Platform
Solution
Industry
Role
There is no result.

You can use LogicMonitor’s REST API to programmatically manage the user roles in your account.

Using LogicMonitor’s REST API, you can:

Note: As with all of our API calls, authentication is required.

Resource URI:

/setting/roles

Resource Properties:

All roles have the following properties:

Property

Description

Type
id The Id of the role Integer
name The name of the role String
description The description of the role String
customHelpLabel The label for the custom help URL as it will appear in the Help & Support dropdown menu String
customHelpURL The URL that should be added to the Help & Support dropdown menu String
associatedUserCount The number of users with this role applied Integer
requireEula Whether or not users assigned this role should be required to acknowledge the EULA (end user license agreement) Boolean
privileges The account privileges associated with the role. Privileges can be added to a role for each area of your account, where each privilege object has the following format:
 
 "privileges" : [ {
        "objectType" : "host_group",
        "objectId" : "*",
        "objectName" : "*",
        "operation" : "write"
      }, {
        "objectType" : "dashboard_group",
        "objectId" : "*",
        "objectName" : "*",
        "operation" : "write"
      }]
JSON Object
For each role, you can add as many (or few) privilege objects as you’d like. The following table indicates how to format the privilege objects for the different resources in your account:

Resource

objectType

objectId

objectName

operation

Example
Dashboards dashboard The id of the dashboard that the permission specified in operation should be granted for. A * can be used to indicate all dashboards. Note that you can only grant permissions for individual dashboards if they are ungrouped. You can find the id for a dashboard in the URL bar of your LogicMonitor account. Alternatively you can make a GET request to LogicMonitor’s REST API dashboards resource. The name of the dashboard that the permission specified in operation should be granted for. A * can be used to indicate all dashboards. write | read {

“objectType” : “dashboard”,

“objectId” : “32”,

“objectName” : “Resource Allocation”,

“operation” : “write”

}
Dashboard Groups dashboard_group The id of the dashboard group that the permission specified in operation should be granted for. A * can be used to indicate all groups. The name of the dashboard group that the permission specified in operation should be granted for. A * can be used to indicate all groups. write | read {

“objectType” : “dashboard_group”,

“objectId” : “*”,

“objectName” : “*”,

“operation” : “write”

}
Private Dashboards dashboard_group private private write (ability to create private dashboards) {

“objectType” : “dashboard_group”,

“objectId” : “private”,

“objectName” : “private”,

“operation” : “write”

}
Device Groups host_group The id of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find the id for a device group in the URL bar of your LogicMonitor account. Alternatively, you can make a GET request to LogicMonitor’s REST API device groups resource. The name of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. write | read | ack {

“objectType” : “host_group”,

“objectId” : “*”,

“objectName” : “*”,

“operation” : “write”

}
Device Dashboards deviceDashboard leave blank deviceDashboard write {

“objectType” : “deviceDashboard”,

“objectId” : “”,

“objectName” : “deviceDashboard”,

“operation” : “write”

}
Configs Tab configNeedDeviceManagePermission leave blank configNeedDeviceManagePermission write {

“objectType” : “configNeedDeviceManagePermission”,

“objectId” : “”,

“objectName” : “configNeedDeviceManagePermission”,

“operation” : “write”

}
Remote Sessions remoteSession The id of the device group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find the id for a device group in the URL bar of your LogicMonitor account. Alternatively, you can make a GET request to LogicMonitor’s REST API device group resource. The name of the device group(s) that the permission specified in operation should be granted for. A * can be used to indicate all groups. write {

“objectType” : “remoteSession”,

“objectId” : “*”,

“objectName” : “*”,

“operation” : “write”

}
Reports report_group The id of the report group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find report group ids with a GET request to LogicMonitor’s REST API report groups resource. The name of the report group that the permission specified in operation should be granted for. A * can be used to indicate all groups. write | read {

“objectType” : “report_group”,

“objectId” : “*”,

“objectName” : “*”,

“operation” : “write”

}
Services service_group The id of the service group that the permission specified in operation should be granted for. A * can be used to indicate all groups. You can find service group ids with a GET request to LogicMonitor’s REST API service groups resource. The name of the service group that the permission specified in operation should be granted for. A * can be used to indicate all groups. write | read {

“objectType” : “service_group”,

“objectId” : “*”,

“objectName” : “*”,

“operation” : “write”
Settings setting The name of the settings section that the permission specified in operation should be granted for. A * can be used to indicate all sections. The settings sections are: accesslog, accountinfo, alert, collector.*, collectorgroup.groupId, datasource.*, integration, messagetemplate, useraccess.*, useraccess.personalinfo and useraccess.apitoken Same as objectId. The name of the settings section that the permission specified in operation should be granted for. A * can be used to indicate all sections. The settings sections are: accesslog, accountinfo, alert, collector.*, collectorgroup.groupId, datasource.*, integration, messagetemplate, useraccess.*, useraccess.personalinfo and useraccess.apitoken write | read
Note that only write is available for useraccess.personalinfo and useraccess.apitoken		 {

