What are ExtraClaims

ExtraClaims allow a token to have a broader set of permissions in the very narrow context of the task they are set on. If you need a task to have the ability to do an action, for example if you want to query the value of a param for some profile; the default machine token that will be used in the task will not have access. You will get a 404 result from the command causing the task to exit with a status 1, which can lead to confusion.

Solution

ExtraClaims is a definition that can be added to the task to allow the fine grain control you need. The following example shows what you would add to your task to add the ability for the task to query a profile for a param.

ExtraClaims:
  - scope: "profiles"
    action: "get"
    specific: "*"

Valid actions are: get (single item), list (list of items), update and delete.

See Also

• rs_data_claim

Keywords

drpcli,auth,token,claims,claim,extraclaims

Revision Information

KB Article     :  kb-00046
initial release:  Tue 18 Aug 2020 03:33:35 PM CDT
updated release:  Tue 18 Aug 2020 03:33:35 PM CDT