Changing permissions¶
The permission action makes changes to a user group’s permissions. Users inherit permissions from their user group. There is an additional field used with the permissions action in the user API:
- json
An array of permissions each contains a usergroup identifier (name or ID), the security code, and permission type to be modified.
Expected JSON object:
{
"permissions": {
"add": [
{
"usergroup_name": "Dashboarders",
"permission_type": "gadget",
"seccode": "lLabelCPU"
}
],
"remove": [
{
"usergroup_name": "ReadOnlyReporters",
"permission_type": "plixer",
"seccode": "allGadgets"
}
]
}
}
Field |
Description |
|
permissions |
Contains two arrays, |
|
add/remove |
Each contains an array of objects of permissions and user groups |
|
usergroup_id |
The ID from plixer.usergroups that the user will be added to or removed from |
|
usergroup_name |
An alternative to usergroup_id, and can be the plain text name of the user group |
|
permission_type |
Differentiates the types of permissions. Options include: |
|
Permission |
Description |
|
device |
A hex representation of the IP address of a device (e.g. ‘0A010107’) |
|
interface |
Hyphenated, a hex representation of the IP address of a device followed by the interface index (e.g. ‘0A010107-1’) |
|
group |
The group ID of a map/device group from plixer.groups |
|
report |
The |
|
gadget |
The |
|
thirdparty |
The id of a third-party link from plixer.third_party |
|
bboard |
The bulletin board id from plixer.alm_bulletin_boards |
|
plixer |
A static string of permission codes we use for different parts of the product (e.g. ‘adminTab’ or ‘viewUserIdentity’). There are over 30 of these on initial install and control a wide range of feature access. |
|
seccode |
Another field in plixer.usergroups_permissions and contains the permission. It will be different depending on the “type” (e.g. “1” for interface 1, “0A010107” for a device, etc.) |
|
seccode |
Description |
|
3rdPartyIntegration |
Create, edit, and delete third-party integration links |
|
ackBBEvent |
Ability to acknowledge events on Alarms tab bulletin boards |
|
adminTab |
Access the Admin Tab |
|
alarmSettings |
Configure alarm notifications |
|
alarmsTab |
Access the Alarms tab |
|
allBBoards |
View all Alarms bulletin boards |
|
allDevices |
The status of all devices and each of their interfaces |
|
allGadgets |
Every gadget created on the Dashboards tab, by any user |
|
allGroups |
Access to all maps/device groups created in Scrutinizer |
|
allInterfaces |
Report on interfaces for any device |
|
allLogalotReports |
All Logalot Reports |
|
allReportFolders |
Permission to all saved report folders |
|
allReports |
Saved reports created by any user |
|
allThirdparty |
All configured third-party links will be available |
|
almDelete |
Permission to permanently delete alarms |
|
ApplicationGroups |
Configure Application Groups |
|
asnames |
Configure AS Names |
|
auditing |
Access the Auditing report containing logs of Plixer Scrutinizer user actions |
|
auth |
Manage external authentication tokens |
|
Authentication |
Manage external authentication types |
|
authLdapServers |
Manage LDAP server configuration used for Plixer Scrutinizer authentication |
|
awsSettings |
AWS configuration |
|
changeUserPasswords |
The ability to change the passwords of other users without needing their credentials |
|
createDashTabs |
Create new Dashboards |
|
createUsers |
The ability to create new local Plixer Scrutinizer user accounts |
|
CrossCheck |
View and edit CrossCheck configuration, which determines device up/down status |
|
crossCheckView |
Access to the CrossCheck methods table view in Status > Views |
|
dashboardAdmin |
Manage all dashboards created by any user |
|
DataHistory |
Configure settings that control how long Plixer Scrutinizer stores data of different granularities |
