20.47. kb-00046: What are ExtraClaims

20.47.1. Knowledge Base Article: kb-00046

20.47.2. Description

ExtraClaims allow a token to have a broader set of permissions in the very narrow context of the task they are set on. If you need a task to have the ability to do an action, for example if you want to query the value of a param for some profile; the default machine token that will be used in the task will not have access. You will get a 404 result from the command causing the task to exit with a status 1, which can lead to confusion.

20.47.3. Solution

ExtraClaims is a definition that can be added to the task to allow the fine grain control you need. The following example shows what you would add to your task to add the ability for the task to query a profile for a param.

ExtraClaims:
  - scope: "profiles"
    action: "get"
    specific: "*"

20.47.3.1. See Also

Claim

20.47.3.2. Keywords

drpcli,auth,token,claims,claim,extraclaims

20.47.3.3. Revision Information

KB Article     :  kb-00046
initial release:  Tue 18 Aug 2020 03:33:35 PM CDT
updated release:  Tue 18 Aug 2020 03:33:35 PM CDT