Provisioning roles using API

Overview

Starting with Uptycs portal release 46025, Uptycs provides entity level granular user permissions through roles.

This document outlines the process to create roles using API - with examples.

Procedure

-- Create a new role

$ urestapi -k <api_key> -m POST -a /roles -D <role_attribs.json>

-- Modify permissions on an existing role

$ urestapi -k <api_key> -m PUT -a /roles/<role_id> -D <roles_permissions.json>

-- Assigning role to a user

$ urestapi -k <api_key> -m PUT -a /users/<user_id> -D <role_assign.json>

IMPORTANT NOTE : Certain minimal permissions are assigned to a role by default even if they are not provisioned. Refer to the following article for details - Minimal permissions assigned to a role

Examples

Note : All files used in these examples are attached to this solution for reference.

--Create a new role

$ urestapi -k api_key.json -m POST -a /roles -D custom_role.json

{

"createdAt": "2019-09-12T18:14:49.048Z",

"createdBy": "92560add-7848-4f0e-ac4f-2d461f748351",

"custom": true,

"customerId": "38ff7fb8-791e-4b0a-84c3-8b6c234da8a5",

"description": null,

"hidden": false,

"id": "3d1f5744-55b1-4a77-9215-c9ead6f53784",

"links": [

{

"href": "/api/customers/38ff7fb8-791e-4b0a-84c3-8b6c234da8a5/roles/3d1f5744-55b1-4a77-9215-c9ead6f53784",

"rel": "self",

"title": "Role"

{

"href": "/api/customers/38ff7fb8-791e-4b0a-84c3-8b6c234da8a5/roles",

"rel": "parent",

"title": "Roles"

}

"name": "minimum_role",

"permissions": [

"OBJECT_GROUP:READ",

"SNAPSHOT:READ",

"TEMPLATE:READ",

"THREAT:READ",

"USER:READ",

"USER_ROLE:READ",

"CURRENT_USER:UPDATE",

"CUSTOMER:QUERY",

"ASSET:QUERY",

"OSQUERY:DOWNLOAD",

"OSQUERY:READ",

"DASHBOARD:READ",

"CURRENT_USER_PREFERENCE:READ",

"CURRENT_USER_PREFERENCE:CREATE",

"CURRENT_USER_PREFERENCE:UPDATE",

"CURRENT_USER_PREFERENCE:DELETE",

"CURRENT_USER_REPORT_SCHEDULE:CREATE",

"CURRENT_USER_REPORT_SCHEDULE:READ",

"CURRENT_USER_REPORT_SCHEDULE:UPDATE",

"CURRENT_USER_REPORT_SCHEDULE:DELETE",

"CUSTOM_PROFILE:READ",

"QUERY_JOB:CREATE",

"QUERY_JOB:READ",

"QUERY_JOB:UPDATE",

"QUERY_JOB:DELETE",

"EVENT_EXCLUDE_PROFILE:READ",

"ATC_QUERY:READ",

"REGISTRY_PATH:READ",

"AUDIT_RULE:READ",

"EXTERNAL_DASHBOARD:READ",

"MALWARE_ACCOUNT:READ",

"SIGNATURE:READ",

"QUERY_JOB_REALTIME:CREATE",

"QUERY_JOB_REALTIME:READ",

"QUERY_JOB_REALTIME:UPDATE",

"QUERY_JOB_REALTIME:DELETE"

"updatedAt": "2019-09-12T18:14:49.048Z",

"updatedBy": null

}

-- Modify permissions on an existing role:

$ urestapi -k api_key.json -m PUT -a /roles/3d1f5744-55b1-4a77-9215-c9ead6f53784 -D roles_permission.json

{

"createdAt": "2019-09-12T18:14:49.048Z",

"createdBy": "92560add-7848-4f0e-ac4f-2d461f748351",

"custom": true,

"customerId": "38ff7fb8-791e-4b0a-84c3-8b6c234da8a5",

"description": null,

"hidden": false,

"id": "3d1f5744-55b1-4a77-9215-c9ead6f53784",

"links": [

{

"href": "/api/customers/38ff7fb8-791e-4b0a-84c3-8b6c234da8a5/roles/3d1f5744-55b1-4a77-9215-c9ead6f53784",

