User account management¶
The following fields are required for all user account management API requests:
authToken- Authentication token generated by Plixer Scrutinizer to allow API accessrm-user_api(runmode corresponding to the function set being accessed)action- One or more of the following actions to be initiated by the request:createUser - Creates one or more new Plixer Scrutinizer user accounts with the option to assign each to user groups
delUsers - Deletes one or more user accounts
createUsergroup - Creates one or more user groups with the option to add users to each group
delUsergroups - Deletes one or more user groups
membership - Adds and/or removes users to or from specified user groups
prefs - Edits preferences for a single user
permissions - Edits permissions for one or more user groups
changeUsername - Renames an existing user account
Request examples¶
Below are additional details and request examples for actions that can be included in an user account management API call.
createUser¶
Creating user accounts using the createUser action requires an additional json field containing an array (users) of the following:
name- Username for the accountpass- Password for the accountmembership- Array of one or more user group IDs to assign the user account to
API request example¶
curl --location --insecure --request POST 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'rm=user_api' \
--form 'action=createUser' \
--form 'json=
{
"users": [
{
"name": "NewAdmin",
"pass": "NewAdminPassword",
"membership": [1]
},
{
"name": "NewGuest",
"pass": "NewGuestPassword",
"membership": [2]
}
]
}'
Note
User group IDs are stored in the plixer.usergroups table. By default, 1 is the administrators group and 2 is the guest users group.
Returned JSON object¶
{
"data": [
{
"id": 3,
"name": "NewAdmin"
},
{
"id": 4,
"name": "NewGuest"
}
]
}
delUser¶
Deleting user accounts using the delUser action requires an additional json field containing an array (delUsers) of the usernames and/or user IDs of the accounts to be deleted:
API request example¶
curl --location --insecure --request POST 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--header 'Content-Type: application/json' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'rm=user_api' \
--form 'action=delUser' \
--form 'json=
{
"delUsers": [
11,
"NewGuest",
207
]
}'
Returned JSON object¶
{
"data": [
"Deleting user id 11 (1 matched)",
"Deleting user named 'NewGuest' (1 matched)",
"Deleting user id 207 (0 matched)"
]
}
createUsergroup¶
Creating user groups using the createUsergroup action requires an additional json field containing an array (usergroups) of the following:
name- User group nametemplate_usergroup- Existing user group ID of the existing group to use as the template for the new user groupusers- Array of usernames or user IDs to be added to the group (if an empty array is passed, an empty user group will be created)
API request example¶
curl --location --insecure --request POST 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'rm=user_api' \
--form 'action=createUsergroup' \
--form 'json=
{
"usergroups": [
{
"name": "My Group",
"template_usergroup": 1,
"users": [1,"AnotherUser"]
},
}
"name": "Other Group",
"template_usergroup": 2,
"users": ["MyUser",2]
}
]
}'
Returned JSON object¶
{
"data": [
{
"id": 5,
"name": "My Group",
"members": [1,"AnotherUser"]
},
{
"name": "Other Group",
"error": "A usergroup already exists with that name"
}
]
}
delUsergroups¶
Deleting user groups using the delUsergroups action requires an additional json field containing an array (delUsergroups) of the names and/or IDs of the user groups to be deleted.
API request example¶
curl --location --insecure --request POST 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--header 'Content-Type: application/json' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'rm=user_api' \
--form 'action=delUsergroups' \
--form 'json=
{
"delUsergroups": [
3,
"My User Group"
]
}
Returned JSON object¶
{
"data":[
"Deleting usergroup id 3 (1 matched)",
"Deleting usergroup named 'My User Group' (0 matched)",
]
}
membership¶
Editing user group membership using the membership action requires an additional json field containing add and/or remove arrays to specify the usernames/user IDs and user groups to add/remove them to/from.
API request example¶
curl --location --insecure --request POST 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'rm=user_api' \
--form 'action=membership' \
--form 'json=
{
"membership":
{
"add": [
{
"user_id": 13,
"usergroup_id": 5
},
{
"user_name": "NewUser",
"usergroup_name": "Other Group"
}
],
"remove": [
{
"user_name": "USER3",
"usergroup_id": 4
}
]
}
}'
Returned JSON object¶
{
"data":
"added": [
"User 13 added to usergroup 5",
"User 14 added to usergroup 3"
],
"removed": [
"User 15 removed from usergroup 4"
]
}
prefs¶
The prefs action modifies one or more user preferences for a single user account and requires an additional json field containing an array (prefs) of all preference changes.
API request example¶
curl --location --insecure --request POST 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'rm=user_api' \
--form 'action=prefs' \
--form 'json=
{
"user_id": 11,
"prefs": [
{
"pref": "statsTopn",
"setting": 10
},
{
"pref": "language",
"setting": "english"
}
]
}
Returned JSON object¶
{
"data": {
"updated": [
"statusTopn updated to 10 for user_id 11",
"language updated to english for user_id 11"
],
"errors": []
}
}
permissions¶
The permissions action updates permissions for one or more user groups and requires an additional json field containing all user groups names/IDs and permission changes as add and remove arrays.
