Object type: user | |
---|---|
A User object contains information about a user account in the Sentinel system. | |
Field | Description |
auth-dn | If a user has an authentication source other than "DATABASE"" (e.g., "LDAP") this value can be used to identify the corresponding user account in the authentication source. |
auth-source | The source used by Sentinel to authenticate a user's password during an authentication request. |
cell | The user's mobile phone number. |
createdate | The date and time when the object was created. |
creator | The URL of the Sentinel User object that represents the creator of the object. |
dept | The department to which the user belongs. |
desc | A description of the user account. |
The user's contact email address. | |
fax | A secondary contact number or other value. The Sentinel user interface displays this as "Fax". |
given | The user's given name. |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
moddate | The date and time when the object was last modified. |
modifier | The URL of the Sentinel User object that represents the last modifier of the object. |
name | The name that the user supplies to log in to Sentinel. |
old-password | The user's existing password value. This is treated as "write-only" and is only used when a user is changing the value of the user's own password. It is never returned from the server. |
password | The user's password value. This is treated as "write-only". In other words, it is only used when creating a user account or when changing a user account's password. It is never returned from the server. |
perms | A description of the user's permissions in the Sentinel system. Definition |
phone | The user's contact telephone number. |
roles | The user's role memberships. |
state | The user's current state. One of the following three values: "ACTIVE", "LOCKED", "INACTIVE". "INACTIVE" indicates a "deleted" user account. |
surname | The user's family name. |
sys | If this value is true it indicates that the user account is an internal account used by Sentinel. For example, a distributed search target creates a system user for the purposes of executing a search on behalf of a search console. |
tags | The user's "favorite" tags. |
title | The user's job title. |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
Object type: permissions | |
---|---|
The UserPermissions object contains the current permissions for a user in the Sentinel system. | |
Field | Description |
all-events | If true, the user can view all event records in the Sentinel system. If false, the filter value is used to determine the set of events the user is allowed to view. |
chg-pwd | If true, a user can change his own password. |
filter | If non-empty, and AllowAllEvents is false, this value is a filter expression that determines the set of events the user is allowed to view. |
isadmin | If true, the user has administrator privileges. |
perm-set | This collection contains the calculated set of permissions effective for the user based on the user's role memberships. |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/user/42
{ "meta":{ "type":"user", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/user/42" }, "auth-dn":"cn=jdoe,dc=users,dc=somecompany,dc=com", "phone":"(212) 555-1212", "moddate":"2012-04-25T13:33:44.728Z", "perms":{ "all-events":false, "perm-set":[ "viewIdentityData", "eventActions", "runReportOnDB", "viewIncidents", "solutionDesigner", "_viewRawDataRole_", "viewInternalEvents", "distSearchInitiate", "createIncidents", "viewVulnerabilityData", "remediateIncidents", "viewAssetData", "activeViews", "shareFilters" ], "chg-pwd":true, "filter":"rv145:\"PCI\"", "isadmin":false }, "desc":"This account is a sample user account.", "fax":"(212) 555-1212", "auth-source":"DATABASE", "sys":false, "old-password":"0ldp@$$w0rd", "cell":"(212) 555-1212", "createdate":"2012-04-25T13:33:44.728Z", "surname":"Doe", "password":"p@$$w0rd", "title":"PCI Compliance Manager", "given":"John", "email":"jdoe@somecompany.com", "name":"jdoe", "dept":"Accounting", "tags":[ "PCI" ], "roles":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/role/79600390-9B73-102E-A3E2-001676E4A757" ], "state":"INACTIVE" }
Object type: user | ||
---|---|---|
A User object contains information about a user account in the Sentinel system. | ||
Field | Required | Description |
auth-dn | false | If a user has an authentication source other than "DATABASE"" (e.g., "LDAP") this value can be used to identify the corresponding user account in the authentication source. |
auth-source | true | The source used by Sentinel to authenticate a user's password during an authentication request. |
cell | false | The user's mobile phone number. |
dept | false | The department to which the user belongs. |
desc | false | A description of the user account. |
false | The user's contact email address. | |
fax | false | A secondary contact number or other value. The Sentinel user interface displays this as "Fax". |
given | false | The user's given name. |
name | true | The name that the user supplies to log in to Sentinel. |
old-password | false | The user's existing password value. This is treated as "write-only" and is only used when a user is changing the value of the user's own password. It is never returned from the server. |
password | false | The user's password value. This is treated as "write-only". In other words, it is only used when creating a user account or when changing a user account's password. It is never returned from the server. |
phone | false | The user's contact telephone number. |
roles | false | The user's role memberships. |
state | false | The user's current state. One of the following three values: "ACTIVE", "LOCKED", "INACTIVE". "INACTIVE" indicates a "deleted" user account. |
surname | false | The user's family name. |
tags | false | The user's "favorite" tags. |
title | false | The user's job title. |
Object type: meta | ||
---|---|---|
The metadata for an object, including the object type name and the URL reference to the object. | ||
Field | Required | Description |
@href | false | The URL reference to the object. |
type | false | The name of the object type |
PUT https://164.99.19.131:8443/SentinelRESTServices/objects/user/42
{ "auth-dn":"cn=jdoe,dc=users,dc=somecompany,dc=com", "phone":"(212) 555-1212", "desc":"This account is a sample user account.", "fax":"(212) 555-1212", "auth-source":"DATABASE", "old-password":"0ldp@$$w0rd", "cell":"(212) 555-1212", "surname":"Doe", "password":"p@$$w0rd", "title":"PCI Compliance Manager", "given":"John", "email":"jdoe@somecompany.com", "name":"jdoe", "dept":"Accounting", "tags":[ "PCI" ], "roles":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/role/79600390-9B73-102E-A3E2-001676E4A757" ], "state":"INACTIVE" }
DELETE https://164.99.19.131:8443/SentinelRESTServices/objects/user/42