Adding Roles

Last updated on 10 July, 2023

You can use LogicMonitor REST API v3 to add new roles to your LogicMonitor account. You must authenticate yourself before making the API request.

URI: POST /setting/roles

privilegesJSON Array(Mandatory) The account privileges associated with the role. This object should contain nested objects for each privilege granted to the user.
Privileges can be added to a role for each area of your account. It includes:
  • operation – The privilege operation. Example – "operation": "write"
  • objectId – The privilege object identifier. Example – "objectId": "123"
  • objectType – The privilege object type. The values can be: 

    Example – "objectType": "dashboard group"
descriptionStringThe description of the role. Example – "description": "Administrator can do everything, including security-sensitive actions."
customHelpLabelStringThe label for the custom help URL as it will appear in the Help and Support drop down menu. Example – "customHelpLabel": "Internal Support Resources"
customHelpURLStringThe URL that should be added to the Help and Support drop down menu. Example – "customHelpURL": ""
nameString(Mandatory) The name of the role. Role names are restricted to numbers, letters, and – and _ symbols. Example – "name": "administrator"
twoFARequiredBooleanIndicates whether Two-Factor Authentication (2FA) is required for this role. Example – "twoFARequired": true
requireEULABooleanIndicates whether or not users associated with this role are required to acknowledge the End User License Agreement (EULA). Example – "requireEULA": false
roleGroupIdIntegerThe group Id of the role. Example – "roleGroupId": 2

The following Python script adds a role ‘DB Team’ with permission to:

  • Manage private dashboards
  • Manage the ABC Corporation dashboard group
  • Manage the ‘Resource Allocation’ dashboard
  • View all device groups
  • Manage device dashboards
  • Edit personal user profile information
  • Manage API Tokens
  • View chats

The role additionally includes a custom help URL and label that is displayed under the Help menu.

#!/bin/env python
import requests
import json
import hashlib
import base64
import time
import hmac
import getpass

#Account Info: LogicMonitor recommends to NEVER hardcode the credentials. Instead, retrieve the values from a secure storage.
#Note: The below is provided for illustration purposes only.
AccessId = getpass.getpass("Enter your AccessId: ")
AccessKey = getpass.getpass("Enter your AccessKey: ")
Company = 'apiAccount'  
#Request Info
httpVerb ='POST'
resourcePath = '/setting/roles'
queryParams = ''
data = '{"name":"DB Team","customHelpLabel":"Internal Support Resources","customHelpURL":"","privileges":[{"objectType":"dashboard_group","objectId":"private","objectName":"private","operation":"write"},{"objectType":"dashboard_group","objectId":4,"objectName":"ABC Corporation","operation":"write"},{"objectType":"dashboard","objectId":77,"objectName":"Resource Allocation","operation":"write"},{"objectType":"host_group","objectId":"*","objectName":"*","operation":"read"},{"objectType":"deviceDashboard","objectId":"","operation":"write"},{"objectType":"setting","objectId":"useraccess.personalinfo","operation":"write"},{"objectType":"setting","objectId":"useraccess.apitoken","operation":"write"},{"objectType":"help","objectId":"chat","objectName":"help","operation":"write"}]}'
#Construct URL
url = 'https://'+ Company +'' + resourcePath +queryParams
#Get current time in milliseconds
epoch = str(int(time.time() * 1000))
#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath
#Construct signature digest =
signature = base64.b64encode(digest.encode('utf-8')).decode('utf-8')  
#Construct headers
auth = 'LMv1 ' + AccessId + ':' + str(signature) + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth,'X-Version':3}
#Make request
response =, data=data, headers=headers)
#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)
Python 3