This page describes the Role-Based Access Control (RBAC) API methods you can use to manage users, groups, and roles for AppDynamics features. These operations provide more flexibility and automation with RBAC management. Relationship settings such as addUserToGroup and removeUserToGroup are supported.

Support

  • You must be the account owner or have administer user permissions to use the RBAC API.
  • SAML and LDAP user creations are not supported. You can only create permissions through the UI. See Manage Controller Tenant Users and Groups.

Create User

Use this to create users in the current account. The request payload should specify name, security_provider_typedisplayName, and password. The user ID is generated by the server.

Format

POST /controller/api/rbac/v1/users

Input Parameters

Parameter NameParameter TypeValueMandatory
nameRequest payload
Yes

security_provider_type

Request payload"INTERNAL"Yes

displayName

Request payload
Yes

password

Request payload
Yes

Example

curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X POST -d '{"name": "user10", "security_provider_type": "INTERNAL", "displayName": "user10", "password": "welcome"}' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users 

Response status code 200 :
{
  "id": 10,
  "name": "user10",
  "displayName": "user10",
  "security_provider_type": "INTERNAL"
}

Get User by ID

Use this to get full user information, including a summary of affiliated groups and roles, using the userId in the current account.

Format

GET /controller/api/rbac/v1/users/userId

Example

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users/4 

Response status code 200 :
{
   "id": 4,
   "name": "user1", 
   "email": "user1@customer1.com", 
   "displayName": "user1", 
   "security_provider_type": "INTERNAL", 
   "roles": 
      [
        {"id": 17,"name": "Workflow Executor"}, 
        {"id": 18,"name": "DB Monitoring Administrator"}, 
        {"id": 19,"name": "DB Monitoring User"}, 
        {"id": 20,"name": "Analytics Administrator"}, 
        {"id": 21,"name": "Server Monitoring Administrator"}, 
        {"id": 22,"name": "Server Monitoring User"}, 
        {"id": 23,"name": "Universal Agent Administrator"}, 
        {"id": 24,"name": "Universal Agent User"}, 
        {"id": 13,"name": "Account Administrator"}, 
        {"id": 14,"name": "Administrator"},
        {"id": 15,"name": "User"}, 
        {"id": 16,"name": "Dashboard Viewer"} 
      ], 
   "groups": 
      [
        {"id": 1,"name": "group_01"} 
      ] 
}


Get User by Name

Use this to get full user information, including a summary of affiliated groups and roles, using the userName in the current account.

Format

GET /controller/api/rbac/v1/users/name/name

Example

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users/name/user1

Response status code 200 :
{
   "id": 4,
   "name": "user1", 
   "email": "user1@customer1.com", 
   "displayName": "user1", 
   "security_provider_type": "INTERNAL", 
   "roles": 
      [
        {"id": 17,"name": "Workflow Executor"}, 
        {"id": 18,"name": "DB Monitoring Administrator"}, 
        {"id": 19,"name": "DB Monitoring User"}, 
        {"id": 20,"name": "Analytics Administrator"}, 
        {"id": 21,"name": "Server Monitoring Administrator"}, 
        {"id": 22,"name": "Server Monitoring User"}, 
        {"id": 23,"name": "Universal Agent Administrator"}, 
        {"id": 24,"name": "Universal Agent User"}, 
        {"id": 13,"name": "Account Administrator"}, 
        {"id": 14,"name": "Administrator"},
        {"id": 15,"name": "User"}, 
        {"id": 16,"name": "Dashboard Viewer"} 
      ], 
   "groups": 
      [
        {"id": 1,"name": "group_01"} 
      ]
  • This API only supports retrieving internal users and not SAML or LDAP.
  • You have to include an optional parameter (securityProviderType) to find SAML/LDAP users.  

Get All Users

Use this to get a list of all users in the current account. The list includes user summaries, which includes userId and userName.

