About the Roles Resource
Last updated - 23 July, 2025
You can use LogicMonitor’s REST API to programmatically manage the user roles in your account.
Using LogicMonitor’s REST API, you can:
- Get a list of all roles
- Get information about a particular role
- Add a role
- Update a role
- Delete a role
Note: As with all of our API calls, authentication is required.
Resource URI:
/setting/roles
Resource Properties:
All roles have the following properties:
Property |
Description |
Type |
| id | The Id of the role | Integer |
| name | The name of the role | String |
| description | The description of the role | String |
| customHelpLabel | The label for the custom help URL as it will appear in the Help & Support dropdown menu | String |
| customHelpURL | The URL that should be added to the Help & Support dropdown menu | String |
| associatedUserCount | The number of users with this role applied | Integer |
| requireEula | Whether or not users assigned this role should be required to acknowledge the EULA (end user license agreement) | Boolean |
| privileges | The account privileges associated with the role. Privileges can be added to a role for each area of your account, where each privilege object has the following format: "privileges" : [ {
"objectType" : "host_group",
"objectId" : "*",
"objectName" : "*",
"operation" : "write"
}, {
"objectType" : "dashboard_group",
"objectId" : "*",
"objectName" : "*",
"operation" : "write"
}]
|
JSON Object |
For each role, you can add as many (or few) privilege objects as you’d like. The following table indicates how to format the privilege objects for the different resources in your account:
Resource |
objectType |
objectId |
objectName |
operation |
Example |
| Dashboards | dashboard | The id of the dashboard that the permission specified in operation should be granted for. A * can be used to indicate all dashboards. Note that you can only grant permissions for individual dashboards if they are ungrouped. You can find the id for a dashboard in the URL bar of your LogicMonitor account. Alternatively you can make a GET request to LogicMonitor’s REST API dashboards resource. | The name of the dashboard that the permission specified in operation should be granted for. A * can be used to indicate all dashboards. | write | read | {
“objectType” : “dashboard”, “objectId” : “32”, “objectName” : “Resource Allocation”, “operation” : “write” } |
| Dashboard Groups | dashboard_group | The id of the dashboard group that the permission specified in operation should be granted for. A * can be used to indicate all groups. | The name of the dashboard group that the permission specified in operation should be granted for. A * can be used to indicate all groups. | write | read | {
“objectType” : “dashboard_group”, “objectId” : “*”, “objectName” : “*”, “operation” : “write” } |
| Private Dashboards | dashboard_group | private | private | write (ability to create private dashboards) | {
“objectType” : “dashboard_group”, “objectId” : “private”, “objectName” : “private”, “operation” : “write” } |
| Device Groups | host_group | The id of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find the id for a device group in the URL bar of your LogicMonitor account. Alternatively, you can make a GET request to LogicMonitor’s REST API device groups resource. | The name of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. | write | read | ack | {
“objectType” : “host_group”, “objectId” : “*”, “objectName” : “*”, “operation” : “write” } |
| Device Dashboards | deviceDashboard | leave blank | deviceDashboard | write | {
“objectType” : “deviceDashboard”, “objectId” : “”, “objectName” : “deviceDashboard”, “operation” : “write” } |
| Configs Tab | configNeedDeviceManagePermission | leave blank | configNeedDeviceManagePermission | write | {
“objectType” : “configNeedDeviceManagePermission”, “objectId” : “”, “objectName” : “configNeedDeviceManagePermission”, “operation” : “write” } |
| Remote Sessions | remoteSession | The id of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find the id for a device group in the URL bar of your LogicMonitor account. Alternatively, you can make a GET request to LogicMonitor’s REST API device group resource. | The name of the device group(s) that the permission specified in operation should be granted for. A * can be used to indicate all groups. | write | {
“objectType” : “remoteSession”, “objectId” : “*”, “objectName” : “*”, “operation” : “write” } |
| Reports | report_group | The id of the report group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find report group ids with a GET request to LogicMonitor’s REST API report groups resource. | The name of the report group that the permission specified in operation should be granted for. A * can be used to indicate all groups. | write | read | {
“objectType” : “report_group”, “objectId” : “*”, “objectName” : “*”, “operation” : “write” } |
| Services | service_group | The id of the service group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find service group ids with a GET request to LogicMonitor’s REST API service groups resource. | The name of the service group that the permission specified in operation should be granted for. A * can be used to indicate all groups. | write | read | {
“objectType” : “service_group”, “objectId” : “*”, “objectName” : “*”, “operation” : “write” |
| Settings | setting | The name of the settings section that the permission specified in operation should be granted for. A * can be used to indicate all sections. The settings sections are: accesslog, accountinfo, alert, collector.*, collectorgroup.groupId, datasource.*, integration, messagetemplate, useraccess.*, useraccess.personalinfo and useraccess.apitoken | Same as objectId. The name of the settings section that the permission specified in operation should be granted for. A * can be used to indicate all sections. The settings sections are: accesslog, accountinfo, alert, collector.*, collectorgroup.groupId, datasource.*, integration, messagetemplate, useraccess.*, useraccess.personalinfo and useraccess.apitoken | write | read Note that only write is available for useraccess.personalinfo and useraccess.apitoken |
{
“objectType” : “setting”, “objectId” : “collectorgroup.4”, “objectName” : “win7a”, “operation” : “read” } |
| Help & Support Menu (? menu in your account) | help | The name of the Help & Support menu option that the permission specified in operation should be granted for. A * can be used to indicate all options. The Help & Support options are: document (Documentation), chat (Chat with Engineer), support (Support Request), and feedback (Feedback). | help | read (available for all resources except chat) write (available for chat only) |
{
“objectType” : “help”, “objectId” : “chat”, “objectName” : “help”, “operation” : “write” } |
