Create Security Roles

{ createRoles }

Adds multiple security roles to the system.

Method

/API2/access/createRoles

  • API Section: /API2/access
  • API Version: 2.0
  • From Release: 2018.5
  • Method operates via POST actions only.
  • Input Parameters

    Name

    roleData

    Object Type

    Description

    Output Response

    Successful Result Code

    200

    Response Type

    Description of Response Type

    Generic API response object with success or failure flag and related messages.

    Notes

    The added roles are simply shells. Use 'AddUserToRole' method to attach users to the roles to make them effective

    Examples
    Create new Active Directory user (JavaScript):

    This example demonstrates how to find and add a new user and roles in Pyramid, when using Active Directory authentication.

    The example uses API authentication driven from JavaScript. See Authentication APIs for alternatives.

    // URL of the Pyramid installation and the path to the API 2.0 REST methods
    var pyramidURL = "http://mysite.com/api2/";
    
    // step 1: authenticate admin account and get token. 
    //This assumes authentication with Windows Authentication SSO. Therefore the account logging on is an admin account.
    // NOTE: callApi method is a generic REST method shown below. And inside it, xhttp.withCredentials = true;
    				
    let token = callApi("auth/authenticateUserWindows",{},false); 
    log("got token "+token);
    
    //step 2: Get the defult tenant.
    let defaultTenantResult = callApi("access/getDefaultTenant",{
    	"auth": token // admin token generated above
    });
    let tenantId = defaultTenantResult.data;
    log("default tenant, id= "+tenantId);
    
    //step 3: search for an active directory user in the AD itself
    let searchUsers=callApi("access/searchAdUsers",{
    	"ldapUsersSearch":{
    		"domainNetBios":"myAdDomain",
    		"searchValue":"Smith",
    		"ldapSearchType": 0, //search type enumeriation. 0 = exact
    	},
    	"auth": token // admin token generated above
    });
    
    
    let adUser = searchUsers.data[0];
    log("adUser = "+adUser.firstName);
    
    //step 4: creating a user using the results from the search in step 3
    let createUser = callApi("access/createAdUser",{
    	"newLdapUser": {
    	"userName": adUser.userName, //using the search result from step 3 above
    	"adminType": 0, //admin type
    	"clientLicenseType": 100,//ClientLicenseType.Viewer
    	"statusID": 1,
    	"tenantId": tenantId, //tenant Id from above
    	"adDomainName":"myAdDomain" 
    	},
    	"auth": token // admin token generated above
    });
    let userId = createUser.data.modifiedList[0].id;
    log("created user "+userId);
    
    
    //step 5: optional, changing the user from Viewer to Professional
    let updateUser=callApi("access/updateAdUsers",{
    	"updateLdapUser":[{
    		"userName": adUser.userName,
    		"adDomainName":"myAdDomain",
    		"clientLicenseType": 200,//ClientLicenseType.Professional
    	}],
    	"auth": token
    });
    
    
    //step 6: creating 2 roles
    let createRole=callApi("access/createRoles",{
    	"data": [{
    		"roleName": "role1",
    		"tenantId": tenantId,
    		"isGroupRole": false
    	},{
    		"roleName": "role2",
    		"tenantId": tenantId,
    		"isGroupRole": false
    	}],
    	"auth": token
    });
    
    let role1 = createRole.data.modifiedList[0].id;
    let role2 = createRole.data.modifiedList[1].id;
    log("created roles "+role1+","+role2);
    
    //step 7: binding user to role1 from step 6
    let addUserToRole=callApi("access/addUserToRole",{
    	"addUserRoleData": {
    		"userId":userId,
    		"roleId":role1
    	},
    	"auth": token
    });
    
    
    //step 8: searchAdGroupsForUser, searching for AD groups of the given user in the given domain
    let groups=callApi("access/searchAdGroupsForUser",{
    	"searchData": {
    		"domainNetBios":"myAdDomain",
    		"userName":adUser.userName
    	},
    	"auth": token
    });
    log("groups of " + adUser.userName" + "+JSON.stringify(groups.data));
    let selectedGroup=groups.data[0];
    
    
    //step 9: add role2 to the AD security group from step 8
    let addRoleToAdGroup=callApi("access/changeRoleAdGroupMembership",{
    	"roleAdGroups": {
    		"roleId":role2,
    		"groupsToAdd":[{
    			"domainNetBios":selectedGroup.domainAddress,
    			"groupName":selectedGroup.name
    		}]
    	},
    	"auth": token
    });
    log("addRoleToAdGroup "+JSON.stringify(addRoleToAdGroup));
    