Format

GET /controller/api/rbac/v1/users

Example

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users

Response status code 200 :
{
   "users": 
      [
         {"id": 4,"name": "user1"},
         {"id": 10,"name": "user10"}
      ]
}

Update User

Use this to update a user by userId in the current account. Only the user object itself is updated, with the relationship to roles and groups remaining unaffected.

Format

PUT /controller/api/rbac/v1/users/userId

Input Parameters

Parameter NameParameter TypeValueMandatory
idRequest payload
Yes
nameRequest payload
Yes

displayName

Request payload
Yes

security_provider_type

Request payload"INTERNAL"Yes

Example

curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -d '{"id": 11,"name": "updated_user9","displayName": "user9","security_provider_type": "INTERNAL"}' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users/11 

Response status code 200 :
{  
   "id": 11, 
   "name": "updated_user9", 
   "displayName": "user9", 
   "security_provider_type": "INTERNAL" 
}

Delete User

Use this to delete a user by userId in the current account.

Format

DELETE /controller/api/rbac/v1/users/userId

Example

curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/users/11

Response status code 200 :

Create Group

Use this to create a group in the current account. The groupId is generated by the server.

Format

POST /controller/api/rbac/v1/groups 

Input Parameters

Parameter NameParameter TypeValueMandatory
nameRequest payload
Yes
descriptionRequest payload
No

security_provider_type

Request payload"INTERNAL"Yes 

Example

curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X POST -d '{"name": "group100","description": "new description", "security_provider_type": "INTERNAL"}' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups

Response status code 200 :
{
   "id": 2,
   "name": "group100",
   "security_provider_type": "INTERNAL",
   "description": "new description"
}

Get Group by ID

Use this to get full group information by groupId in the current account.

Format

GET /controller/api/rbac/v1/groups/groupId

Example

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/1

Response status code 200 :
{
   "id": 1,
   "name": "group_03",
   "security_provider_type": "INTERNAL"
   "description": "",
   "roles": 
      [
         {"id": 19,"name": "DB Monitoring User"},
         {"id": 20,"name": "Analytics Administrator"},
         {"id": 21,"name": "Server Monitoring Administrator"},
         {"id": 22,"name": "Server Monitoring User"},
         {"id": 23,"name": "Universal Agent Administrator"},
         {"id": 13,"name": "Account Administrator"},
         {"id": 16,"name": "Dashboard Viewer"}
      ]
}

Get Group by Name

Use this to get full group information by groupName in the current account.

Format

GET /controller/api/rbac/v1/groups/name/name

Example

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/name/group_03

Response status code 200 :
{
   "id": 1,
   "name": "group_03",
   "security_provider_type": "INTERNAL"
   "description": "",
   "roles": 
      [
         {"id": 19,"name": "DB Monitoring User"},
         {"id": 20,"name": "Analytics Administrator"},
         {"id": 21,"name": "Server Monitoring Administrator"},
         {"id": 22,"name": "Server Monitoring User"},
         {"id": 23,"name": "Universal Agent Administrator"},
         {"id": 13,"name": "Account Administrator"},
         {"id": 16,"name": "Dashboard Viewer"}
      ]
}

Get All Groups

Use this to get all groups in the current account. This only returns group summaries, which includes groupId and groupName.

Format

GET /controller/api/rbac/v1/groups

Example 

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups

Response status code 200 :
{
   "groups": 
      [
         {"id": 1,"name": "group_03"},
         {"id": 2,"name": "group100"}
      ]
}

Update Group

Use this to update a group by groupId in the current account. Only the group itself is updated, while the relationships with users and roles remain unaffected.

