Download PDF
Download page RBAC API.
RBAC API
This page describes the Role-Based Access Control (RBAC) API methods you can use to manage users, groups, and roles for AppDynamics features. These operations provide more flexibility and automation with RBAC management. Relationship settings such as addUserToGroup
and removeUserToGroup
are supported.
Support
- You must be the account owner or have administer user permissions to use the RBAC API.
- SAML and LDAP user creations are not supported. You can only create permissions through the UI. See Manage Controller Tenant Users and Groups.
Create User
Use this to create users in the current account. The request payload should specify name
, security_provider_type
, displayName
, and password
. The user ID is generated by the server.
Format
POST /controller/api/rbac/v1/users
Input Parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
name | Request payload | Yes | |
| Request payload | "INTERNAL" | Yes |
| Request payload | Yes | |
| Request payload | Yes |
Example
curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X POST -d '{"name": "user10", "security_provider_type": "INTERNAL", "displayName": "user10", "password": "welcome"}' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users Response status code 200 : { "id": 10, "name": "user10", "displayName": "user10", "security_provider_type": "INTERNAL" }
Get User by ID
Use this to get full user information, including a summary of affiliated groups and roles, using the userId
in the current account.
Format
GET /controller/api/rbac/v1/users/userId
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users/4 Response status code 200 : { "id": 4, "name": "user1", "email": "user1@customer1.com", "displayName": "user1", "security_provider_type": "INTERNAL", "roles": [ {"id": 17,"name": "Workflow Executor"}, {"id": 18,"name": "DB Monitoring Administrator"}, {"id": 19,"name": "DB Monitoring User"}, {"id": 20,"name": "Analytics Administrator"}, {"id": 21,"name": "Server Monitoring Administrator"}, {"id": 22,"name": "Server Monitoring User"}, {"id": 23,"name": "Universal Agent Administrator"}, {"id": 24,"name": "Universal Agent User"}, {"id": 13,"name": "Account Administrator"}, {"id": 14,"name": "Administrator"}, {"id": 15,"name": "User"}, {"id": 16,"name": "Dashboard Viewer"} ], "groups": [ {"id": 1,"name": "group_01"} ] }
Get User by Name
Use this to get full user information, including a summary of affiliated groups and roles, using the userName
in the current account.
Format
GET /controller/api/rbac/v1/users/name/name
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users/name/user1 Response status code 200 : { "id": 4, "name": "user1", "email": "user1@customer1.com", "displayName": "user1", "security_provider_type": "INTERNAL", "roles": [ {"id": 17,"name": "Workflow Executor"}, {"id": 18,"name": "DB Monitoring Administrator"}, {"id": 19,"name": "DB Monitoring User"}, {"id": 20,"name": "Analytics Administrator"}, {"id": 21,"name": "Server Monitoring Administrator"}, {"id": 22,"name": "Server Monitoring User"}, {"id": 23,"name": "Universal Agent Administrator"}, {"id": 24,"name": "Universal Agent User"}, {"id": 13,"name": "Account Administrator"}, {"id": 14,"name": "Administrator"}, {"id": 15,"name": "User"}, {"id": 16,"name": "Dashboard Viewer"} ], "groups": [ {"id": 1,"name": "group_01"} ]
- This API only supports retrieving internal users and not SAML or LDAP.
- You have to include an optional parameter (securityProviderType) to find SAML/LDAP users.
Get All Users
Use this to get a list of all users in the current account. The list includes user summaries, which includes userId
and userName
.
Format
GET /controller/api/rbac/v1/users
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users Response status code 200 : { "users": [ {"id": 4,"name": "user1"}, {"id": 10,"name": "user10"} ] }
Update User
Use this to update a user by userId
in the current account. Only the user object itself is updated, with the relationship to roles and groups remaining unaffected.
Format
PUT /controller/api/rbac/v1/users/userId
Input Parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
id | Request payload | Yes | |
name | Request payload | Yes | |
| Request payload | Yes | |
| Request payload | "INTERNAL" | Yes |
Example
curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -d '{"id": 11,"name": "updated_user9","displayName": "user9","security_provider_type": "INTERNAL"}' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users/11 Response status code 200 : { "id": 11, "name": "updated_user9", "displayName": "user9", "security_provider_type": "INTERNAL" }
Delete User
Use this to delete a user by userId
in the current account.