“objectType” : “setting”,

“objectId” : “collectorgroup.4”,

“objectName” : “win7a”,

“operation” : “read”

}
Help & Support Menu (? menu in your account) help The name of the Help & Support menu option that the permission specified in operation should be granted for. A * can be used to indicate all options. The Help & Support options are: document (Documentation), chat (Chat with Engineer), support (Support Request), and feedback (Feedback). help read (available for all resources except chat)
write (available for chat only)		 {

“objectType” : “help”,

“objectId” : “chat”,

“objectName” : “help”,

“operation” : “write”

}

With LogicMonitor’s REST API you can programmatically add a new role to your LogicMonitor account.

Note: As with all of our API calls, authentication is required

Add a Role

HTTP Method:POST

URI: /setting/roles

Request Parameters:You can POST the following properties for a new role

Property

Description

Required?

Values

Type
name The name of the role Yes Role names are restricted to numbers, letters, and – and _ symbols String
description The description of the role No This value defaults to a blank String String
requireEula Whether or not the users associated with this role should be required to acknowledge the EULA (end user license agreement) No This value defaults to false Boolean
customHelpLabel The label for the custom help URL as it will appear in the Help & Support dropdown menu No This value defaults to a blank String String
customHelpURL The URL that should be added to the Help & Support dropdown menu No This value defaults to a blank String String
privileges The privileges granted to the role, where each privilege object must include:

 

  • objectType
  • objectId
  • operation
 Yes This object should contain nested objects for each privilege granted to the user. JSON Object

NOTE: For more information on the privileges object and how is should be constructed, see the About the Roles Resource page.

Example

The following Python script adds a role ‘DB Team’ with permission to:

The role additionally includes a custom help URL & label that will display under the help menu for the user:

#!/bin/env python

import requests
import json
import hashlib
import base64
import time
import hmac

#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'

#Request Info
httpVerb ='POST'
resourcePath = '/setting/roles'
queryParams = ''
data = '{"name":"DB Team","customHelpLabel":"Internal Support Resources","customHelpURL":"https://logicmonitor.com/support","privileges":[{"objectType":"dashboard_group","objectId":"private","objectName":"private","operation":"write"},{"objectType":"dashboard_group","objectId":4,"objectName":"ABC Corporation","operation":"write"},{"objectType":"dashboard","objectId":77,"objectName":"Resource Allocation","operation":"write"},{"objectType":"host_group","objectId":"*","objectName":"*","operation":"read"},{"objectType":"deviceDashboard","objectId":"","operation":"write"},{"objectType":"setting","objectId":"useraccess.personalinfo","operation":"write"},{"objectType":"setting","objectId":"useraccess.apitoken","operation":"write"},{"objectType":"help","objectId":"chat","objectName":"help","operation":"write"}]}'

#Construct URL 
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams

#Get current time in milliseconds
epoch = str(int(time.time() * 1000))

#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath

#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())

#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}

#Make request
response = requests.post(url, data=data, headers=headers)

#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)
Python 3

You can use LogicMonitor’s REST API to programmatically get information about your LogicMonitor roles. You can either get a list of roles or you can get details for a particular role.

Note: As with all of our API calls, authentication is required.

Get a list of all Roles

Returns a list of roles

HTTP Method: GET

URI: /setting/roles

Request Parameters: By default, a list of 50 roles will be returned. You can include sort, filter, fields, size and offset parameters in your request to control what data is included in the response and how it is formatted.

Property

Syntax

Description

Example URI
sort sort={+ or -}property Sorts the response by the property specified in either increasing (+) or decreasing (-) order /setting/roles?sort=-id
filter filter=property{operator}value Filters the response according to the operator and value specified. Note that you can use * to match on more than one character.You can use the ‘.’ character to filter values within an object (e.g. custom properties), and multiple filters can be separated by a comma.

 

Operators include:

  • Greater than or equals: >:
  • Less than or equals: <:
  • Greater than: >
  • Less than: <
  • Does not equal: !:
  • Equals: :
  • Includes: ~
  • Does not include: !~
 /setting/roles?filter=name:administrator
fields fields={list of properties separated by commas} Filters the response to only include the following fields for each object /setting/roles?fields=name,privileges
size size=integer The number of results to display /setting/roles?size=5
offset offset=integer The number of results to offset the displayed results by /setting/roles?offset=2

Example 1: GET all Roles

The following Python script will return a list of all roles in the api.logicmonitor.com portal.

