Details on how to create user with Role via REST API in ASM .
search cancel

Details on how to create user with Role via REST API in ASM .

book

Article ID: 383507

calendar_today

Updated On:

Products

CA App Synthetic Monitor

Issue/Introduction

To achieve an objective of adding users with role a) while creating a new ASM tenant b) add to an existing ASM tenant.

These teams are individual users for example product_team role contains user1@<your companyname.com> , user2@<your companyname.com> AND operation team role with underlying

PDL( <PDL name.pdl>@<your companyname.com>)

and for this  Ops team email PDL so technically every  created  ASM tenant  should have read only access .

When  trying to create a user with a role  however the roles field value in the payload is not used. Its creating user without any role.

How to achieve the following objective ? 

  • Adding users (email ids OR PDL) with role  a) while creating a new ASM tenant b) add to an existing ASM tenant.
  • Also for existing tenants, Is this needs to be done at each tenant level, or user can be added  with read-only role at global level so all tenants can use it?

Environment

ASM

Resolution

1: Anyone on the PDL could initiate password reset request and hijack the account so this something we wont recommend. 

2: You need to create the account individually . Also please note

you cannot add the role in one request, see the documentation. The roles parameter is ignored ,this endpoint is hidden by default, as it is more internal then others and customers are usually not using it. If you want to see it add parameter show=development to the query( ref the https://api.asm.saas.broadcom.com/v3/documentation?show=devel)
 

3: There is no "tenant" concept in ASM it is the  master account in ASM.

Two master accounts in ASM are not aware of each other.  Example: we have 2 master accounts, UserA@<your companyname.com> and UserB@<your companyname.com>.  Let's say that UserA logs in and creates 3 subaccounts, user1, user2 and user3.  Those 3 subaccounts belong only to UserA.  They will NOT be able to belong to UserB.  If UserB logs in and tries to add user1 to itself, it will encounter an error "account with that email already exists". 

Likewise there is no administrative way to link user1 to both UserA and UserB.  It is not allowed.

Even if this was achievable from the API, it still will not work in the GUI and will be extremely difficult to monitor and separate which master account is sending emails to it.

 

Even if this was achievable from the API, it still will not work in the GUI and will be extremely difficult to monitor and separate which master account is sending emails to it.

Basically master accounts can create user based subaccount .

Additional Information

Refer below from ASM documentation 
 

2: CA ASM API