Role Assignment
Roles are what connects users to permissions. Adding or removing roles to and from users indirectly controls to what extend users can interact with your BOMnipotent Server instance.
For your convenience, several default roles are created upon starting BOMnipotent Server for the first time. In addition, BOMnipotent knows of the admin role , which receives some special treatment.
To modify or even view user roles, your user account needs the USER_MANAGEMENT permission.
List
To list all roles of all users, call
bomnipotent_client user-role list
[INFO]
╭───────────────────┬──────────────┬─────────────────────────╮
│ Username │ Role │ Last Updated │
├───────────────────┼──────────────┼─────────────────────────┤
│ admin@example.com │ admin │ 2025-01-01 10:11:12 UTC │
│ example_robot │ bom_manager │ 2025-01-01 10:11:12 UTC │
│ example_robot │ vuln_manager │ 2025-01-01 10:11:12 UTC │
│ user@example.com │ rick_role │ 2025-01-01 10:11:12 UTC │
╰───────────────────┴──────────────┴─────────────────────────╯
The output can be filtered by user or role:
bomnipotent_client user-role list --user=admin@example.com --role=admin
bomnipotent_client user-role list -u admin@example.com -r admin
[INFO]
╭───────────────────┬───────┬─────────────────────────╮
│ Username │ Role │ Last Updated │
├───────────────────┼───────┼─────────────────────────┤
│ admin@example.com │ admin │ 2025-01-01 10:11:12 UTC │
╰───────────────────┴───────┴─────────────────────────╯
Add
To add a new role to a user, call
bomnipotent_client user-role add user@example.com rick_role
[INFO] Added role to user
The user account needs to exist on the server at this point, the role does not.
Only users with the admin role can add the admin role to other users.
Remove
To remove a role from a user, call:
bomnipotent_client user-role remove user@example.com rick_role
[INFO] Removed role rick_role from user user@example.com
This will show an error if either does not exist:
bomnipotent_client user-role remove admin@example.com wrong_role;
bomnipotent_client user-role remove wrong_user admin
[ERROR] Received response:
404 Not Found
User with username "admin@example.com" does not have role wrong_role.
[ERROR] Received response:
404 Not Found
No user with username "wrong_user" was found: Record not found
Only users with the admin role can remove the admin role from other users.
Existence
The "exists" subcommand checks whether or not at least one object on the server matches some filters. It is available for all commands that accept the "list" subcommand, and accepts the same filters.
Depending on the output mode, the client prints:
- normal mode: a sentence including the number of found objects.
- code: The string "200" if at least one item was found, or "404" if none were found.
- raw: The string "true" if at least one item was found, or "false" if none were found.
bomnipotent_client user-role exists --role=bom_manager
bomnipotent_client user-role exists -r bom_manager
[INFO] Yes, the server contains 1 user roles matching the filters.