Create Role

Creates a partner- or client-level role.

A role defines permission sets to user and -user groups on devices and device groups. A user (or user group) can be assigned to one or more roles

Create a Role with Scope: MSP and Provide Visibility of Specific Clients

  • Create a role that is applicable only for partners.
  • Users in this role can view only specific clients:

Create a Role with Scope: MSP and Provide Visibility of All Clients, Devices, and Credentials

  • Create a role that applies only for a partner.
  • Users in this role can view all clients (under the partner)

Create a Role with Scope: Client and Provide Visibility of All Devices and Credentials

Create a role that is applicable only for a partner:

  • Users in the role can view all clients under the partner.
  • Users in the role can view all client devices and credentials.

Create a Role with Scope: Client and Provide Visibility of Specific Devices, and Credentials

Create a role that is applicable for client:

  • Users in the role can view all client devices.
  • Users in the role can view all client credential sets.

Path Parameters

  • tenantIdstringrequired

    Describes the clientId or mspId of the tenant

Request Body

application/json

  • uniqueIdstring

    Role unique Identifier uuid.

  • namestring

    Role name.

  • descriptionstring

    Short summary describing a role.

  • scopestring

    Define the applicability of a role. - Provide scope: MSP to create a partner-level role. Note: MSP indicates a Partner. - Provide scope: CLIENT to create a client-level role.

    Enum:
    MSPCLIENT
  • usersarray

    Assign users to a role. Note: - Only partner users can be assigned to a partner specific role. - Only client users can be assigned a client specific role.

  • userGroupsarray

    Assign users to a role. Note: - Only partner users can be assigned to a partner specific role. - Only client users can be assigned a client specific role.

  • clientsarray

    Configure the visibility of clients for users in a role: - For partner-level users: To allow users of a role to view specific clients, provide the respective client IDs. Note: You can also create a role without visibility of any clients. - For client-level users: To assign a role to specific clients, provide the respective client IDs.

  • devicesarray

    Configure the visibility of devices for users in a role: A partner and client specific roles can be created with visibility to all devices, specific devices and without any devices.

  • allDevicesboolean

    (Optional) - For partner specific role: To allow all users to view all client devices for a partner, provide allDevices: true. - For client specific role: To allow users to view all client devices, provide allDevices: true.

  • deviceGroupsarray

    (Optional) For partner specific role: To allow all users to view all client devices for a partner, provide allDevices: true. For client specific role: To allow users to view all client devices, provide allDevices: true.

  • credentialSetsarray

    Configure visibility of credentials sets for users in a role: A partner or client specific role can be created to allow users in a role to view all credentials, specific credentials, or no credentials.

  • allCredentialsboolean

    (Optional) - For partner specific role: To allow users in a role to view all credentials sets of all clients for a partner, provide allCredentials: true. - For client specific role: To allow users in a role to view all credential sets of all clients, provide allCredentials: true. Credential sets are client-specific. To allow users in a role to view only specific credential sets, provide only the credential set IDs of the client provided in clients.

  • permissionsarray

    Assign permission sets to a role. All users in a role would be assigned these permissions. Search Permissions Sets API is used to get the list of permissions for a partner or client.

  • defaultRoleboolean

Request Body Samples

{
  "name": "Network Admin",
  "description": "Client Network Administrator",
  "scope": "MSP",
  "clients": [
    {
      "uniqueId": "client_8"
    },
    {
      "uniqueId": "client_9"
    }
  ],
  "users": [
    {
      "id": "USR0000000011"
    },
    {
      "id": "USR0000000013"
    }
  ],
  "userGroups": [
    {
      "uniqueId": "USRGRP-5dd6cb59-b4cf-083a-29f6-7f6fc2688fd3"
    },
    {
      "uniqueId": "USRGRP-98c1733f-0429-001d-8196-54a85e15d49d"
    }
  ],
  "devices": [
    {
      "id": "49429c1c-aba5-4c1a-92c5-dd66211a5b73"
    },
    {
      "id": "ec9ac14c-c566-41da-8b61-1452357b6506"
    }
  ],
  "deviceGroups": [
    {
      "id": "DGP-fbbabccc-578b-4658-9475-178ab034c20b"
    },
    {
      "id": "DGP-3cac84fa-1613-4035-ac23-e44c0a450a9c"
    }
  ],
  "credentialSets": [
    {
      "uniqueId": "GxGJJk65Vr6mGUTx8uGBgMNx"
    },
    {
      "uniqueId": "y9rxRm4sMP6u5sWRKMqUu6cz"
    }
  ],
  "permissions": [
    {
      "id": 11
    },
    {
      "id": 13
    }
  ]
}

Responses

  • uniqueIdstring

    Role unique Identifier uuid.

  • namestring

    Role name.

  • descriptionstring

    Short summary describing a role.

  • scopestring

    Define the applicability of a role. - Provide scope: MSP to create a partner-level role. Note: MSP indicates a Partner. - Provide scope: CLIENT to create a client-level role.

    Enum:
    MSPCLIENT
  • usersarray

    Assign users to a role. Note: - Only partner users can be assigned to a partner specific role. - Only client users can be assigned a client specific role.

  • userGroupsarray

    Assign users to a role. Note: - Only partner users can be assigned to a partner specific role. - Only client users can be assigned a client specific role.

