Create Role
Creates a partner- or client-level role.
A role defines permission sets to user and -user groups on devices and device groups. A user (or user group) can be assigned to one or more roles
Create a Role with Scope: MSP and Provide Visibility of Specific Clients
- Create a role that is applicable only for partners.
- Users in this role can view only specific clients:
Create a Role with Scope: MSP and Provide Visibility of All Clients, Devices, and Credentials
- Create a role that applies only for a partner.
- Users in this role can view all clients (under the partner)
Create a Role with Scope: Client and Provide Visibility of All Devices and Credentials
Create a role that is applicable only for a partner:
- Users in the role can view all clients under the partner.
- Users in the role can view all client devices and credentials.
Create a Role with Scope: Client and Provide Visibility of Specific Devices, and Credentials
Create a role that is applicable for client:
- Users in the role can view all client devices.
- Users in the role can view all client credential sets.
Path Parameters
- tenantId
Describes the clientId or mspId of the tenant
Request Body
application/json
- uniqueId
Role unique Identifier uuid.
- name
Role name.
- description
Short summary describing a role.
- scope
Define the applicability of a role. - Provide scope: MSP to create a partner-level role. Note: MSP indicates a Partner. - Provide scope: CLIENT to create a client-level role.
- Enum:
- MSPCLIENT
- users
Assign users to a role. Note: - Only partner users can be assigned to a partner specific role. - Only client users can be assigned a client specific role.
- userGroups
Assign users to a role. Note: - Only partner users can be assigned to a partner specific role. - Only client users can be assigned a client specific role.
- clients
Configure the visibility of clients for users in a role: - For partner-level users: To allow users of a role to view specific clients, provide the respective client IDs. Note: You can also create a role without visibility of any clients. - For client-level users: To assign a role to specific clients, provide the respective client IDs.
- devices
Configure the visibility of devices for users in a role: A partner and client specific roles can be created with visibility to all devices, specific devices and without any devices.
- allDevices
(Optional) - For partner specific role: To allow all users to view all client devices for a partner, provide allDevices: true. - For client specific role: To allow users to view all client devices, provide allDevices: true.
- deviceGroups
(Optional) For partner specific role: To allow all users to view all client devices for a partner, provide allDevices: true. For client specific role: To allow users to view all client devices, provide allDevices: true.
- credentialSets
Configure visibility of credentials sets for users in a role: A partner or client specific role can be created to allow users in a role to view all credentials, specific credentials, or no credentials.
- allCredentials
(Optional) - For partner specific role: To allow users in a role to view all credentials sets of all clients for a partner, provide allCredentials: true. - For client specific role: To allow users in a role to view all credential sets of all clients, provide allCredentials: true. Credential sets are client-specific. To allow users in a role to view only specific credential sets, provide only the credential set IDs of the client provided in clients.
- permissions
Assign permission sets to a role. All users in a role would be assigned these permissions. Search Permissions Sets API is used to get the list of permissions for a partner or client.
- defaultRole
Request Body Samples
{
"name": "Network Admin",
"description": "Client Network Administrator",
"scope": "MSP",
"clients": [
{
"uniqueId": "client_8"
},
{
"uniqueId": "client_9"
}
],
"users": [
{
"id": "USR0000000011"
},
{
"id": "USR0000000013"
}
],
"userGroups": [
{
"uniqueId": "USRGRP-5dd6cb59-b4cf-083a-29f6-7f6fc2688fd3"
},
{
"uniqueId": "USRGRP-98c1733f-0429-001d-8196-54a85e15d49d"
}
],
"devices": [
{
"id": "49429c1c-aba5-4c1a-92c5-dd66211a5b73"
},
{
"id": "ec9ac14c-c566-41da-8b61-1452357b6506"
}
],
"deviceGroups": [
{
"id": "DGP-fbbabccc-578b-4658-9475-178ab034c20b"
},
{
"id": "DGP-3cac84fa-1613-4035-ac23-e44c0a450a9c"
}
],
"credentialSets": [
{
"uniqueId": "GxGJJk65Vr6mGUTx8uGBgMNx"
},
{
"uniqueId": "y9rxRm4sMP6u5sWRKMqUu6cz"
}
],
"permissions": [
{
"id": 11
},
{
"id": 13
}
]
}
Responses
- uniqueId
Role unique Identifier uuid.
- name
Role name.
- description
Short summary describing a role.
- scope
Define the applicability of a role. - Provide scope: MSP to create a partner-level role. Note: MSP indicates a Partner. - Provide scope: CLIENT to create a client-level role.
- Enum:
- MSPCLIENT
- users
Assign users to a role. Note: - Only partner users can be assigned to a partner specific role. - Only client users can be assigned a client specific role.
- userGroups
Assign users to a role. Note: - Only partner users can be assigned to a partner specific role. - Only client users can be assigned a client specific role.