Format
DELETE /controller/api/rbac/v1/users/userId
Example
curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users/11 Response status code 200 :
Create Group
Use this to create a group in the current account. The groupId
is generated by the server.
Format
POST /controller/api/rbac/v1/groups
Input Parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
name | Request payload | Yes | |
description | Request payload | No | |
| Request payload | "INTERNAL" | Yes |
Example
curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X POST -d '{"name": "group100","description": "new description", "security_provider_type": "INTERNAL"}' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups Response status code 200 : { "id": 2, "name": "group100", "security_provider_type": "INTERNAL", "description": "new description" }
Get Group by ID
Use this to get full group information by groupId
in the current account.
Format
GET /controller/api/rbac/v1/groups/groupId
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/1 Response status code 200 : { "id": 1, "name": "group_03", "security_provider_type": "INTERNAL" "description": "", "roles": [ {"id": 19,"name": "DB Monitoring User"}, {"id": 20,"name": "Analytics Administrator"}, {"id": 21,"name": "Server Monitoring Administrator"}, {"id": 22,"name": "Server Monitoring User"}, {"id": 23,"name": "Universal Agent Administrator"}, {"id": 13,"name": "Account Administrator"}, {"id": 16,"name": "Dashboard Viewer"} ] }
Get Group by Name
Use this to get full group information by groupName
in the current account.
Format
GET /controller/api/rbac/v1/groups/name/name
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/name/group_03 Response status code 200 : { "id": 1, "name": "group_03", "security_provider_type": "INTERNAL" "description": "", "roles": [ {"id": 19,"name": "DB Monitoring User"}, {"id": 20,"name": "Analytics Administrator"}, {"id": 21,"name": "Server Monitoring Administrator"}, {"id": 22,"name": "Server Monitoring User"}, {"id": 23,"name": "Universal Agent Administrator"}, {"id": 13,"name": "Account Administrator"}, {"id": 16,"name": "Dashboard Viewer"} ] }
Get All Groups
Use this to get all groups in the current account. This only returns group summaries, which includes groupId
and groupName
.
Format
GET /controller/api/rbac/v1/groups
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups Response status code 200 : { "groups": [ {"id": 1,"name": "group_03"}, {"id": 2,"name": "group100"} ] }
Update Group
Use this to update a group by groupId
in the current account. Only the group itself is updated, while the relationships with users and roles remain unaffected.
Format
PUT /controller/api/rbac/v1/groups/groupId
Input Parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
id | Request payload | Yes | |
name | Request payload | Yes | |
description | Request payload | No | |
| Request payload | "INTERNAL" | Yes |
Example
curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -d '{"id": 1, "name": "group2","description": "new description", "security_provider_type": "INTERNAL"}' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/1 Response status code 200 : { "id": 1, "name": "group2", "security_provider_type": "INTERNAL", "description": "new description", "roles": [ {"id": 19,"name": "DB Monitoring User"}, {"id": 20,"name": "Analytics Administrator"}, {"id": 21,"name": "Server Monitoring Administrator"}, {"id": 22,"name": "Server Monitoring User"}, {"id": 23,"name": "Universal Agent Administrator"}, {"id": 13,"name": "Account Administrator"}, {"id": 16,"name": "Dashboard Viewer"} ] }
Delete Group
Use this to delete a group by groupId
in the current account.
Format
DELETE /controller/api/rbac/v1/groups/groupId
Example
curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/1 Response status code 200 :
Add User to Group
Use this to add a user to a group by userId
and groupId
.
Format
PUT /controller/api/rbac/v1/groups/groupId/users/userId
Example
curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/2/users/10 Response status code 200 :
Remove User from Group
Use this to remove a user from a group by userId
and groupId
.
Format
DELETE /controller/api/rbac/v1/groups/groupId/users/userId
Example
curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/2/users/10 Response status code 200 :
Create Role
Use this to create a role in the current account. The ID is generated by the server.
