Important Update: Archer Community Scheduled Maintenance on November 23–24 - New Community Launching Soon! Learn More..

cancel
Showing results for 
Search instead for 
Did you mean: 

RESTful API Metadata Role Default Home Page Values

BradleyHanna
Contributor III

1)  The RESTful API does not explain how null values are handled by the Update Role method.  When I run an update request on the Metadata Role segment my role's Default Home Page values are cleared, among others.  (I can merge my role updates with the roles current values to get around the other fields being cleared.)  I do not see how to maintain the Default Home Page values during an update.

 

How are the Default Home Page values set using the API Create/Update Method?

 

2)  The API does not include an example of Access Role Tasks.  It states "AccessRoleTasks(permissions)" in the update example.  Does this mean we can set page Access Rights using this member?  I do not see a flag for those values in the metadata for a role.

 

What are Access Role Tasks?

 

How do you retrieve a role's current Access Role Tasks?

17 REPLIES 17

Ilya_Khen
Champion III

JeffLetterman
Archer Employee
Archer Employee

Unfortunately, these little nuances were not documented in the older guides.  In the latest RSA Archer 6.5 RESTful API Reference Guide starting on page 94, it details what happens when some values are not passed in the API call.  To get around this, get the current values from user > update the needed values > send all values when updating.  

 

Here is a sample REST API body with AccessRoleTasks:

{
"AccessRole": {
"Name": "_RoleA",
"Description": "This is a test role",
"IsDefault": false
},
"GroupIds": [1,2],
"AccessRoleTasks": [
{"TaskId": "122","HasCreate": false,"HasRead": true,"HasUpdate": false,"HasDelete": false},
{"TaskId": "123","HasCreate": false,"HasRead": true,"HasUpdate": false,"HasDelete": false},
{"TaskId": "116","HasCreate": true,"HasRead": true,"HasUpdate": true,"HasDelete": false}
]
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

 

To get a list of permissions for a given Role, try something like this after modifying the Role Id and sample snippet of results: api/core/system/role/permission/52

{
"Links": [],
"RequestedObject": {
"AccessRoleId": 52,
"SolutionId": 32,
"SolutionName": "Vulnerability Research",
"ModuleId": 5,
"ModuleName": "Patches",
"TaskType": 2,
"TaskTypeName": "Action",
"TaskClass": 8,
"TaskClassName": "ViewMode",
"TaskName": "Patches: Content Record",
"TaskId": 9229,
"HasCreate": true,
"HasRead": false,
"HasUpdate": true,
"HasDelete": false,
"TaskNum": "i1001",
"IsSystem": true,
"Id": 9229,
"Name": null,
"Description": null,
"LastUpdatedBy": null,
"LastUpdatedDate": "0001-01-01T00:00:00"
},
"IsSuccessful": true,
"ValidationMessages": []
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

You're right, I had not checked this before posting.

 

But, what does the AccessRoleTasks TaskId correspond too?  Can I get a role's current AccessRoleTasks values?

 

And, those examples don't show an option for Default Home Page values.

Yeah, that is true, I also do not see mentioning of dashboard or page. Jeff's explanation below will be more detailed then.

JeffLetterman
Archer Employee
Archer Employee

The TaskId correlates to a permission in the Role.  To get the applied permissions/tasks for a given Role, try the following Body to select specific fields, filter to active permissions, and sort results...much like the Access Control Rights by Role report.

{
"Value": "?$select=SolutionName,ModuleName,TaskId,TaskName,HasCreate,HasRead,HasUpdate,HasDelete&$filter=HasCreate eq true or HasRead eq true or HasUpdate eq true or HasDelete eq true&$orderby=SolutionName,ModuleName,TaskName"
}

Snippet and formatted results:

pastedImage_3.png

Thanks Jeff, this is helpful.  I'm guessing y'all are tracking this throws a 404 Not Found on the platformapi path.  Does that mean this feature will go away when the api path is fully deprecated?

 

Can I be confident that each Json Array returned, regardless of role Id used, shows a list of all AccessRoleTasks in the system?

 

Are TaskName(s) unique system wide?

 

I'm thinking I will need to create a lookup table to correlate the TaskName with the TaskId so that I can programmatically assign access rights to new roles using AccessRoleTasks.

 

I welcome other suggestions.

 

BTW, how about the Default Home Page field.  Is there a way to set this when a role is created/updated?

You're answering questions before I can finish asking them.  Thanks for the work.

Correction:  The call to permission does work on the platformapi path.

JeffLetterman
Archer Employee
Archer Employee

Regarding the default Dashboard and Workspace, these can be set like this:

"DefaultHomeDashboardId": 9,
"DefaultHomeWorkspaceId": 14

 

Here is a full sample for a user:

{
"Password": "Password123$",
"Notification": true,
"Roles": [
73,
76,
100
],
"Groups": [
141,
84
],
"User": {
"FirstName": "John",
"MiddleName": "Micheal",
"LastName": "Doe",
"Username": "jdoe",
"AccountStatus": 1,
"DomainId": null,
"SecurityId": 1,
"LanguageId": 2,
"Locale": "en-US",
"TimeZoneId": "Central Standard Time",
"Address": "<p>123 Main St.<br/>Kansas City, KS 66112</p>",
"Company": "ABC",
"Title": "My Title",
"AdditionalNote": "This is my additional notes",
"ForcePasswordChange": true,
"DefaultHomeDashboardId": 9,
"DefaultHomeWorkspaceId": 14
},
"Contacts": [
{
"ContactType": 7,
"ContactSubType": 2,
"Value": "john.doe@abc.com",
"IsDefault": true
},
{
"ContactType": 7,
"ContactSubType": 2,
"Value": "john.doe2@abc.com"
},
{
"ContactType": 7,
"ContactSubType": 2,
"Value": "john.doe3@abc.com"
},
{
"ContactType": 7,
"ContactSubType": 2,
"Value": "john.doe4@abc.com"
},
{
"ContactType": 7,
"ContactSubType": 2,
"Value": "john.doe5@abc.com"
},
{
"ContactType": 9,
"ContactSubType": 1,
"Value": "111-111-1111",
"IsDefault": true
},
{
"ContactType": 9,
"ContactSubType": 2,
"Value": "222-222-2222"
},
{
"ContactType": 9,
"ContactSubType": 2,
"Value": "333-333-333"
},
{
"ContactType": 9,
"ContactSubType": 2,
"Value": "444-444-4444"
},
{
"ContactType": 9,
"ContactSubType": 2,
"Value": "555-555-5555"
}
]
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