- clients
Configure the visibility of clients for users in a role: - For partner-level users: To allow users of a role to view specific clients, provide the respective client IDs. Note: You can also create a role without visibility of any clients. - For client-level users: To assign a role to specific clients, provide the respective client IDs.
- devices
Configure the visibility of devices for users in a role: A partner and client specific roles can be created with visibility to all devices, specific devices and without any devices.
- allDevices
(Optional) - For partner specific role: To allow all users to view all client devices for a partner, provide allDevices: true. - For client specific role: To allow users to view all client devices, provide allDevices: true.
- deviceGroups
(Optional) For partner specific role: To allow all users to view all client devices for a partner, provide allDevices: true. For client specific role: To allow users to view all client devices, provide allDevices: true.
- credentialSets
Configure visibility of credentials sets for users in a role: A partner or client specific role can be created to allow users in a role to view all credentials, specific credentials, or no credentials.
- allCredentials
(Optional) - For partner specific role: To allow users in a role to view all credentials sets of all clients for a partner, provide allCredentials: true. - For client specific role: To allow users in a role to view all credential sets of all clients, provide allCredentials: true. Credential sets are client-specific. To allow users in a role to view only specific credential sets, provide only the credential set IDs of the client provided in clients.
- permissions
Assign permission sets to a role. All users in a role would be assigned these permissions. Search Permissions Sets API is used to get the list of permissions for a partner or client.
- defaultRole
Response Samples
{
"uniqueId": "ROLE-0074b24b-5c0b-2332-dd99-fea506f6cebd",
"name": "Network Admin",
"description": "Client Network Administrator",
"defaultRole": false,
"clients": [
{
"uniqueId": "client_8",
"name": "NECE Lab",
"activated": true
},
{
"uniqueId": "client_9",
"name": "NECE Corp.",
"activated": true
}
],
"users": [
{
"id": "USR0000000011",
"loginName": "NECEInc@opsramp.com",
"lastName": "Inc Admin",
"firstName": "NECE",
"email": "john.smith@gamil.com",
"phoneNumber": "8096250653"
},
{
"id": "USR0000000013",
"loginName": "NECEPAdmin@opsramp.com",
"lastName": "Inc PAdmin",
"firstName": "NECE",
"email": "john.smith@gamil.com",
"phoneNumber": "8096250653"
}
],
"userGroups": [
{
"name": "NECE Inc Users",
"description": "NECE Partner Users",
"uniqueId": "USRGRP-5dd6cb59-b4cf-083a-29f6-7f6fc2688fd3"
},
{
"name": "NECE Inc Escalation Users",
"description": "NECE Inc Escalation Users",
"uniqueId": "USRGRP-98c1733f-0429-001d-8196-54a85e15d49d"
}
],
"devices": [
{
"id": "43d49023-4c47-4dbf-a59b-9c40610e1ab8",
"generalInfo": {
"ipAddresses": "172.24.102.169",
"hostName": "HYDLPT044"
},
"clientUniqueId": "client_8",
"type": "DEVICE"
},
{
"id": "ec9ac14c-c566-41da-8b61-1452357b6506",
"generalInfo": {
"ipAddresses": "172.30.143.112",
"hostName": "172.30.143.112"
},
"clientUniqueId": "client_9",
"type": "DEVICE"
}
],
"deviceGroups": [
{
"id": "DGP-fbbabccc-578b-4658-9475-178ab034c20b",
"name": "Testing-dev-group",
"description": "testing device group",
"createdDate": "2016-10-20T07:43:48+0000",
"updatedDate": "2016-10-20T07:43:49+0000"
},
{
"id": "DGP-3cac84fa-1613-4035-ac23-e44c0a450a9c",
"name": "Up Agent Devices",
"description": "These are the main devices those always needs to be in up state.",
"createdDate": "2016-12-03T17:43:05+0000",
"updatedDate": "2016-12-05T16:00:46+0000"
}
],
"credentialSets": [
{
"uniqueId": "GxGJJk65Vr6mGUTx8uGBgMNx",
"name": "SSH",
"secure": false,
"port": 222,
"snmpVersion": "V2",
"description": "SSH Credentials",
"autoEnableMode": false,
"universal": true,
"spSecure": false,
"spPort": 0,
"timeoutMs": 10000
},
{
"uniqueId": "y9rxRm4sMP6u5sWRKMqUu6cz",
"name": "SSH Credential for Device Loggings",
"secure": false,
"port": 22,
"snmpVersion": "V2",
"description": "SSH Credential for Device Loggings",
"autoEnableMode": false,
"universal": true,
"spSecure": false,
"spPort": 0,
"timeoutMs": 10000
}
],
"permissions": [
{
"id": 11,
"name": "Partner Administrator",
"description": "Partner Administrator"
},
{
"id": 13,
"name": "Dispatcher",
"description": "Dispatcher"
}
]
}