List all Administrative Roles.

  • Published on Oct 27, 2025
  • 3 minute read
Prev Next
Get
/administrative-roles

List all Administrative Roles visible to current user.

Security
HTTP
Type bearer
Query parameters
query
string

Query string to filter the result list. It's used for various fields depending on the object type. Send multiple query parameters to make the queries more specific.

range
string

'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'

Example0-10
orderBy
string

The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.

Examplename
descending
string

Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.

filterBy

Filters the result list by the given field and value. Supported fields vary from API to API. The filters can be combined with each other as well as the generic query parameter. The given value is checked for inclusion.

object
property*
string additionalProperties
Example{ "name": "us-east", "tags": "aws" }
Responses
200

List of Administrative Roles.

Expand All
object
range
string

The range applied to the list. Format: -/. 3-5/8 means, out of 8 count (query affects the total), the items between (including) the 3rd and the 5th are returned.

Example0-30/54
orderBy
string

The field name used to sort the list.

Examplename
descending
boolean

Whether the sorting is applied descending or ascending.

queries
Array of string

The queries applied to the list.

string
totalCount
integer

The total readable count of entities. Not influenced by the query.

Example328
filterBy
Array of object (FilterBy)

The filters applied to the list.

object
name
string

The field name the filter is applied to.

Examplename
value
string

The value used for comparison.

ExampleAWS
data
Array of object (AdministrativeRole)

List of Administrative Roles.

object
id
string (uuid)

ID of the object.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc
name
string

Name of the object.

Exampleobject
notes
string

Notes for the object. Used for documentation purposes.

ExampleThis object has been created for test purposes.
created
string (date-time)

Create date.

updated
string (date-time)

Last update date.

tags
Array of string

Array of tags.

Example[ "developer", "api-created" ]
string
privileges
Array of object (AdministrativePrivilege)

Administrative privilege list.

object

Administrative Privilege item. Use type-target-map API to get the details on which types are valid for which targets and their scopes.

type
string

The type of the Privilege defines the possible administrator actions.

Valid values[ "All", "View", "Create", "Edit", "Tag", "Delete", "Revoke", "Export", "Upgrade", "RenewCertificate", "DownloadLogs", "Test", "GetUserAttributes", "Backup", "CheckStatus", "Reevaluate", "Reboot", "AssignFunction" ]
target
string

The target of the Privilege defines the possible target objects for that type.

Valid values[ "All", "Appliance", "Condition", "CriteriaScript", "Entitlement", "AdministrativeRole", "IdentityProvider", "MfaProvider", "IpPool", "LocalUser", "ServiceUser", "Policy", "Site", "DeviceClaimScript", "EntitlementScript", "RingfenceRule", "ApplianceCustomization", "TrustedCertificate", "UserClaimScript", "OtpSeed", "Fido2Device", "Blacklist", "License", "UserLicense", "RegisteredDevice", "AllocatedIp", "SessionInfo", "AuditLog", "AdminMessage", "GlobalSetting", "CaCertificate", "File", "AutoUpdate", "RiskModel", "Ztp", "ClientProfile", "Secret", "DiscoveredApp" ]
scope
object

The scope of the Privilege. Only applicable to certain type-target combinations. Some types depend on the IdP/MFA type, such as GetUserAttributes. This field must be omitted if not applicable.

all
boolean

'If "true", all objects are accessible. For example, "type: Edit - target: Condition - scope.all: true" means the administrator can edit all Conditions in the system.'

ids
Array of string

Specific object IDs this Privilege would have access to.

string (uuid)
Example4c07bc67-57ea-42dd-b702-c2d6c45419fc
tags
Array of string

Object tags this privilege would have access to.

string
Exampletag
defaultTags
Array of string

The items in this list would be added automatically to the newly created objects' tags. Only applicable on "Create" type and targets with tagging capability. This field must be omitted if not applicable.

string
Exampleapi-created
functions
Array of string (ApplianceFunction)

Privilege for changing Appliance Functions. Only applicable on "AssignFunction" type with Appliance or All target. This field must be omitted if not applicable.

string
Valid values[ "Controller", "Gateway", "LogServer", "LogForwarder", "Connector", "Portal", "MetricsAggregator" ]
401

Token error. Login again.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

403

Insufficient permissions to access this resource.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

406

Invalid 'Accept' header.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

500

Unexpected server side error.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

©AppGate 2026. All Rights Reserved.