Updating Role Details
Last updated - 10 July, 2023
In this article
You can use LogicMonitor REST API v3 to update role details. You must authenticate yourself before making the API request.
To make partial updates to a role, make a PATCH
request. To completely update a role, make a PUT
request.
URI: PATCH /setting/roles/{id}
URI: PUT /setting/roles/{id}
Note: As per the REST standards, any property which is not specified in the PUT request will revert to its default value.
Parameter | Type | Description |
id | Integer | (Mandatory) The Id of the role that you want to update. |
privileges | JSON Array | (Mandatory) The account privileges associated with the role. This object should contain nested objects for each privilege granted to the user. Privileges can be added to a role for each area of your account. It includes:
|
description | String | The description of the role. Example – "description": "Administrator can do everything, including security-sensitive actions." |
customHelpLabel | String | The label for the custom help URL as it will appear in the Help and Support drop-down menu. Example – "customHelpLabel": "Internal Support Resources" |
customHelpURL | String | The URL that should be added to the Help and Support drop-down menu. Example – "customHelpURL": "https://logicmonitor.com/support" |
name | String | (Mandatory) The name of the role. Role names are restricted to numbers, letters, and – and _ symbols. Example – "name": "administrator" |
twoFARequired | Boolean | Indicates whether Two-Factor Authentication (2FA) is required for this role. Example – "twoFARequired": true |
requireEULA | Boolean | Indicates whether or not users associated with this role are required to acknowledge the End User License Agreement (EULA). Example – "requireEULA": false |
roleGroupId | Integer | The group Id of the role that you want to update. Example – "roleGroupId": 2 |
Permissions Required to Update Modules Threshold
To update the modules threshold at the resource level, you must have the following permissions:
- The manage permission for the resource group that you want to update (navigate to Users and Roles > Roles > Manage > Permissions > Resources)
- The Resources Group Threshold permission for the access group to which the resource group that you want to update belongs. (navigate to Users and Roles > Roles > Manage > Permissions > Modules > My Module Toolbox > Access Groups)
In LogicMonitor Rest API v3, when you make a PUT request to update a role /setting/roles/{id}
, you can specify the access group ID in the objectId
field. For example, "objectId": "resourcegroupthreshold.1"
. To provide permission to update the existing access groups and those that will be added in the future, you can add an asterisk * in the objectId
field. For example, "objectId": "resourcegroupthreshold.*"
.
{
"objectType": "module",
"objectId": "resourcegroupthreshold.*",
"objectName": "resourcegroupthreshold.*",
"operation": "threshold",
"subOperation": ""
},
Example
The following Python Script updates the permissions for role with Id 28:
#!/bin/env python
import requests
import json
import hashlib
import base64
import time
import hmac
import getpass
#Account Info: LogicMonitor recommends to NEVER hardcode the credentials. Instead, retrieve the values from a secure storage.
#Note: The below is provided for illustration purposes only.
AccessId = getpass.getpass("Enter your AccessId: ")
AccessKey = getpass.getpass("Enter your AccessKey: ")
Company = 'apiAccount'
#Request Info
httpVerb ='PUT'
resourcePath = '/setting/roles/28'
queryParams = ''
data = '{"name":"Server Team","customHelpLabel":"Internal Support Resources","customHelpURL":"https://logicmonitor.com/support","privileges":[{"objectType":"setting","objectId":"collectorgroup.4","objectName":"collectorgroup.4","operation":"write"},{"objectType":"setting","objectId":"collector.*","objectName":"collector.*","operation":"read"},{"objectType":"dashboard_group","objectId":"private","objectName":"private","operation":"write"},{"objectType":"dashboard_group","objectId":4,"objectName":"ABC Corporation","operation":"write"},{"objectType":"dashboard","objectId":77,"objectName":"Resource Allocation","operation":"write"},{"objectType":"host_group","objectId":"*","objectName":"*","operation":"read"},{"objectType":"deviceDashboard","objectId":"","operation":"read"},{"objectType":"setting","objectId":"useraccess.personalinfo","operation":"write"},{"objectType":"setting","objectId":"useraccess.apitoken","operation":"write"},{"objectType":"help","objectId":"chat","objectName":"help","operation":"write"}]}'
#Construct URL
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams
#Get current time in milliseconds
epoch = str(int(time.time() * 1000))
#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath
#Construct signature digest = hmac.new(
AccessKey.encode('utf-8'),
msg=requestVars.encode('utf-8'),
digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(digest.encode('utf-8')).decode('utf-8')
#Construct headers
auth = 'LMv1 ' + AccessId + ':' + str(signature) + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth,'X-Version':3}
#Make request
response = requests.put(url, data=data, headers=headers)
#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)