PRODUCT DOCUMENTATION
SHARE TO SOCIAL

Adding Roles

Last updated - 10 July, 2023

In this article

You can use LogicMonitor REST API v3 to add new roles to your LogicMonitor account. You must authenticate yourself before making the API request.

URI: POST /setting/roles

ParameterTypeDescription
privilegesJSON Array(Mandatory) The account privileges associated with the role. This object should contain nested objects for each privilege granted to the user.
Privileges can be added to a role for each area of your account. It includes:
  • operation – The privilege operation. Example – "operation": "write"
  • objectId – The privilege object identifier. Example – "objectId": "123"
  • objectType – The privilege object type. The values can be: 
    [dashboard_group|dashboard|host_group|service_group|website_group|report_group|remoteSession|chat|setting|device_dashboard|help|logs|configNeedDeviceManagePermission|map|resourceMapTab|tracesManageTab]

    Example – "objectType": "dashboard group"
descriptionStringThe description of the role. Example – "description": "Administrator can do everything, including security-sensitive actions."
customHelpLabelStringThe label for the custom help URL as it will appear in the Help and Support drop down menu. Example – "customHelpLabel": "Internal Support Resources"
customHelpURLStringThe URL that should be added to the Help and Support drop down menu. Example – "customHelpURL": "https://logicmonitor.com/support"
nameString(Mandatory) The name of the role. Role names are restricted to numbers, letters, and – and _ symbols. Example – "name": "administrator"
twoFARequiredBooleanIndicates whether Two-Factor Authentication (2FA) is required for this role. Example – "twoFARequired": true
requireEULABooleanIndicates whether or not users associated with this role are required to acknowledge the End User License Agreement (EULA). Example – "requireEULA": false
roleGroupIdIntegerThe group Id of the role. Example – "roleGroupId": 2

The following Python script adds a role ‘DB Team’ with permission to:

  • Manage private dashboards
  • Manage the ABC Corporation dashboard group
  • Manage the ‘Resource Allocation’ dashboard
  • View all device groups
  • Manage device dashboards
  • Edit personal user profile information
  • Manage API Tokens
  • View chats

The role additionally includes a custom help URL and label that is displayed under the Help menu.

#!/bin/env python
 
import requests
import json
import hashlib
import base64
import time
import hmac
import getpass

#Account Info: LogicMonitor recommends to NEVER hardcode the credentials. Instead, retrieve the values from a secure storage.
#Note: The below is provided for illustration purposes only.
AccessId = getpass.getpass("Enter your AccessId: ")
AccessKey = getpass.getpass("Enter your AccessKey: ")
Company = 'apiAccount'  
 
#Request Info
httpVerb ='POST'
resourcePath = '/setting/roles'
queryParams = ''
data = '{"name":"DB Team","customHelpLabel":"Internal Support Resources","customHelpURL":"https://logicmonitor.com/support","privileges":[{"objectType":"dashboard_group","objectId":"private","objectName":"private","operation":"write"},{"objectType":"dashboard_group","objectId":4,"objectName":"ABC Corporation","operation":"write"},{"objectType":"dashboard","objectId":77,"objectName":"Resource Allocation","operation":"write"},{"objectType":"host_group","objectId":"*","objectName":"*","operation":"read"},{"objectType":"deviceDashboard","objectId":"","operation":"write"},{"objectType":"setting","objectId":"useraccess.personalinfo","operation":"write"},{"objectType":"setting","objectId":"useraccess.apitoken","operation":"write"},{"objectType":"help","objectId":"chat","objectName":"help","operation":"write"}]}'
 
#Construct URL
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams
 
#Get current time in milliseconds
epoch = str(int(time.time() * 1000))
 
#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath
 
#Construct signature digest = hmac.new(
        AccessKey.encode('utf-8'),
        msg=requestVars.encode('utf-8'),
        digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(digest.encode('utf-8')).decode('utf-8')  
 
#Construct headers
auth = 'LMv1 ' + AccessId + ':' + str(signature) + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth,'X-Version':3}
 
#Make request
response = requests.post(url, data=data, headers=headers)
 
#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)
Python 3