20.47. kb-00046: What are ExtraClaims¶
20.47.1. Knowledge Base Article: kb-00046¶
ExtraClaims allow a token to have a broader set of permissions in the very narrow context of the task they are set on. If you need a task to have the ability to do an action, for example if you want to query the value of a param for some profile; the default machine token that will be used in the task will not have access. You will get a 404 result from the command causing the task to exit with a status 1, which can lead to confusion.
ExtraClaims is a definition that can be added to the task to allow the fine grain control you need. The following example shows what you would add to your task to add the ability for the task to query a profile for a param.
ExtraClaims: - scope: "profiles" action: "get" specific: "*"
184.108.40.206. Revision Information¶
KB Article : kb-00046 initial release: Tue 18 Aug 2020 03:33:35 PM CDT updated release: Tue 18 Aug 2020 03:33:35 PM CDT