jar lightrunc.jar list-roles

Example¶

Example

run java -jar lightrunc.jar list-roles

$ java -jar lightrunc list-roles                            
ID 5ad5a113-05d1-4033-9dba-20346dee2477 NAME Standard PERMISSIONS [STANDARD]
ID d5e25064-7321-4f37-824d-369430a205b3 NAME Privileged PERMISSIONS [STANDARD, IGNORE_QUOTA]

`add-elevated-roles`¶

The add-elevated-roles command grants a user an elevated role.

Synopsis¶

java -jar lightrunc.jar add-elevated-roles <GroupId> <Email>:<RoleName> [Email:RoleName...]

Options¶

Option	Description
Group ID	The ID of the relevant group.
Email	The email of the relevant user.
RoleName	The new role to be assigned to the user

Example¶

Example

run java -jar lightrunc.jar add-elevated-roles <GroupId> <Email>:<RoleName> to grant a user an elevated role.

$ java -jar lightrunc add-elevated-roles 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com:Privileged 
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar add-elevated-roles <GroupId> <Email>:<RoleName> [Email:RoleName...] to grant multiple users in a group elevated roles.

$ java -jar lightrunc add-elevated-roles 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com:Privileged  user1@email:Privileged
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

`remove-elevated-roles`¶

The remove-elevated-roles command removes the elevated role assigned to a user.

Synopsis¶

java -jar lightrunc.jar remove-elevated-roles <GroupId> <Email1> [Email2...]

Options¶

Option	Description
Group ID	The ID of the relevant group.
Email	The email of the relevant user.

Example¶

Example

run java -jar lightrunc.jar remove-elevated-roles <GroupId> <Email> to remove the elevated role granted to a user.

$ java -jar lightrunc remove-elevated-roles 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email.com
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

run java -jar lightrunc.jar remove-elevated-roles <GroupId> <Email> [Email..] to remove the elevated role granted to multiple users.

$ java -jar lightrunc remove-elevated-roles 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b user@email user1@email
Access to group with id: 5f8881b7-3e04-48ab-9bba-b2d1b9870a8b successfully updated

Last update: July 25, 2024

Lightrun RBAC CLI Commands¶

Prerequisites¶

Before your begin¶

groups & access¶

create-group¶

Synopsis¶

Options¶

Example¶

update-group-name¶

Synopsis¶

Options¶

Example¶

list-groups¶

Synopsis¶

Example¶

list-accesses¶

Synopsis¶

Options¶

Example¶

update-group-role¶

Synopsis¶

Options¶

Example¶

add-group-members¶

Synopsis¶

Options¶

Example¶

remove-group-members¶

Synopsis¶

Options¶

Example¶

promote-to-group-admins¶

Synopsis¶

Options¶

Example¶

demote-from-group-admins¶

Synopsis¶

Options¶

Example¶

duplicate-group¶

Synopsis¶

Options¶

Example¶

add-access-to-pools¶

Synopsis¶

Options¶

Example¶

remove-access-to-pools¶

Synopsis¶

Options¶

Example¶

delete-group¶

Synopsis¶

Options¶

Example¶

agent-pool¶

create-agent-pool¶

Synopsis¶

Options¶

Example¶

agent-pool¶

Synopsis¶

Options¶

Example¶

delete-agent-pool¶

Synopsis¶

Options¶

Example¶

roles¶

list-roles¶

Synopsis¶

Example¶

add-elevated-roles¶

Synopsis¶

Options¶

Example¶

remove-elevated-roles¶

Synopsis¶

Options¶

Example¶

`groups & access`¶

`create-group`¶

`update-group-name`¶

`list-groups`¶

`list-accesses`¶

`update-group-role`¶

`add-group-members`¶

`remove-group-members`¶

`promote-to-group-admins`¶

`demote-from-group-admins`¶

`duplicate-group`¶

`add-access-to-pools`¶

`remove-access-to-pools`¶

`delete-group`¶

`agent-pool`¶

`create-agent-pool`¶

`agent-pool`¶

`delete-agent-pool`¶

`roles`¶

`list-roles`¶

`add-elevated-roles`¶

`remove-elevated-roles`¶