    //step 10: optional get all groups by role - this will find the selected Group from step 9
    let groupsFound=callApi("access/getGroupsByRole",{
    	"roleId":role2,
    	"auth": token
    });
    log("found group "+groupsFound.data[0].name);
    
    // ##### optional generic logging method for debugging ##############
    function log(msg){
    	document.write(msg);
    	console.log(msg);
    }
    
    // ##### generic REST API calling method ##############
    function callApi(path,data,parseResult=true){
    	var xhttp = new XMLHttpRequest();
    	
    	//notice we changed callApi and added xhttp.withCredentials = true; to pass the windows credentials
    	xhttp.withCredentials = true;
    	
    	xhttp.open("POST", pyramidURL+path, false);
    	xhttp.send(JSON.stringify(data));
    	if(parseResult){
    		return JSON.parse(xhttp.responseText);
    	}else{
    		return xhttp.responseText;
    	}
    }
    
    
    		
    Running Queries and Slicers programmatically (JavaScript):

    This example demonstrates how to run queries and slicers (parameters) programmatically to extract results.

    The example uses API authentication driven from JavaScript. See Authentication APIs for alternatives.

    // URL of the Pyramid installation and the path to the API 2.0 REST methods
    var pyramidURL = "http://mysite.com/api2/";
    
    
    // step 1: authenticate admin account and get token
    // NOTE: callApi method is a generic REST method shown below.
    let token = callApi("auth/authenticateUser",{
    	"data":{
    		"userName":"adminUser",
    		"password":"abc123!"
    	}
    },false);
    
    
    //step 2: get default tenant
    let defaultTenantResult = callApi("access/getDefaultTenant",{
    	"auth": token
    });
    let tenantId = defaultTenantResult.data;
    
    //step 3: retrieve all profiles for a specific tenant
    let getAllProfilesByTenantId= callApi("access/getAllProfilesByTenantId ",{
    	"tenantId": tenantId,
    	"auth": token
    });
    
    
    //step 4A: add a new profile called "Consumers" using the numeric approach
    
    //	build the numeric value by summing the bit switches for each item needed.
    // assume we want to have advanced (9) and discovery (3) choices on
    
    let bitNum = (2^3) + (2^9)
    
    
    let saveProfile= callApi("access/addProfile",{
    	"profileApiData": {
    		"name":"Consumers",
    		"description":"Basic tools for consumer user types",
    		"permissions":{"numeric":bitNum},
    		"tenantId":tenantId
    	},
    	"auth": token
    });
    
    let profileId = saveProfile.data.modifiedList[0].id
    
    //step 4B: add a new profile called "Consumers" using the array approach
    // assume we want to have advanced (9) and discovery (3) choices on
    
    let saveProfile2= callApi("access/addProfile",{
    	"profileApiData": {
    		"name":"Consumers",
    		"description":"Basic tools for consumer user types",
    		"permissions":{"permissionBitIndexList":[9,3]},
    		"tenantId":tenantId
    	},
    	"auth": token
    });
    
    let profileId = saveProfile2.data.modifiedList[0].id
    
    
    //step 5: creating roles
    let createRole=callApi("access/createRoles",{
    	"data": [{
    		"roleName": "prole1",
    		"tenantId": tenantId,
    		"isGroupRole": false
    	},{
    		"roleName": "prole2",
    		"tenantId": tenantId,
    		"isGroupRole": false
    	}],
    	"auth": token
    });
    let role1 = createRole.data.modifiedList[0].id;
    let role2 = createRole.data.modifiedList[1].id;
    log("created roles "+role1+","+role2);
    
    
    //step 6: bind new profile to role1
    let updateRolesByProfileId=callApi("access/updateRolesByProfileId",{
    	"profileRolesData": {
    		"profileId":profileId,
    		"rolesToAdd":[role1],
    		"rolesToRemove":[]
    	},
    	"auth": token
    });
    
    //step 7: retrieve all roles with a given profile
    let allProfileRoles= callApi("access/getAllRolesByProfileId",{
    	"profileId": profileId,
    	"auth": token
    });
    
    //step 8: delete the profile
    let deleteProfile= callApi("access/deleteProfile",{
    	"profileId": profileId,
    	"auth": token
    });
    
    
    // ##### optional generic logging method for debugging ##############
    function log(msg){
    	document.write(msg);
    	console.log(msg);
    }
    
    // ##### generic REST API calling method ##############
    function callApi(path,data,parseResult=true){
    	var xhttp = new XMLHttpRequest();
    	xhttp.open("POST", pyramidURL+path, false);
    	xhttp.send(JSON.stringify(data));
    	if(parseResult){
    		return JSON.parse(xhttp.responseText);
    	}else{
    		return xhttp.responseText;
    	}
    }