Format
POST /controller/api/rbac/v1/roles
Input Parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
name | Request payload | Yes | |
| Request payload | No | |
permissions | Request payload | No |
Example
curl -X POST /controller/api/rbac/v1/roles \ -H 'Content-Type: application/vnd.appd.cntrl+json;v=1' \ -d '{ "name": "SampleRole2", "permissions": [ { "entityType": "APPLICATION", "action": "CONFIG_ACTIONS" }, { "entityType": "APPLICATION", "action": "CONFIG_BASELINES" }, { "entityType": "APPLICATION", "action": "CONFIG_BUSINESS_TRANSACTIONS" }, { "entityType": "APPLICATION", "action": "CONFIG_ERROR_DETECTION" }, { "entityType": "APPLICATION", "action": "CONFIG_EUM" }, { "entityType": "APPLICATION", "action": "CONFIG_EVENT_REACTOR" }, { "entityType": "APPLICATION", "action": "CONFIG_POLICIES" }, { "entityType": "APPLICATION", "action": "CONFIG_TRANSACTION_DETECTION" }, { "entityType": "APPLICATION", "action": "VIEW" } ] }’
Role Permissions for Entity Actions
Entity Type | Action | Permissions |
---|---|---|
| ADMINISTER_RBAC | Administer users, groups, roles, authentication, view agents, and use the Getting Started Wizard. See Account Administration for administering users, groups, roles, and configuring authentication. |
| CONFIG_LDAP | Configure LDAP. |
| CONFIG_SAML | Configure SAML. |
| ADMINISTER_LICENSE | View and configure licenses. |
| CONFIG_NOTIFICATIONS | Configure Email/SMS. |
| CONFIG_CUSTOM_EMAIL_ACTION_PLANS | Configure Email Templates. |
| CONFIG_HTTP_REQUEST_ACTION_PLANS | Configure HTTP Request Templates. |
| CREATE_WAR_ROOMS | Create Virtual War Rooms. |
| VIEW_BUSINESS_FLOW | View Business Flow Maps. |
| VIEW_SCHEDULED_REPORTS | View scheduled reports. |
| CONFIG_SCHEDULED_REPORTS | Configure scheduled reports. |
| VIEW | View business applications. |
| VIEW_DBMON_UI | View Database Visibility. |
| CONFIG_TRANSACTION_DETECTION | Configure Transaction Detection. |
| CONFIG_BACKEND_DETECTION | Configure Backend Detection. |
| CONFIG_ERROR_DETECTION | Configure Error Detection. |
| CONFIG_DIAGNOSTIC_DATA_COLLECTORS | Configure Diagnostic Data Collectors. |
| CONFIG_CALLGRAPH_SETTINGS | Configure Call Graph Settings. |
| CONFIG_JMX | Configure JMX. |
| CONFIG_EUM | Configure EUM. |
| CONFIG_INFO_POINTS | Configure Information Points. |
| CONFIG_POLICIES | Configure Health Rules. |
| CONFIG_EVENT_REACTOR | Configure Policies. |
| CONFIG_ACTIONS | Configure Actions. |
| CONFIG_BUSINESS_TRANSACTIONS | Configure Business Transactions. |
| CONFIG_BASELINES | Configure baselines. |
| CONFIG_SQL_BIND_VARIABLES | Configure SQL capture settings. |
| CONFIG_AGENT_PROPERTIES | Configure agent properties. |
| ENABLE_JMX_OPERATIONS | Set JMX MBean attributes and invoke operations. |
| CONFIG_SERVICE_ENDPOINTS | Configure service endpoints. |
| MANAGE_CUSTOM_DASHBOARD_TEMPLATES | Configure custom dashboards for tiers and nodes. |
| CONFIG_TRIGGER_DIAGNOSTIC_SESSION | Start diagnostic sessions. |
| VIEW_SIM | View Server Visibility. |
| CONFIG_SIM | Configure Server Visibility. |
200 OK { "id": 87, "name": "SampleRole2" }
Add Role to User
Use this to add a role to a user by roleId
and userId
.
Format
PUT /controller/api/rbac/v1/roles/roleId/users/userId
Example
curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/50/users/10 Response status code 200 :
Remove Role from User
Use this to remove a role from a user by roleId
and userId
.
Format
DELETE /controller/api/rbac/v1/roles/roleId/users/userId
Example
curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/50/users/10 Response status code 200 :
Add Role to Group
Use this to add a role to a group by roleId
and groupId
.
Format
PUT /controller/api/rbac/v1/roles/roleId/groups/groupId
Example
curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/50/groups/2 Response status code 200 :
Remove Role from Group
Use this to remove a role from a group by roleId
and groupId
.
