ID of the privilege to update.
Updated configuration for the privilege.
No Additional PropertiesDisplay name of the privilege.
Must be at least 1 characters long
Array of local group IDs to assign to this privilege.
No Additional ItemsArray of directory service group IDs or SIDs to assign to this privilege.
No Additional ItemsArray of role names included in this privilege.
No Additional ItemsWhether this privilege grants access to the web shell.
The updated privilege configuration.
No Additional PropertiesUnique identifier for the privilege.
Name of the built-in privilege if this is a system privilege. null for custom privileges.
Display name of the privilege.
Must be at least 1 characters long
Array of local groups assigned to this privilege.
No Additional ItemsThis is the API identifier for the group. Use this ID for group.update and group.delete API calls. This ID also appears in the groups array for each user entry in user.query results.
NOTE: For groups from a directory service, the id is calculated by adding 100000000 to the gid. This ensures consistent API results. You cannot change directory service accounts through TrueNAS.
A non-negative integer used to identify a group. TrueNAS uses this value for permission checks and many other system purposes.
A string used to identify a group.
Must be at least 1 characters long
If True, the group is an internal system account for the TrueNAS server. Typically, one should create dedicated groups for access to the TrueNAS server webui and shares.
A list of commands that group members may execute with elevated privileges. User is prompted for password when executing any command from the list.
No Additional ItemsMust be at least 1 characters long
A list of commands that group members may execute with elevated privileges. User is not prompted for password when executing any command from the list.
No Additional ItemsMust be at least 1 characters long
If set to True, the group can be used for SMB share ACL entries. The group is mapped to an NT group account on the TrueNAS SMB server and has a sid value.
Specifies the subgid mapping for this group. If DIRECT then the GID will be directly mapped to all containers. Alternatively, the target GID may be explicitly specified. If null, then the GID will not be mapped.
NOTE: This field will be ignored for groups that have been assigned TrueNAS roles.
"DIRECT"
Value must be greater or equal to 1 and lesser or equal to 4294967294
A string used to identify a group. Identical to the name key.
Must be at least 1 characters long
If True, the group is local to the TrueNAS server. If False, the group is provided by a directory service.
The Security Identifier (SID) of the user if the account an smb account. The SMB server uses this value to check share access and for other purposes.
List of roles assigned to this groups. Roles control administrative access to TrueNAS through the web UI and API. You can change group roles by using privilege.create, privilege.update, and privilege.delete.
A list a API user identifiers for local users who are members of this group. These IDs match the id field from user.query.
NOTE: This field is empty for groups that come from directory services (local is False).
This is a read-only field showing if the group entry can be changed. If True, the group is immutable and cannot be changed. If False, the group can be changed.
Group ID if this is a local group that couldn't be mapped. null for directory service groups.
Security identifier if this is a directory service group that couldn't be mapped. null for local groups.
Always null for unmapped groups.
Array of directory service groups assigned to this privilege.
No Additional ItemsThis is the API identifier for the group. Use this ID for group.update and group.delete API calls. This ID also appears in the groups array for each user entry in user.query results.
NOTE: For groups from a directory service, the id is calculated by adding 100000000 to the gid. This ensures consistent API results. You cannot change directory service accounts through TrueNAS.
A non-negative integer used to identify a group. TrueNAS uses this value for permission checks and many other system purposes.
A string used to identify a group.
Must be at least 1 characters long
If True, the group is an internal system account for the TrueNAS server. Typically, one should create dedicated groups for access to the TrueNAS server webui and shares.
A list of commands that group members may execute with elevated privileges. User is prompted for password when executing any command from the list.
No Additional ItemsMust be at least 1 characters long
A list of commands that group members may execute with elevated privileges. User is not prompted for password when executing any command from the list.
No Additional ItemsMust be at least 1 characters long
If set to True, the group can be used for SMB share ACL entries. The group is mapped to an NT group account on the TrueNAS SMB server and has a sid value.
Specifies the subgid mapping for this group. If DIRECT then the GID will be directly mapped to all containers. Alternatively, the target GID may be explicitly specified. If null, then the GID will not be mapped.
NOTE: This field will be ignored for groups that have been assigned TrueNAS roles.
"DIRECT"
Value must be greater or equal to 1 and lesser or equal to 4294967294
A string used to identify a group. Identical to the name key.
Must be at least 1 characters long
If True, the group is local to the TrueNAS server. If False, the group is provided by a directory service.
The Security Identifier (SID) of the user if the account an smb account. The SMB server uses this value to check share access and for other purposes.
List of roles assigned to this groups. Roles control administrative access to TrueNAS through the web UI and API. You can change group roles by using privilege.create, privilege.update, and privilege.delete.
A list a API user identifiers for local users who are members of this group. These IDs match the id field from user.query.
NOTE: This field is empty for groups that come from directory services (local is False).
This is a read-only field showing if the group entry can be changed. If True, the group is immutable and cannot be changed. If False, the group can be changed.
Group ID if this is a local group that couldn't be mapped. null for directory service groups.
Security identifier if this is a directory service group that couldn't be mapped. null for local groups.
Always null for unmapped groups.
Array of role names included in this privilege.
No Additional ItemsWhether this privilege grants access to the web shell.