"rel": "self",

"title": "Role"

{

"href": "/api/customers/38ff7fb8-791e-4b0a-84c3-8b6c234da8a5/roles",

"rel": "parent",

"title": "Roles"

}

"name": "minimum_role",

"permissions": [

"ALERT:READ",

"ALERT_RULE:READ",

"ASSET:READ",

"CUSTOMER:READ",

"FIM:READ",

"FLAG:READ",

"OBJECT_GROUP:READ",

"SCHEDULED_GROUP:READ",

"SCHEDULED_QUERY:READ",

"SNAPSHOT:READ",

"CURRENT_USER:UPDATE",

"CUSTOMER:QUERY",

"ASSET:QUERY",

"OSQUERY:DOWNLOAD",

"OSQUERY:READ",

"FEATURE_SET:READ",

"DASHBOARD:READ",

"QUERY_JOB:CREATE",

"QUERY_JOB:READ",

"QUERY_JOB:UPDATE",

"QUERY_JOB:DELETE",

"EXTERNAL_DASHBOARD:READ",

"SIGNATURE:READ"

"updatedAt": "2019-09-12T18:17:31.621Z",

"updatedBy": "92560add-7848-4f0e-ac4f-2d461f748351"

}

-- Assigning role to a user:

$ urestapi -k api_key.json -m PUT -a /users/34686075-92c8-416b-960c-085a53d2f342 -D role_assign.json

{

"active": true,

"admin": false,

"createdAt": "2019-05-02T19:34:22.929Z",

"customerId": "38ff7fb8-791e-4b0a-84c3-8b6c234da8a5",

"email": "ktatavarti@uptycs.com",

"id": "34686075-92c8-416b-960c-085a53d2f342",

"imageUrl": null,

"links": [

{

"href": "/api/customers/38ff7fb8-791e-4b0a-84c3-8b6c234da8a5/users/34686075-92c8-416b-960c-085a53d2f342",

"rel": "self",

"title": "User information"

{

"href": "/api/customers/38ff7fb8-791e-4b0a-84c3-8b6c234da8a5/users",

"rel": "parent",

"title": "Users information"

{

"href": "/api/customers/38ff7fb8-791e-4b0a-84c3-8b6c234da8a5/users/34686075-92c8-416b-960c-085a53d2f342/apikeys",

"rel": "apikeys",

"title": "API keys information"

}

"maxIdleTimeMins": 30,

"name": "minimum_role",

"password": null,

"phone": "",

"priorLogin": true,

"superAdmin": false,

"support": false,

"updatedAt": "2019-08-01T15:09:53.634Z",

"userObjectGroups": [

{

"createdAt": "2019-05-02T19:34:22.951Z",

"createdBy": "0c2397ef-b993-4c05-bf7c-79c3c0fe2686",

"customerId": "38ff7fb8-791e-4b0a-84c3-8b6c234da8a5",

"id": "c6ec2a9c-7b47-4f01-b69c-5b51a5e898ff",

"objectGroupId": "38196e03-d455-4e51-90e4-bc87b5332ca8",

"object_group_id": "38196e03-d455-4e51-90e4-bc87b5332ca8",

"updatedAt": "2019-05-02T19:34:22.951Z",

"updatedBy": "0c2397ef-b993-4c05-bf7c-79c3c0fe2686",

"userId": "34686075-92c8-416b-960c-085a53d2f342"