|
deleteReport |
Ability to delete saved reports regardless of owner |
|
deleteUsers |
The ability to delete local Plixer Scrutinizer user accounts |
|
DeviceDetails |
Edit device interface details |
|
EmailNotifications |
Configure the mailserver Plixer Scrutinizer will use to send reports and emails |
|
faExclusions |
Configure Flow Analytics exclusions |
|
fa_mgmt_link |
Configure Flow Analytics thresholds and settings |
|
feedbackForm |
Access the link to send feedback to Plixer |
|
FlowAnalyticsSettings |
Global Flow Analytics settings |
|
helpTab |
Access the Help tab |
|
HostNames |
Edit Host Name information |
|
IPGroups |
Configure Plixer Scrutinizer IP Groups |
|
language |
Create and edit language localization settings |
|
licensing |
Configure Plixer Scrutinizer product licensing and features |
|
LogalotPrefs |
Configure global alarms settings |
|
MACAddresses |
Configure device MAC Address information |
|
ManageCollectors |
Manage the devices collecting flow data for Plixer Scrutinizer |
|
ManageExporters |
Manage the devices exporting flow data to Plixer Scrutinizer |
|
mappingGroupConfiguration |
Create and edit Maps/Groups |
|
mappingObjectConfiguration |
Create and edit Mapping Objects |
|
mapsTab |
Access the Maps tab |
|
myViewTab |
Access the Dashboards tab |
|
NotificationManager |
Manage alarm notifications |
|
PolicyManager |
Manage alarm policies |
|
protocolExclusions |
Edit which protocols are discarded from flow reports |
|
proxySettings |
Configure proxy server settings in Plixer Scrutinizer |
|
radiusConf |
Manage RADIUS server configuration used for Plixer Scrutinizer authentication |
|
ReportDesigner |
Design new custom report types |
|
reportFilters |
Permission to update the filters used in Status Tab reports |
|
reportFolders |
Manage saved report folders |
|
reportSettings |
Reporting engine configuration options |
|
runReport |
Ability to run flow reports |
|
saveReport |
Ability to name and save flow reports |
|
scheduledReports |
Create, edit, and delete scheduled email reports |
|
sf_asa_acls |
Configure ASA ACL descriptions |
|
SNMPCredentials |
Manage SNMP credentials used to poll device information |
|
srCreate |
Schedule a saved report to be emailed on a regular basis |
|
sso |
Add, Delete, and Edit Identity Provider configuration for Plixer Scrutinizer’s Single Sign-On Integration |
|
statusTab |
Access the Status Tab |
|
syslogNotifications |
Syslog server configuration |
|
SystemPreferences |
Administrative access to global Plixer Scrutinizer preferences |
|
tacacsConf |
Manage TACACS+ server configuration used for Plixer Scrutinizer authentication |
|
tos |
Edit TOS Configuration |
|
userAccounts |
Access to the Users view on the Admin Tab, listing ALL users instead of only the current one |
|
usergroups |
Manage Scrutinizer usergroups |
|
viewUserIdentity |
View identity and access information relevant to GDPR restrictions |
|
viptelaSettings |
Viptela Settings |
|
Vitals |
View the Plixer Scrutinizer server vitals reports |
|
wkp |
Edit WKP Configuration |
|
JSON object returned:
{
"data": {
"errors": [],
"updated": [
"Added gadget permission lLabelCPU to usergroup 26 ",
"Removed plixer permission allGadgets from usergroup 27 "
]
}
}
Field |
Description |
data |
An array of responses for each permission change updated or attempted |
updated |
Messages for any sucessful changes to permissions |
errors |
An array of errors explaining why the permission change failed |
Example API call
curl --location --insecure --request POST '{{scrutinizer}}/fcgi/scrut_fcgi.fcgi' \
--form 'authToken={{authToken}}' \
--form 'rm=user_api' \
--form 'action=permissions' \
--form 'json=
{
"permissions": {
"add": [
{
"usergroup_id": 23,
"permission_type": "plixer",
"seccode": "statusTab"
}
],
"remove": []
}
}'