#!/bin/env python

import requests
import json
import hashlib
import base64
import time
import hmac

#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'

#Request Info
httpVerb ='GET'
resourcePath = '/setting/roles'
queryParams = ''
data = ''

#Construct URL 
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams

#Get current time in milliseconds
epoch = str(int(time.time() * 1000))

#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath

#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())

#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}

#Make request
response = requests.get(url, data=data, headers=headers)

#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)
Python 3

Example 2: GET all Roles

The following Python script will return a list of roles in the api.logicmonitor.com portal, where only the name, associatedUserCount and privileges are returned for each result and the results are sorted in descending order according to the associatedUserCount.

#!/bin/env python

import requests
import json
import hashlib
import base64
import time
import hmac

#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'

#Request Info
httpVerb ='GET'
resourcePath = '/setting/roles'
queryParams = '?fields=name,associatedUserCount,privileges&sort=-associatedUserCount'
data = ''

#Construct URL 
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams

#Get current time in milliseconds
epoch = str(int(time.time() * 1000))

#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath

#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())

#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}

#Make request
response = requests.get(url, data=data, headers=headers)

#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)
Python 3

Get information about a particular role

Returns details for a particular role

HTTP Method:GET

URI: /setting/roles/{id}

Request Parameters: You can include a filter parameter that controls which properties are displayed in the response:

Property

Syntax

Description

Example URI
fields fields={list of properties separated by commas} Filters the response to only include the following fields for each object /setting/roles/{id}?fields=name,associatedUserCount

Example 1: GET one role

The following Python script will return the details for the role with id 8.

#!/bin/env python

import requests
import json
import hashlib
import base64
import time
import hmac

#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'

#Request Info
httpVerb ='GET'
resourcePath = '/setting/roles/8'
queryParams = ''
data = ''

#Construct URL 
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams

#Get current time in milliseconds
epoch = str(int(time.time() * 1000))

#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath

#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())

#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}

#Make request
response = requests.get(url, data=data, headers=headers)

#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)
Python 3

You can use LogicMonitor’s REST API to programmatically update your LogicMonitor roles.

As with all of our API calls, authentication is required.

Update a role

Update an existing role. Note that consistent with REST standards, any properties not specified in a PUT request will revert back to their default values.

HTTP Method:PUT

URI: /setting/roles/{id}

Request Parameters:

Property Description Required? Values Type
name The name of the role Yes Role names are restricted to numbers, letters, and – and _ symbols String
description The description of the role No This value defaults to a blank String String
requireEula Whether or not users associated with this role should be required to acknowledge a EULA (end user license agreement) No This value defaults to false Boolean
customHelpLabel The label for the custom help URL as it will appear in the Help & Support dropdown menu No This value defaults to a blank String String
customHelpURL The URL that should be added to the Help & Support dropdown menu No This value defaults to a blank String String
privileges The privileges granted to the role Yes This object should contain nested objects for each privilege granted to the user. JSON Object

Example

The following Python Script updates the permissions for role 28:

#!/bin/env python

import requests
import json
import hashlib
import base64
import time
import hmac

#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'

#Request Info
httpVerb ='PUT'
resourcePath = '/setting/roles/28'
queryParams = ''
data = '{"name":"Server Team","customHelpLabel":"Internal Support Resources","customHelpURL":"https://logicmonitor.com/support","privileges":[{"objectType":"setting","objectId":"collectorgroup.4","objectName":"collectorgroup.4","operation":"write"},{"objectType":"setting","objectId":"collector.*","objectName":"collector.*","operation":"read"},{"objectType":"dashboard_group","objectId":"private","objectName":"private","operation":"write"},{"objectType":"dashboard_group","objectId":4,"objectName":"ABC Corporation","operation":"write"},{"objectType":"dashboard","objectId":77,"objectName":"Resource Allocation","operation":"write"},{"objectType":"host_group","objectId":"*","objectName":"*","operation":"read"},{"objectType":"deviceDashboard","objectId":"","operation":"read"},{"objectType":"setting","objectId":"useraccess.personalinfo","operation":"write"},{"objectType":"setting","objectId":"useraccess.apitoken","operation":"write"},{"objectType":"help","objectId":"chat","objectName":"help","operation":"write"}]}'

#Construct URL 
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams

#Get current time in milliseconds
epoch = str(int(time.time() * 1000))

#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath

#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())

#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}

#Make request
response = requests.put(url, data=data, headers=headers)

#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)
Python 3

With LogicMonitor’s REST API you can programmatically delete your LogicMonitor roles.

As with all of our API calls, authentication is required.

Delete a role

Delete an existing role.

HTTP Method:DELETE

URI: /setting/roles/{id}

Example

The following Python script deletes the role with an id of 28:

#!/bin/env python

import requests
import json
import hashlib
import base64
import time
import hmac

#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'

#Request Info
httpVerb ='DELETE'
resourcePath = '/setting/roles/28'
queryParams = ''
data = ''

#Construct URL 
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams

#Get current time in milliseconds
epoch = str(int(time.time() * 1000))

#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath

#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())

#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}

#Make request
response = requests.delete(url, data=data, headers=headers)

#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)
Python 3