}

"userRoles": [

{

"createdAt": "2019-09-12T18:26:11.637Z",

"createdBy": "92560add-7848-4f0e-ac4f-2d461f748351",

"customerId": "38ff7fb8-791e-4b0a-84c3-8b6c234da8a5",

"id": "20d8291e-4427-4df0-b4aa-55b67f3c1215",

"role": {

"createdAt": "2019-08-01T14:49:39.096Z",

"createdBy": "92560add-7848-4f0e-ac4f-2d461f748351",

"custom": true,

"customerId": "38ff7fb8-791e-4b0a-84c3-8b6c234da8a5",

"description": null,

"hidden": false,

"id": "3d1f5744-55b1-4a77-9215-c9ead6f53784",

"name": "minimum_role",

"permissions": [

"ALERT:READ",

"ALERT_RULE:READ",

"ASSET:READ",

"CUSTOMER:READ",

"DESTINATION:READ",

"EVENT:READ",

"EVENT_RULE:READ",

"EXCEPTION:READ",

"FIM:READ",

"FLAG:READ",

"OBJECT_GROUP:READ",

"PROFILE:READ",

"PROMETHEUS_TARGET:READ",

"QUERY:READ",

"QUERY_PACK:READ",

"REPORT:READ",

"REPORT_RUN:READ",

"SCHEMA:READ",

"SCHEDULED_GROUP:READ",

"SCHEDULED_QUERY:READ",

"SNAPSHOT:READ",

"TAG:READ",

"TAG_RULE:READ",

"TEMPLATE:READ",

"THREAT:READ",

"USER:READ",

"USER_ROLE:READ",

"CURRENT_USER:UPDATE",

"CUSTOMER:QUERY",

"ASSET:QUERY",

"OSQUERY:DOWNLOAD",

"OSQUERY:READ",

"FEATURE_SET:READ",

"DASHBOARD:READ",

"CURRENT_USER_PREFERENCE:READ",

"CURRENT_USER_PREFERENCE:CREATE",

"CURRENT_USER_PREFERENCE:UPDATE",

"CURRENT_USER_PREFERENCE:DELETE",

"CURRENT_USER_REPORT_SCHEDULE:CREATE",

"CURRENT_USER_REPORT_SCHEDULE:READ",

"CURRENT_USER_REPORT_SCHEDULE:UPDATE",

"CURRENT_USER_REPORT_SCHEDULE:DELETE",

"COMPLIANCE_FAILURE:READ",

"COMPLIANCE_FAILURE:UPDATE",

"CUSTOM_PROFILE:READ",

"QUERY_JOB:CREATE",

"QUERY_JOB:READ",

"QUERY_JOB:UPDATE",

"QUERY_JOB:DELETE",

"EVENT_EXCLUDE_PROFILE:READ",

"ATC_QUERY:READ",

"REGISTRY_PATH:READ",

"AUDIT_RULE:READ",

"EXTERNAL_DASHBOARD:READ",

"MALWARE_ACCOUNT:READ",

"MALWARE_CHECKSUM_CACHE:READ",

"SIGNATURE:READ",

"LOOKUP_TABLE:READ",

"QUERY_JOB_REALTIME:CREATE",

"QUERY_JOB_REALTIME:READ",

"QUERY_JOB_REALTIME:UPDATE",

"QUERY_JOB_REALTIME:DELETE"

"updatedAt": "2019-08-30T15:40:57.427Z",

"updatedBy": "92560add-7848-4f0e-ac4f-2d461f748351"

"roleId": "a456e1a1-25b9-4657-8ad1-9218d3df8cf8",

"updatedAt": "2019-09-12T18:26:11.637Z",

"updatedBy": "92560add-7848-4f0e-ac4f-2d461f748351",

"userId": "34686075-92c8-416b-960c-085a53d2f342"