Format

PUT /controller/api/rbac/v1/groups/groupId

Input Parameters

Parameter NameParameter TypeValueMandatory
idRequest payload
Yes
nameRequest payload
Yes
descriptionRequest payload
No

security_provider_type

Request payload"INTERNAL"Yes

Example

curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -d '{"id": 1, "name": "group2","description": "new description", "security_provider_type": "INTERNAL"}' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/1

Response status code 200 :
{
   "id": 1,
   "name": "group2",
   "security_provider_type": "INTERNAL",
   "description": "new description",
   "roles": 
      [
         {"id": 19,"name": "DB Monitoring User"},
         {"id": 20,"name": "Analytics Administrator"},
         {"id": 21,"name": "Server Monitoring Administrator"},
         {"id": 22,"name": "Server Monitoring User"},
         {"id": 23,"name": "Universal Agent Administrator"},
         {"id": 13,"name": "Account Administrator"},
         {"id": 16,"name": "Dashboard Viewer"}
      ]
}

Delete Group 

Use this to delete a group by groupId in the current account.

Format

DELETE /controller/api/rbac/v1/groups/groupId

Example

curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/1


Response status code 200 :

Add User to Group

Use this to add a user to a group by userId and groupId.

Format

PUT /controller/api/rbac/v1/groups/groupId/users/userId

Example

curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/2/users/10


Response status code 200 :

Remove User from Group

Use this to remove a user from a group by userId and groupId.

Format

DELETE /controller/api/rbac/v1/groups/groupId/users/userId 

Example

curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/groups/2/users/10
 
 
Response status code 200 :

Create Role

Use this to create a role in the current account. The ID is generated by the server.

Format

POST /controller/api/rbac/v1/roles

Input Parameters

Parameter NameParameter TypeValueMandatory
nameRequest payload
Yes
description
Request payload
No
permissionsRequest payload
No

Example

curl -X POST /controller/api/rbac/v1/roles \
-H 'Content-Type: application/vnd.appd.cntrl+json;v=1' \
-d '{
 "name": "SampleRole2",
  "permissions": [
   {
     "entityType": "APPLICATION",
     "action": "CONFIG_ACTIONS"
   },
   {
     "entityType": "APPLICATION",
     "action": "CONFIG_BASELINES"
   },
   {
     "entityType": "APPLICATION",
     "action": "CONFIG_BUSINESS_TRANSACTIONS"
   },
   {
     "entityType": "APPLICATION",
     "action": "CONFIG_ERROR_DETECTION"
   },
   {
     "entityType": "APPLICATION",
     "action": "CONFIG_EUM"
   },
   {
     "entityType": "APPLICATION",
     "action": "CONFIG_EVENT_REACTOR"
   },
   {
     "entityType": "APPLICATION",
     "action": "CONFIG_POLICIES"
   },
   {
     "entityType": "APPLICATION",
     "action": "CONFIG_TRANSACTION_DETECTION"
   },
   {
     "entityType": "APPLICATION",
     "action": "VIEW"
   }
 ]
}’

Role Permissions for Entity Actions

Entity Type

ActionPermissions

ACCOUNT

ADMINISTER_RBAC

Administer users, groups, roles, authentication, view agents, and use the Getting Started Wizard.

See Account Administration for administering users, groups, roles, and configuring authentication.

ACCOUNT

CONFIG_LDAPConfigure LDAP.

ACCOUNT

CONFIG_SAMLConfigure SAML.

ACCOUNT

ADMINISTER_LICENSEView and configure licenses.

ACCOUNT

CONFIG_NOTIFICATIONSConfigure Email/SMS.

ACCOUNT

CONFIG_CUSTOM_EMAIL_ACTION_PLANSConfigure Email Templates.

ACCOUNT

CONFIG_HTTP_REQUEST_ACTION_PLANSConfigure HTTP Request Templates.

ACCOUNT

CREATE_WAR_ROOMSCreate Virtual War Rooms.

ACCOUNT

VIEW_BUSINESS_FLOWView Business Flow Maps.

ACCOUNT

VIEW_SCHEDULED_REPORTSView scheduled reports.

ACCOUNT

CONFIG_SCHEDULED_REPORTSConfigure scheduled reports.

APPLICATION

VIEWView business applications.

APPLICATION

VIEW_DBMON_UIView Database Visibility.

APPLICATION

CONFIG_TRANSACTION_DETECTIONConfigure Transaction Detection.

