Show a Teleport user's effective roles, including any roles granted by access lists.
brew install jsabo/tap/trolesOr build from source:
go install github.com/jsabo/troles/cmd/troles@latesttroles [flags] [username]
If username is omitted, the currently logged-in tsh user is used.
# Current user
troles
# Specific user
troles alice@example.com
# JSON output for scripting
troles -format json alice@example.com
# Explicit proxy
troles -proxy teleport.example.com:443 alice@example.comUser alice@example.com
ROLE SOURCE
access base
db-readonly access list
editor base
node-admin access list
4 roles (2 base, 2 from access lists)
Access list grants are highlighted in green in terminal output.
Add to ~/.tsh/config/config.yaml:
aliases:
roles: trolesThen:
tsh roles alice@example.com
tsh roles # current user- An active
tsh loginsession - Permission to read
user_login_stateresources — if denied, troles will print the exact role YAML needed to grant access
Apache 2.0
