Rest API calls to update user roles and CM group memberships
search cancel

Rest API calls to update user roles and CM group memberships

book

Article ID: 262120

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We are trying to use Rest API calls to automate management of user roles and Credential Manager group memberships. We reviewed the available calls on the Settings > Api Doc page but couldn't quite figure out how to do this. Can it be done, and if so, can you provide examples?

 

Environment

Applies to any PAM release as of March 2023.

Resolution

How to update roles and PA group memberships is documented on the API Doc page for the "PUT /api.php/v1/users.json" resource:

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=qieBRtz9qkDwnaS2rAZXqA==

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=kCBdPaZLZIEsjp3Iz23QoA==

 

Here is an example body:

{
  "userId":"27001",
  "roles": [
    {
      "roleId": "16",
      "userGroups": [0],
      "deviceGroups": [0],
      "paGroupFilter": 1
    }
  ],
  "paUserGroups":[4001,5001]
}

 

Role ID 16 is Password Manager. You get the list of roles with IDs from the "GET /api.php/v1/roles.json" resource. The PA user group IDs are found in the "GET /api.php/v1/passwords/userGroups.json" response.

Note that this call will set the roles and PA user groups for the user, not add to the list. Thus you have to include all existing memberships, or they will be removed from the user.

Powered by Wolken Software