The following table lists all available permission_type and seccode (for use with the “plixer” permission_type) options in the request:
permission_type |
device |
IP address of a device in hex (e.g. ‘0A010107’) |
interface |
IP address of a device in hex and the interface index separated by a hyphen(e.g. ‘0A010107-1’) |
|
group |
Group ID of a mapping/device group from |
|
report |
|
|
gadget |
|
|
thirdparty |
ID of a third-party link from |
|
plixer |
Permission code corresponding to different functions/sections within Plixer Scrutinizer (see below) |
|
seccode |
3rdPartyIntegration |
Create, edit, and delete third-party integration links |
ackBBEvent |
Acknowledge alarms |
|
adminTab |
Access the Admin tab/section |
|
alarmSettings |
Configure alarm notifications |
|
alarmsTab |
Access the Alarm Monitor tab/section |
|
allDevices |
Access the status of all devices and their interfaces |
|
allGadgets |
Access all gadgets created by any user |
|
allGroups |
Access all mapping/device groups |
|
allInterfaces |
Report on interfaces for any device |
|
allLogalotReports |
All Logalot reports |
|
allReportFolders |
Access all saved report folders |
|
allReports |
Access all saved reports created by any user |
|
allThirdparty |
Access all configured third-party links |
|
almDelete |
Permanently delete alarms |
|
ApplicationGroups |
Configure application groups |
|
asnames |
Configure AS names |
|
auditing |
Access auditing reports containing logs of Plixer Scrutinizer user actions |
|
auth |
Manage external authentication tokens |
|
Authentication |
Manage external authentication types |
|
authLdapServers |
Manage LDAP server configuration for Plixer Scrutinizer authentication |
|
awsSettings |
AWS configuration |
|
changeUserPasswords |
Change passwords for other users without needing their credentials |
|
createDashTabs |
Create new dashboards |
|
createUsers |
Create new local Plixer Scrutinizer user accounts |
|
dashboardAdmin |
Manage all dashboards created by any user |
|
DataHistory |
Configure data history/retention settings |
|
deleteReport |
Delete saved reports regardless of owner |
|
deleteUsers |
Delete local Plixer Scrutinizer user accounts |
|
DeviceDetails |
Edit device interface details |
|
EmailNotifications |
Configure the mailserver for Plixer Scrutinizer reports and emails |
|
faExclusions |
Configure flow analytics exclusions |
|
fa_mgmt_link |
Configure flow analytics thresholds and settings |
|
feedbackForm |
Access the link to send feedback to Plixer |
|
FlowAnalyticsSettings |
Access global flow analytics settings |
|
helpTab |
Access the Help tab/section |
|
HostNames |
Edit hostname information |
|
IPGroups |
Configure Plixer Scrutinizer IP groups |
|
language |
Create and edit language localization settings |
|
licensing |
Configure Plixer Scrutinizer product licensing and features |
|
LogalotPrefs |
Configure global alarm settings |
|
MACAddresses |
Configure device MAC address information |
|
ManageCollectors |
Manage devices collecting flow data for Plixer Scrutinizer |
|
ManageExporters |
Manage devices exporting flow data to Plixer Scrutinizer |
|
mappingGroupConfiguration |
Create and edit mapping/device groups |
|
mappingObjectConfiguration |
Create and edit mapping objects |
|
mapsTab |
Access the Network Maps page |
|
myViewTab |
Access the Dashboards page |
|
NotificationManager |
Manage alarm notifications |
|
PolicyManager |
Manage alarm policies |
|
protocolExclusions |
Edit protocol exclusions for flow reports |
|
proxySettings |
Configure proxy server settings in Plixer Scrutinizer |
|
radiusConf |
Manage RADIUS server configuration for Plixer Scrutinizer authentication |
|
ReportDesigner |
Design new custom report types |
|
reportFilters |
Update the filters used in reports |
|
reportFolders |
Manage saved report folders |
|
reportSettings |
Reporting engine configuration options |
|
runReport |
Run flow reports |
|
saveReport |
Name and save flow reports |
|
scheduledReports |
Create, edit, and delete scheduled email reports |
|
sf_asa_acls |
Configure ASA ACL descriptions |
|
SNMPCredentials |
Manage SNMP credentials for polling device information |
|
srCreate |
Schedule saved reports to be emailed on a regular basis |
|
sso |
Add, delete, and edit Identity Provider configurations for Single Sign-On integration |
|
statusTab |
Access the Status tab |
|
syslogNotifications |
Syslog server configuration |
|
SystemPreferences |
Administrative access to global Plixer Scrutinizer preferences |
|
tacacsConf |
Manage TACACS+ server configuration for Plixer Scrutinizer authentication |
|
tos |
Edit TOS configuration |
|
userAccounts |
Admin access to the user management page |
|
usergroups |
Manage Scrutinizer user groups |
|
viewUserIdentity |
View identity and access information relevant to GDPR restrictions |
|
viptelaSettings |
Configure Viptela settings |
|
Vitals |
View Plixer Scrutinizer server vitals reports |
|
wkp |
Edit WKP configuration |
API request example¶
curl --location --insecure --request POST 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'rm=user_api' \
--form 'action=permissions' \
--form 'json=
{
"permissions":
{
"add": [
{
"usergroup_name": "Dashboarders",
"permission_type": "device",
"seccode": "0A010107"
}
],
"remove": [
{
"usergroup_name": "ReadOnlyReporters",
"permission_type": "plixer",
"seccode": "allGadgets"
}
]
}
}'
Returned JSON object¶
{
"data":
{
"errors": []
"updated": [
"Added device permission 0A010107 to usergroup 26",
"Removed plixer permission allGadgets from usergroup 27"
]
}
}
changeUsername¶
The changeUsername action is used to edit the name of an existing user account and requires an additional json field specifying the account (by oldname or user_id) and the new name.
API request example¶
curl --location --insecure --request POST 'https://<SCRUTINIZER_ADDRESS>/fcgi/scrut_fcgi.fcgi' \
--form 'authToken=<AUTH_TOKEN>' \
--form 'rm=user_api' \
--form 'action=changeUsername' \
--form 'json=
{
"changeUsername":
{
"oldname": "MyUser",
"newname": "OpSCT"
}
}'
Returned JSON object¶
{
"data":
{
"message": "User MyUser successfully renamed to OpSCT"
}
}