Provision access using the Baton CLI
If you’re working with a Baton connector built by the ConductorOne team, visit the Baton connectors library for information on whether your connector supports provisioning and what it can provision.
Provision access with the Baton CLI
Run
baton resources -t userto look up the user ID for the application account you want to grant access to.❯ baton resources -t user ID | Display Name | Resource Type | Parent Resource 117884397 | jirlose | User | - 61822 | Justin Gallardo | User | -Make a note of the ID number for the account you want to grant access to.
Run
baton entitlementsto look up the entitlements available to grant in the application.❯ baton entitlements ID | Display Name | Resource Type | Resource | Permission team:8442709:member | test-team Team Member | Team | test-team | member team:8442709:maintainer | test-team Team Maintainer | Team | test-team | maintainer team:6951557:member | test Team Member | Team | test | member team:6951557:maintainer | test Team Maintainer | Team | test | maintainer team:8007359:member | jirwin-test Team Member | Team | jirwin-test | member team:8007359:maintainer | jirwin-test Team Maintainer | Team | jirwin-test | maintainer repository:564115691:pull | test-repo Repo Pull | Repository | test-repo | pull repository:564115691:triage | test-repo Repo Triage | Repository | test-repo | triage repository:564115691:push | test-repo Repo Push | Repository | test-repo | push repository:564115691:maintain | test-repo Repo Maintain | Repository | test-repo | maintain repository:564115691:admin | test-repo Repo Admin | Repository | test-repo | admin repository:516060177:pull | quadlek Repo Pull | Repository | quadlek | pull repository:516060177:triage | quadlek Repo Triage | Repository | quadlek | triage repository:516060177:push | quadlek Repo Push | Repository | quadlek | push repository:516060177:maintain | quadlek Repo Maintain | Repository | quadlek | maintain repository:516060177:admin | quadlek Repo Admin | Repository | quadlek | admin org:58892331:admin | quadlek Org Admin | Org | quadlek | admin org:58892331:member | quadlek Org Member | Org | quadlek | memberMake a note of the ID number associated with the entitlement you want to grant.
Run the connector with the
--grant-entitlementflag, passing in the entitlement ID and account ID you looked up earlier:❯ baton-<CONNECTOR NAME> --grant-entitlement <ENTITLEMENT ID> --grant-principal <ACCOUNT ID> --grant-principal-type userHere’s an example using Baton to grant the
test-teammember entitlement to accountJustin Gallardoin GitHub:❯ baton-github --grant-entitlement team:8442709:member --grant-principal 61822 --grant-principal-type user
That’s it! The account you specified is now granted access to the entitlement you specified.
Deprovision access with the Baton CLI
Sync the Baton connector by running
baton-<CONNECTOR NAME>to make all grant information is up to date.Look up the ID for the entitlement you want to deprovision from an account. For example, to look up the accounts that have the
test-teammember entitlement (which we looked up in the provision access instructions above):❯ baton grants -t team -r 8442709 ID | Resource Type | Resource | Entitlement | Principal team:8442709:maintainer:user:5170 | Team | test-team | test-team Team Maintainer | Mindy Moreland team:8442709:maintainer:user:61822 | Team | test-team | test-team Team Maintainer | Justin GallardoRun the connector with the
--revoke-grantflag, passing in the ID you looked up in step 2.❯ baton-<CONNECTOR NAME> --revoke-grant <ENTITLEMENT ID>Here’s an example of the command used to revoke the
test-team Team Maintainerentitlement from accountJustin Gallardoin GitHub:❯ baton-github --revoke-grant team:8442709:maintainer:user:61822
That’s it! The entitlement is now deprovisioned from the account.