{

"createdAt": "2019-09-12T18:26:11.637Z",

"createdBy": "92560add-7848-4f0e-ac4f-2d461f748351",

"customerId": "38ff7fb8-791e-4b0a-84c3-8b6c234da8a5",

"id": "2d91064c-a456-43d2-995b-91a241b438e4",

"role": {

"createdAt": "2019-02-13T22:08:12.334Z",

"createdBy": null,

"custom": false,

"customerId": "38ff7fb8-791e-4b0a-84c3-8b6c234da8a5",

"description": "Default user role",

"hidden": false,

"id": "6104a7d8-6016-4537-9a44-fad2f946b0a2",

"name": "user",

"permissions": [

"ALERT:READ",

"ALERT_RULE:READ",

"ASSET:READ",

"CUSTOMER:READ",

"DESTINATION:READ",

"EVENT:READ",

"EVENT_RULE:READ",

"EXCEPTION:READ",

"FIM:READ",

"FLAG:READ",

"OBJECT_GROUP:READ",

"PROFILE:READ",

"PROMETHEUS_TARGET:READ",

"QUERY:READ",

"QUERY_PACK:READ",

"REPORT:READ",

"REPORT_RUN:READ",

"SCHEMA:READ",

"SCHEDULED_GROUP:READ",

"SCHEDULED_QUERY:READ",

"SNAPSHOT:READ",

"TAG:READ",

"TAG_RULE:READ",

"TEMPLATE:READ",

"THREAT:READ",

"USER:READ",

"USER_ROLE:READ",

"CURRENT_USER:UPDATE",

"CUSTOMER:QUERY",

"ASSET:QUERY",

"OSQUERY:DOWNLOAD",

"OSQUERY:READ",

"FEATURE_SET:READ",

"DASHBOARD:READ",

"CURRENT_USER_PREFERENCE:READ",

"CURRENT_USER_PREFERENCE:CREATE",

"CURRENT_USER_PREFERENCE:UPDATE",

"CURRENT_USER_PREFERENCE:DELETE",

"CURRENT_USER_REPORT_SCHEDULE:CREATE",

"CURRENT_USER_REPORT_SCHEDULE:READ",

"CURRENT_USER_REPORT_SCHEDULE:UPDATE",

"CURRENT_USER_REPORT_SCHEDULE:DELETE",

"COMPLIANCE_FAILURE:READ",

"COMPLIANCE_FAILURE:UPDATE",

"CUSTOM_PROFILE:READ",

"QUERY_JOB:CREATE",

"QUERY_JOB:READ",

"QUERY_JOB:UPDATE",

"QUERY_JOB:DELETE",

"EVENT_EXCLUDE_PROFILE:READ",

"ATC_QUERY:READ",

"REGISTRY_PATH:READ",

"AUDIT_RULE:READ",

"EXTERNAL_DASHBOARD:READ",

"MALWARE_ACCOUNT:READ",

"MALWARE_CHECKSUM_CACHE:READ",

"SIGNATURE:READ",

"LOOKUP_TABLE:READ",

"QUERY_JOB_REALTIME:CREATE",

"QUERY_JOB_REALTIME:READ",

"QUERY_JOB_REALTIME:UPDATE",

"QUERY_JOB_REALTIME:DELETE"

"updatedAt": "2019-08-30T15:40:57.435Z",

"updatedBy": null

"roleId": "6104a7d8-6016-4537-9a44-fad2f946b0a2",

"updatedAt": "2019-09-12T18:26:11.637Z",

"updatedBy": "92560add-7848-4f0e-ac4f-2d461f748351",

"userId": "34686075-92c8-416b-960c-085a53d2f342"

}

]

}

Related Articles

Provisioning roles through Uptycs portal

Related Articles
Delete duplicate assets using the API
Duplicate asset (hostname) on Uptycs platform could be a result of particular asset being in rotation or being used a a loaner laptop in which case, uuid of the asset remains the same and the asset is recorded under different hostnames. Following ...
Create Custom Threat Source using API
The article includes the API query to create and update the threat source. We support uploading CSV as of now. To create Threat source: curl --location --request POST ...
Creating and testing multiple similar alerts using API
This article shows how to create or update multiple Alert Rules using SQL script with up to 4 parameters. Save SQL script in a separate file. The script can have up to 4 variables Edit the config file and update all variables as needed. The script ...
Generate JWT Token using PowerShell CMDLETS
With just PowerShell Cmdlets, you can generate a Bearer Auth Token using the following steps. # please install JWT module in PowerShell Install-Module JWT # cmdlet to generate JWT Token New-Jwt -Header '{"alg": "HS256", "typ": "JWT"}' -PayloadJson ...
Create Custom Event Exclusion Profile via API
It may be a lengthy process to create an event exclusion profile with many entries using the GUI. This article shows how to create two custom event exclusion profiles via the API. The urestapi tool is used (https://pypi.org/project/urestapi/). ...

Provisioning roles using API

Provisioning roles using API

Related Articles

Delete duplicate assets using the API

Create Custom Threat Source using API

Creating and testing multiple similar alerts using API

Generate JWT Token using PowerShell CMDLETS

Create Custom Event Exclusion Profile via API