Format
DELETE /controller/api/rbac/v1/roles/roleId/groups/groupId
Example
curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/50/groups/2 Response status code 200 :
Get Role by ID
Use this to get full role information by roleId
in the current account. This only returns the role
object.
This API does not return the Analytics Events permission.
Format
GET /controller/api/rbac/v1/roles/[roleId]?include-permissions=true
Input Parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
id | Request payload | Yes | |
| Request payload | "true" | No |
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/15?include-permissions=true Response status code 200 : { "id": 15, "name": "SampleRole", "permissions": [ { "id": 2619, "entityType": "APPLICATION", "action": "CONFIG_ACTIONS" }, { "id": 2621, "entityType": "APPLICATION", "action": "CONFIG_BASELINES" }, { "id": 2620, "entityType": "APPLICATION", "action": "CONFIG_BUSINESS_TRANSACTIONS" }, { "id": 2610, "entityType": "APPLICATION", "action": "CONFIG_ERROR_DETECTION" }, { "id": 2615, "entityType": "APPLICATION", "action": "CONFIG_EUM" }, { "id": 2618, "entityType": "APPLICATION", "action": "CONFIG_EVENT_REACTOR" }, { "id": 2617, "entityType": "APPLICATION", "action": "CONFIG_POLICIES" }, { "id": 2608, "entityType": "APPLICATION", "action": "CONFIG_TRANSACTION_DETECTION" }, { "id": 2606, "entityType": "APPLICATION", "action": "VIEW" } ] }
Get Role by Name
Use this to get full role information by roleName
in the current account.
This API does not return the Analytics Events permission.
Format
GET /controller/api/rbac/v1/roles/name/[RoleName]?include-permissions=true
Input Parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
name | Request payload | Yes | |
| Request payload | "true" | No |
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/name/SampleRole?include-permissions=true Response status code 200 : { "id": 15, "name": "SampleRole", "permissions": [ { "id": 2619, "entityType": "APPLICATION", "action": "CONFIG_ACTIONS" }, { "id": 2621, "entityType": "APPLICATION", "action": "CONFIG_BASELINES" }, { "id": 2620, "entityType": "APPLICATION", "action": "CONFIG_BUSINESS_TRANSACTIONS" }, { "id": 2610, "entityType": "APPLICATION", "action": "CONFIG_ERROR_DETECTION" }, { "id": 2615, "entityType": "APPLICATION", "action": "CONFIG_EUM" }, { "id": 2618, "entityType": "APPLICATION", "action": "CONFIG_EVENT_REACTOR" }, { "id": 2617, "entityType": "APPLICATION", "action": "CONFIG_POLICIES" }, { "id": 2608, "entityType": "APPLICATION", "action": "CONFIG_TRANSACTION_DETECTION" }, { "id": 2606, "entityType": "APPLICATION", "action": "VIEW" } ] }
Get All Roles
Use this to get all roles in the current account. This only returns role summaries, which includes roleId
and roleName
.
Format
GET /controller/api/rbac/v1/roles
Example
curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles Response status code 200 : { "roles": [ {"id": 13,"name": "Account Administrator"}, {"id": 14,"name": "Administrator"}, {"id": 20,"name": "Analytics Administrator"}, {"id": 16,"name": "Dashboard Viewer"}, {"id": 18,"name": "DB Monitoring Administrator"}, {"id": 19,"name": "DB Monitoring User"}, {"id": 21,"name": "Server Monitoring Administrator"}, {"id": 22,"name": "Server Monitoring User"}, {"id": 23,"name": "Universal Agent Administrator"}, {"id": 24,"name": "Universal Agent User"}, {"id": 15,"name": "User"}, {"id": 17,"name": "Workflow Executor"} ] }
Update Role
Use this to update a role by roleId
in the current account. This only updates the role
object itself, while leaving the relationship with users and groups unaffected.
You cannot update permissions within a role through this API. You can only update the name
and description
parameters.
Format
PUT /controller/api/rbac/v1/roles/roleId
Input Parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
id | Request payload | Yes | |
name | Request payload | Yes | |
description | Request payload | No |
Example
curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -d '{"id": 49, "name": "role1","description": "new description" }' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/49 Response status code 200 : { "id": 49, "name": "role1", "description": "new description" }
Delete Role
Use this to delete a role in the current account.
Format
DELETE /controller/api/rbac/v1/roles/roleId
Example
curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/49 Response status code 200 :