APPLICATION

CONFIG_BACKEND_DETECTIONConfigure Backend Detection.

APPLICATION

CONFIG_ERROR_DETECTIONConfigure Error Detection.

APPLICATION

CONFIG_DIAGNOSTIC_DATA_COLLECTORSConfigure Diagnostic Data Collectors.

APPLICATION

CONFIG_CALLGRAPH_SETTINGSConfigure Call Graph Settings.

APPLICATION

CONFIG_JMXConfigure JMX.

APPLICATION

CONFIG_EUMConfigure EUM.

APPLICATION

CONFIG_INFO_POINTSConfigure Information Points.

APPLICATION

CONFIG_POLICIESConfigure Health Rules.

APPLICATION

CONFIG_EVENT_REACTORConfigure Policies.

APPLICATION

CONFIG_ACTIONSConfigure Actions.

APPLICATION

CONFIG_BUSINESS_TRANSACTIONSConfigure Business Transactions.

APPLICATION

CONFIG_BASELINESConfigure baselines.

APPLICATION

CONFIG_SQL_BIND_VARIABLESConfigure SQL capture settings.

APPLICATION

CONFIG_AGENT_PROPERTIESConfigure agent properties.

APPLICATION

ENABLE_JMX_OPERATIONSSet JMX MBean attributes and invoke operations.

APPLICATION

CONFIG_SERVICE_ENDPOINTSConfigure service endpoints.

APPLICATION

MANAGE_CUSTOM_DASHBOARD_TEMPLATESConfigure custom dashboards for tiers and nodes.

APPLICATION

CONFIG_TRIGGER_DIAGNOSTIC_SESSIONStart diagnostic sessions.

APPLICATION

VIEW_SIMView Server Visibility.

APPLICATION

CONFIG_SIMConfigure Server Visibility.
200 OK
{
  "id": 87,
  "name": "SampleRole2"
}

Add Role to User

Use this to add a role to a user by roleId and userId.

Format

PUT /controller/api/rbac/v1/roles/roleId/users/userId

Example

curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/50/users/10


Response status code 200 :

Remove Role from User

Use this to remove a role from a user by roleId and userId.

Format

DELETE /controller/api/rbac/v1/roles/roleId/users/userId 

Example

curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/50/users/10

Response status code 200 :

Add Role to Group

Use this to add a role to a group by roleId and groupId.

Format

PUT /controller/api/rbac/v1/roles/roleId/groups/groupId

Example

curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/50/groups/2


Response status code 200 :

Remove Role from Group

Use this to remove a role from a group by roleId and groupId.

Format

DELETE /controller/api/rbac/v1/roles/roleId/groups/groupId

Example

curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/50/groups/2

Response status code 200 :

Get Role by ID

Use this to get full role information by roleId in the current account. This only returns the role object.

 This API does not return the Analytics Events permission.

Format

GET /controller/api/rbac/v1/roles/[roleId]?include-permissions=true

Input Parameters

Parameter NameParameter TypeValueMandatory
idRequest payload
Yes

include-permissions (>= v4.5.14)

Request payload"true"No

Example

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/15?include-permissions=true


Response status code 200 :

{
 "id": 15,
 "name": "SampleRole",
 "permissions": [
   {
     "id": 2619,
     "entityType": "APPLICATION",
     "action": "CONFIG_ACTIONS"
   },
   {
     "id": 2621,
     "entityType": "APPLICATION",
     "action": "CONFIG_BASELINES"
   },
   {
     "id": 2620,
     "entityType": "APPLICATION",
     "action": "CONFIG_BUSINESS_TRANSACTIONS"
   },
   {
     "id": 2610,
     "entityType": "APPLICATION",
     "action": "CONFIG_ERROR_DETECTION"
   },
   {
     "id": 2615,
     "entityType": "APPLICATION",
     "action": "CONFIG_EUM"
   },
   {
     "id": 2618,
     "entityType": "APPLICATION",
     "action": "CONFIG_EVENT_REACTOR"
   },
   {
     "id": 2617,
     "entityType": "APPLICATION",
     "action": "CONFIG_POLICIES"
   },
   {
     "id": 2608,
     "entityType": "APPLICATION",
     "action": "CONFIG_TRANSACTION_DETECTION"
   },
   {
     "id": 2606,
     "entityType": "APPLICATION",
     "action": "VIEW"
   }
 ]
}

Get Role by Name

Use this to get full role information by roleName in the current account.

