REST API Developer's Guide

About the Roles Resource

You can use LogicMonitor's REST API to programmatically manage the user roles in your account.

 

Using LogicMonitor's REST API, you can:

Note: As with all of our API calls, authentication is required.

Resource URI:

/setting/roles

 

Resource Properties:

All roles have the following properties:

Property

Description

Type

id The Id of the role Integer
name The name of the role String
description The description of the role String
customHelpLabel The label for the custom help URL as it will appear in the Help & Support dropdown menu String
customHelpURL The URL that should be added to the Help & Support dropdown menu String
associatedUserCount The number of users with this role applied Integer
requireEula Whether or not users assigned this role should be required to acknowledge the EULA (end user license agreement) Boolean
privileges The account privileges associated with the role. Privileges can be added to a role for each area of your account, where each privilege object has the following format:
 "privileges" : [ {
        "objectType" : "host_group",
        "objectId" : "*",
        "objectName" : "*",
        "operation" : "write"
      }, {
        "objectType" : "dashboard_group",
        "objectId" : "*",
        "objectName" : "*",
        "operation" : "write"
      }]
JSON Object

 

For each role, you can add as many (or few) privilege objects as you'd like. The following table indicates how to format the privilege objects for the different resources in your account:

Resource

objectType

objectId

objectName

operation

Example

Dashboards dashboard The id of the dashboard that the permission specified in operation should be granted for. A * can be used to indicate all dashboards. Note that you can only grant permissions for individual dashboards if they are ungrouped. You can find the id for a dashboard in the URL bar of your LogicMonitor account. Alternatively you can make a GET request to LogicMonitor's REST API dashboards resource. The name of the dashboard that the permission specified in operation should be granted for. A * can be used to indicate all dashboards. write | read

{

"objectType" : "dashboard",

"objectId" : "32",

"objectName" : "Resource Allocation",

"operation" : "write"

}
Dashboard Groups dashboard_group The id of the dashboard group that the permission specified in operation should be granted for. A * can be used to indicate all groups. The name of the dashboard group that the permission specified in operation should be granted for. A * can be used to indicate all groups. write | read

{

"objectType" : "dashboard_group",

"objectId" : "*",

"objectName" : "*",

"operation" : "write"

}
Private Dashboards dashboard_group private private write (ability to create private dashboards)

{

"objectType" : "dashboard_group",

"objectId" : "private",

"objectName" : "private",

"operation" : "write"

}
Device Groups host_group The id of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find the id for a device group in the URL bar of your LogicMonitor account. Alternatively, you can make a GET request to LogicMonitor's REST API device groups resource. The name of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. write | read | ack {

"objectType" : "host_group",

"objectId" : "*",

"objectName" : "*",

"operation" : "write"

}
Device Dashboards deviceDashboard leave blank deviceDashboard write {

"objectType" : "deviceDashboard",

"objectId" : "",

"objectName" : "deviceDashboard",

"operation" : "write"

}
Configs Tab configNeedDeviceManagePermission leave blank configNeedDeviceManagePermission write {

"objectType" : "configNeedDeviceManagePermission",

"objectId" : "",

"objectName" : "configNeedDeviceManagePermission",

"operation" : "write"

}
Remote Sessions remoteSession The id of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find the id for a device group in the URL bar of your LogicMonitor account. Alternatively, you can make a GET request to LogicMonitor's REST API device group resource. The name of the device group(s) that the permission specified in operation should be granted for. A * can be used to indicate all groups. write {

"objectType" : "remoteSession",

"objectId" : "*",

"objectName" : "*",

"operation" : "write"

}
Reports report_group The id of the report group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find report group ids with a GET request to LogicMonitor's REST API report groups resource. The name of the report group that the permission specified in operation should be granted for. A * can be used to indicate all groups. write | read {

"objectType" : "report_group",

"objectId" : "*",

"objectName" : "*",

"operation" : "write"

}
Services service_group The id of the service group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find service group ids with a GET request to LogicMonitor's REST API service groups resource. The name of the service group that the permission specified in operation should be granted for. A * can be used to indicate all groups. write | read {

"objectType" : "service_group",

"objectId" : "*",

"objectName" : "*",

"operation" : "write"

Settings setting The name of the settings section that the permission specified in operation should be granted for. A * can be used to indicate all sections. The settings sections are: accesslog, accountinfo, alert, collector.*, collectorgroup.groupId, datasource.*, integration, messagetemplate, useraccess.*, useraccess.personalinfo and useraccess.apitoken Same as objectId. The name of the settings section that the permission specified in operation should be granted for. A * can be used to indicate all sections. The settings sections are: accesslog, accountinfo, alert, collector.*, collectorgroup.groupId, datasource.*, integration, messagetemplate, useraccess.*, useraccess.personalinfo and useraccess.apitoken write | read
Note that only write is available for useraccess.personalinfo and useraccess.apitoken
{

"objectType" : "setting",

"objectId" : "collectorgroup.4",

"objectName" : "win7a",

"operation" : "read"

}
Help & Support Menu (? menu in your account) help The name of the Help & Support menu option that the permission specified in operation should be granted for. A * can be used to indicate all options. The Help & Support options are: document (Documentation), chat (Chat with Engineer), support (Support Request), and feedback (Feedback). help read (available for all resources except chat)
write (available for chat only)
{

"objectType" : "help",

"objectId" : "chat",

"objectName" : "help",

"operation" : "write"

}