| Object type: user | |
|---|---|
| A User object contains information about a user account in the Sentinel system. | |
| Field | Description |
| auth-dn | If a user has an authentication source other than "DATABASE"" (e.g., "LDAP") this value can be used to identify the corresponding user account in the authentication source. |
| auth-source | The source used by Sentinel to authenticate a user's password during an authentication request. |
| cell | The user's mobile phone number. |
| createdate | The date and time when the object was created. |
| creator | The URL of the Sentinel User object that represents the creator of the object. |
| dept | The department to which the user belongs. |
| desc | A description of the user account. |
| The user's contact email address. | |
| fax | A secondary contact number or other value. The Sentinel user interface displays this as "Fax". |
| given | The user's given name. |
| meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
| moddate | The date and time when the object was last modified. |
| modifier | The URL of the Sentinel User object that represents the last modifier of the object. |
| name | The name that the user supplies to log in to Sentinel. |
| old-password | The user's existing password value. This is treated as "write-only" and is only used when a user is changing the value of the user's own password. It is never returned from the server. |
| password | The user's password value. This is treated as "write-only". In other words, it is only used when creating a user account or when changing a user account's password. It is never returned from the server. |
| perms | A description of the user's permissions in the Sentinel system. Definition |
| phone | The user's contact telephone number. |
| roles | The user's role memberships. |
| state | The user's current state. One of the following three values: "ACTIVE", "LOCKED", "INACTIVE". "INACTIVE" indicates a "deleted" user account. |
| surname | The user's family name. |
| sys | If this value is true it indicates that the user account is an internal account used by Sentinel. For example, a distributed search target creates a system user for the purposes of executing a search on behalf of a search console. |
| tags | The user's "favorite" tags. |
| title | The user's job title. |
| Object type: meta | |
|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | |
| Field | Description |
| @href | The URL reference to the object. |
| type | The name of the object type |
| Object type: permissions | |
|---|---|
| The UserPermissions object contains the current permissions for a user in the Sentinel system. | |
| Field | Description |
| all-events | If true, the user can view all event records in the Sentinel system. If false, the filter value is used to determine the set of events the user is allowed to view. |
| chg-pwd | If true, a user can change his own password. |
| filter | If non-empty, and AllowAllEvents is false, this value is a filter expression that determines the set of events the user is allowed to view. |
| isadmin | If true, the user has administrator privileges. |
| perm-set | This collection contains the calculated set of permissions effective for the user based on the user's role memberships. |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/user/42
{
"meta":{
"type":"user",
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/user/42"
},
"auth-dn":"cn=jdoe,dc=users,dc=somecompany,dc=com",
"phone":"(212) 555-1212",
"moddate":"2012-04-25T13:33:44.728Z",
"perms":{
"all-events":false,
"perm-set":[
"viewIdentityData",
"eventActions",
"runReportOnDB",
"viewIncidents",
"solutionDesigner",
"_viewRawDataRole_",
"viewInternalEvents",
"distSearchInitiate",
"createIncidents",
"viewVulnerabilityData",
"remediateIncidents",
"viewAssetData",
"activeViews",
"shareFilters"
],
"chg-pwd":true,
"filter":"rv145:\"PCI\"",
"isadmin":false
},
"desc":"This account is a sample user account.",
"fax":"(212) 555-1212",
"auth-source":"DATABASE",
"sys":false,
"old-password":"0ldp@$$w0rd",
"cell":"(212) 555-1212",
"createdate":"2012-04-25T13:33:44.728Z",
"surname":"Doe",
"password":"p@$$w0rd",
"title":"PCI Compliance Manager",
"given":"John",
"email":"jdoe@somecompany.com",
"name":"jdoe",
"dept":"Accounting",
"tags":[
"PCI"
],
"roles":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/role/79600390-9B73-102E-A3E2-001676E4A757"
],
"state":"INACTIVE"
}
| Object type: user | ||
|---|---|---|
| A User object contains information about a user account in the Sentinel system. | ||
| Field | Required | Description |
| auth-dn | false | If a user has an authentication source other than "DATABASE"" (e.g., "LDAP") this value can be used to identify the corresponding user account in the authentication source. |
| auth-source | true | The source used by Sentinel to authenticate a user's password during an authentication request. |
| cell | false | The user's mobile phone number. |
| dept | false | The department to which the user belongs. |
| desc | false | A description of the user account. |
| false | The user's contact email address. | |
| fax | false | A secondary contact number or other value. The Sentinel user interface displays this as "Fax". |
| given | false | The user's given name. |
| name | true | The name that the user supplies to log in to Sentinel. |
| old-password | false | The user's existing password value. This is treated as "write-only" and is only used when a user is changing the value of the user's own password. It is never returned from the server. |
| password | false | The user's password value. This is treated as "write-only". In other words, it is only used when creating a user account or when changing a user account's password. It is never returned from the server. |
| phone | false | The user's contact telephone number. |
| roles | false | The user's role memberships. |
| state | false | The user's current state. One of the following three values: "ACTIVE", "LOCKED", "INACTIVE". "INACTIVE" indicates a "deleted" user account. |
| surname | false | The user's family name. |
| tags | false | The user's "favorite" tags. |
| title | false | The user's job title. |
| Object type: meta | ||
|---|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | ||
| Field | Required | Description |
| @href | false | The URL reference to the object. |
| type | false | The name of the object type |
PUT https://164.99.19.131:8443/SentinelRESTServices/objects/user/42
{
"auth-dn":"cn=jdoe,dc=users,dc=somecompany,dc=com",
"phone":"(212) 555-1212",
"desc":"This account is a sample user account.",
"fax":"(212) 555-1212",
"auth-source":"DATABASE",
"old-password":"0ldp@$$w0rd",
"cell":"(212) 555-1212",
"surname":"Doe",
"password":"p@$$w0rd",
"title":"PCI Compliance Manager",
"given":"John",
"email":"jdoe@somecompany.com",
"name":"jdoe",
"dept":"Accounting",
"tags":[
"PCI"
],
"roles":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/role/79600390-9B73-102E-A3E2-001676E4A757"
],
"state":"INACTIVE"
}
DELETE https://164.99.19.131:8443/SentinelRESTServices/objects/user/42