 This API does not return the Analytics Events permission.

Format

GET /controller/api/rbac/v1/roles/name/[RoleName]?include-permissions=true

Input Parameters

Parameter NameParameter TypeValueMandatory
nameRequest payload
Yes

include-permissions (>= v4.5.14)

Request payload"true"No

Example

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/name/SampleRole?include-permissions=true


Response status code 200 :

{
 "id": 15,
 "name": "SampleRole",
 "permissions": [
   {
     "id": 2619,
     "entityType": "APPLICATION",
     "action": "CONFIG_ACTIONS"
   },
   {
     "id": 2621,
     "entityType": "APPLICATION",
     "action": "CONFIG_BASELINES"
   },
   {
     "id": 2620,
     "entityType": "APPLICATION",
     "action": "CONFIG_BUSINESS_TRANSACTIONS"
   },
   {
     "id": 2610,
     "entityType": "APPLICATION",
     "action": "CONFIG_ERROR_DETECTION"
   },
   {
     "id": 2615,
     "entityType": "APPLICATION",
     "action": "CONFIG_EUM"
   },
   {
     "id": 2618,
     "entityType": "APPLICATION",
     "action": "CONFIG_EVENT_REACTOR"
   },
   {
     "id": 2617,
     "entityType": "APPLICATION",
     "action": "CONFIG_POLICIES"
   },
   {
     "id": 2608,
     "entityType": "APPLICATION",
     "action": "CONFIG_TRANSACTION_DETECTION"
   },
   {
     "id": 2606,
     "entityType": "APPLICATION",
     "action": "VIEW"
   }
 ]
}

Get All Roles

Use this to get all roles in the current account. This only returns role summaries, which includes roleId and roleName.

Format

GET /controller/api/rbac/v1/roles 

Example

curl -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles

Response status code 200 :
{
   "roles": 
      [
         {"id": 13,"name": "Account Administrator"},
         {"id": 14,"name": "Administrator"},
         {"id": 20,"name": "Analytics Administrator"},
         {"id": 16,"name": "Dashboard Viewer"},
         {"id": 18,"name": "DB Monitoring Administrator"},
         {"id": 19,"name": "DB Monitoring User"},
         {"id": 21,"name": "Server Monitoring Administrator"},
         {"id": 22,"name": "Server Monitoring User"},
         {"id": 23,"name": "Universal Agent Administrator"},
         {"id": 24,"name": "Universal Agent User"},
         {"id": 15,"name": "User"},
         {"id": 17,"name": "Workflow Executor"}
      ]
}

Update Role

Use this to update a role by roleId in the current account. This only updates the role object itself, while leaving the relationship with users and groups unaffected.

You cannot update permissions within a role through this API. You can only update the name and description parameters. 

Format

PUT /controller/api/rbac/v1/roles/roleId

Input Parameters

Parameter NameParameter TypeValueMandatory
idRequest payload
Yes
nameRequest payload
Yes
descriptionRequest payload
No

Example

curl -H "Content-Type: application/vnd.appd.cntrl+json;v=1" -X PUT -d '{"id": 49, "name": "role1","description": "new description" }' -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/49

Response status code 200 :
{
   "id": 49,
   "name": "role1",
   "description": "new description"
}

Delete Role

Use this to delete a role in the current account.

Format

DELETE /controller/api/rbac/v1/roles/roleId

Example

curl -X DELETE -u user1@customer1 http://localhost:8080/controller/api/rbac/v1/roles/49


Response status code 200 :