StackRox · Capability
API Reference — RbacService
API Reference — RbacService. 6 operations. Lead operation: Subjects served from this API are Groups and Users only. Id in this case is the Name field, since for users and groups, that is unique, and subjects do not have IDs.. Self-contained Naftiko capability covering one Stackrox business surface.
What You Can Do
GET
Listrolebindings
— listrolebindings
/v1/v1/rbac/bindings
GET
Getrolebinding
— getrolebinding
/v1/v1/rbac/bindings/{id}
GET
Listroles
— listroles
/v1/v1/rbac/roles
GET
Getrole
— getrole
/v1/v1/rbac/roles/{id}
GET
Getsubject
— Subjects served from this API are Groups and Users only.
/v1/v1/rbac/subject/{id}
GET
Listsubjects
— listsubjects
/v1/v1/rbac/subjects
MCP Tools
listrolebindings
listrolebindings
read-only
idempotent
getrolebinding
getrolebinding
read-only
idempotent
listroles
listroles
read-only
idempotent
getrole
getrole
read-only
idempotent
subjects-served-this-api-are
Subjects served from this API are Groups and Users only.
read-only
idempotent
listsubjects
listsubjects
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: API Reference — RbacService
description: 'API Reference — RbacService. 6 operations. Lead operation: Subjects served from this API are Groups and Users
only.
Id in this case is the Name field, since for users and groups, that is unique, and subjects do not have IDs.. Self-contained
Naftiko capability covering one Stackrox business surface.'
tags:
- Stackrox
- RbacService
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
STACKROX_API_KEY: STACKROX_API_KEY
capability:
consumes:
- type: http
namespace: stackrox-rbacservice
baseUri: https://{central-host}
description: API Reference — RbacService business capability. Self-contained, no shared references.
resources:
- name: v1-rbac-bindings
path: /v1/rbac/bindings
operations:
- name: listrolebindings
method: GET
description: ''
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: query
in: query
type: string
- name: pagination.limit
in: query
type: integer
- name: pagination.offset
in: query
type: integer
- name: pagination.sort_option.field
in: query
type: string
- name: pagination.sort_option.reversed
in: query
type: boolean
- name: v1-rbac-bindings-id
path: /v1/rbac/bindings/{id}
operations:
- name: getrolebinding
method: GET
description: ''
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
required: true
- name: v1-rbac-roles
path: /v1/rbac/roles
operations:
- name: listroles
method: GET
description: ''
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: query
in: query
type: string
- name: pagination.limit
in: query
type: integer
- name: pagination.offset
in: query
type: integer
- name: pagination.sort_option.field
in: query
type: string
- name: pagination.sort_option.reversed
in: query
type: boolean
- name: v1-rbac-roles-id
path: /v1/rbac/roles/{id}
operations:
- name: getrole
method: GET
description: ''
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
required: true
- name: v1-rbac-subject-id
path: /v1/rbac/subject/{id}
operations:
- name: getsubject
method: GET
description: Subjects served from this API are Groups and Users only.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
required: true
- name: v1-rbac-subjects
path: /v1/rbac/subjects
operations:
- name: listsubjects
method: GET
description: ''
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: query
in: query
type: string
- name: pagination.limit
in: query
type: integer
- name: pagination.offset
in: query
type: integer
- name: pagination.sort_option.field
in: query
type: string
- name: pagination.sort_option.reversed
in: query
type: boolean
authentication:
type: apikey
key: Authorization
value: '{{env.STACKROX_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: stackrox-rbacservice-rest
port: 8080
description: REST adapter for API Reference — RbacService. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/v1/rbac/bindings
name: v1-rbac-bindings
description: REST surface for v1-rbac-bindings.
operations:
- method: GET
name: listrolebindings
description: listrolebindings
call: stackrox-rbacservice.listrolebindings
with:
query: rest.query
pagination.limit: rest.pagination.limit
pagination.offset: rest.pagination.offset
pagination.sort_option.field: rest.pagination.sort_option.field
pagination.sort_option.reversed: rest.pagination.sort_option.reversed
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/rbac/bindings/{id}
name: v1-rbac-bindings-id
description: REST surface for v1-rbac-bindings-id.
operations:
- method: GET
name: getrolebinding
description: getrolebinding
call: stackrox-rbacservice.getrolebinding
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/rbac/roles
name: v1-rbac-roles
description: REST surface for v1-rbac-roles.
operations:
- method: GET
name: listroles
description: listroles
call: stackrox-rbacservice.listroles
with:
query: rest.query
pagination.limit: rest.pagination.limit
pagination.offset: rest.pagination.offset
pagination.sort_option.field: rest.pagination.sort_option.field
pagination.sort_option.reversed: rest.pagination.sort_option.reversed
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/rbac/roles/{id}
name: v1-rbac-roles-id
description: REST surface for v1-rbac-roles-id.
operations:
- method: GET
name: getrole
description: getrole
call: stackrox-rbacservice.getrole
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/rbac/subject/{id}
name: v1-rbac-subject-id
description: REST surface for v1-rbac-subject-id.
operations:
- method: GET
name: getsubject
description: Subjects served from this API are Groups and Users only.
call: stackrox-rbacservice.getsubject
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/rbac/subjects
name: v1-rbac-subjects
description: REST surface for v1-rbac-subjects.
operations:
- method: GET
name: listsubjects
description: listsubjects
call: stackrox-rbacservice.listsubjects
with:
query: rest.query
pagination.limit: rest.pagination.limit
pagination.offset: rest.pagination.offset
pagination.sort_option.field: rest.pagination.sort_option.field
pagination.sort_option.reversed: rest.pagination.sort_option.reversed
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: stackrox-rbacservice-mcp
port: 9090
transport: http
description: MCP adapter for API Reference — RbacService. One tool per consumed operation, routed inline through this
capability's consumes block.
tools:
- name: listrolebindings
description: listrolebindings
hints:
readOnly: true
destructive: false
idempotent: true
call: stackrox-rbacservice.listrolebindings
with:
query: tools.query
pagination.limit: tools.pagination.limit
pagination.offset: tools.pagination.offset
pagination.sort_option.field: tools.pagination.sort_option.field
pagination.sort_option.reversed: tools.pagination.sort_option.reversed
outputParameters:
- type: object
mapping: $.
- name: getrolebinding
description: getrolebinding
hints:
readOnly: true
destructive: false
idempotent: true
call: stackrox-rbacservice.getrolebinding
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: listroles
description: listroles
hints:
readOnly: true
destructive: false
idempotent: true
call: stackrox-rbacservice.listroles
with:
query: tools.query
pagination.limit: tools.pagination.limit
pagination.offset: tools.pagination.offset
pagination.sort_option.field: tools.pagination.sort_option.field
pagination.sort_option.reversed: tools.pagination.sort_option.reversed
outputParameters:
- type: object
mapping: $.
- name: getrole
description: getrole
hints:
readOnly: true
destructive: false
idempotent: true
call: stackrox-rbacservice.getrole
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: subjects-served-this-api-are
description: Subjects served from this API are Groups and Users only.
hints:
readOnly: true
destructive: false
idempotent: true
call: stackrox-rbacservice.getsubject
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: listsubjects
description: listsubjects
hints:
readOnly: true
destructive: false
idempotent: true
call: stackrox-rbacservice.listsubjects
with:
query: tools.query
pagination.limit: tools.pagination.limit
pagination.offset: tools.pagination.offset
pagination.sort_option.field: tools.pagination.sort_option.field
pagination.sort_option.reversed: tools.pagination.sort_option.reversed
outputParameters:
- type: object
mapping: $.