  • clientsarray

    Configure the visibility of clients for users in a role: - For partner-level users: To allow users of a role to view specific clients, provide the respective client IDs. Note: You can also create a role without visibility of any clients. - For client-level users: To assign a role to specific clients, provide the respective client IDs.

  • devicesarray

    Configure the visibility of devices for users in a role: A partner and client specific roles can be created with visibility to all devices, specific devices and without any devices.

  • allDevicesboolean

    (Optional) - For partner specific role: To allow all users to view all client devices for a partner, provide allDevices: true. - For client specific role: To allow users to view all client devices, provide allDevices: true.

  • deviceGroupsarray

    (Optional) For partner specific role: To allow all users to view all client devices for a partner, provide allDevices: true. For client specific role: To allow users to view all client devices, provide allDevices: true.

  • credentialSetsarray

    Configure visibility of credentials sets for users in a role: A partner or client specific role can be created to allow users in a role to view all credentials, specific credentials, or no credentials.

  • allCredentialsboolean

    (Optional) - For partner specific role: To allow users in a role to view all credentials sets of all clients for a partner, provide allCredentials: true. - For client specific role: To allow users in a role to view all credential sets of all clients, provide allCredentials: true. Credential sets are client-specific. To allow users in a role to view only specific credential sets, provide only the credential set IDs of the client provided in clients.

  • permissionsarray

    Assign permission sets to a role. All users in a role would be assigned these permissions. Search Permissions Sets API is used to get the list of permissions for a partner or client.

  • defaultRoleboolean

Response Samples

{
  "uniqueId": "ROLE-0074b24b-5c0b-2332-dd99-fea506f6cebd",
  "name": "Network Admin",
  "description": "Client Network Administrator",
  "defaultRole": false,
  "clients": [
    {
      "uniqueId": "client_8",
      "name": "NECE Lab",
      "activated": true
    },
    {
      "uniqueId": "client_9",
      "name": "NECE Corp.",
      "activated": true
    }
  ],
  "users": [
    {
      "id": "USR0000000011",
      "loginName": "NECEInc@opsramp.com",
      "lastName": "Inc Admin",
      "firstName": "NECE",
      "email": "john.smith@gamil.com",
      "phoneNumber": "8096250653"
    },
    {
      "id": "USR0000000013",
      "loginName": "NECEPAdmin@opsramp.com",
      "lastName": "Inc PAdmin",
      "firstName": "NECE",
      "email": "john.smith@gamil.com",
      "phoneNumber": "8096250653"
    }
  ],
  "userGroups": [
    {
      "name": "NECE Inc Users",
      "description": "NECE Partner Users",
      "uniqueId": "USRGRP-5dd6cb59-b4cf-083a-29f6-7f6fc2688fd3"
    },
    {
      "name": "NECE Inc Escalation Users",
      "description": "NECE Inc Escalation Users",
      "uniqueId": "USRGRP-98c1733f-0429-001d-8196-54a85e15d49d"
    }
  ],
  "devices": [
    {
      "id": "43d49023-4c47-4dbf-a59b-9c40610e1ab8",
      "generalInfo": {
        "ipAddresses": "172.24.102.169",
        "hostName": "HYDLPT044"
      },
      "clientUniqueId": "client_8",
      "type": "DEVICE"
    },
    {
      "id": "ec9ac14c-c566-41da-8b61-1452357b6506",
      "generalInfo": {
        "ipAddresses": "172.30.143.112",
        "hostName": "172.30.143.112"
      },
      "clientUniqueId": "client_9",
      "type": "DEVICE"
    }
  ],
  "deviceGroups": [
    {
      "id": "DGP-fbbabccc-578b-4658-9475-178ab034c20b",
      "name": "Testing-dev-group",
      "description": "testing device group",
      "createdDate": "2016-10-20T07:43:48+0000",
      "updatedDate": "2016-10-20T07:43:49+0000"
    },
    {
      "id": "DGP-3cac84fa-1613-4035-ac23-e44c0a450a9c",
      "name": "Up Agent Devices",
      "description": "These are the main devices those always needs to be in up state.",
      "createdDate": "2016-12-03T17:43:05+0000",
      "updatedDate": "2016-12-05T16:00:46+0000"
    }
  ],
  "credentialSets": [
    {
      "uniqueId": "GxGJJk65Vr6mGUTx8uGBgMNx",
      "name": "SSH",
      "secure": false,
      "port": 222,
      "snmpVersion": "V2",
      "description": "SSH Credentials",
      "autoEnableMode": false,
      "universal": true,
      "spSecure": false,
      "spPort": 0,
      "timeoutMs": 10000
    },
    {
      "uniqueId": "y9rxRm4sMP6u5sWRKMqUu6cz",
      "name": "SSH Credential for Device Loggings",
      "secure": false,
      "port": 22,
      "snmpVersion": "V2",
      "description": "SSH Credential for Device Loggings",
      "autoEnableMode": false,
      "universal": true,
      "spSecure": false,
      "spPort": 0,
      "timeoutMs": 10000
    }
  ],
  "permissions": [
    {
      "id": 11,
      "name": "Partner Administrator",
      "description": "Partner Administrator"
    },
    {
      "id": 13,
      "name": "Dispatcher",
      "description": "Dispatcher"
    }
  ]
}