Managing Users and Roles

The following methods create, delete, and update users and roles.

Creating a New Role

The create_role method creates a new role.

Request Type: CreateRoleRequest

Element

Type

Description

SessionIDMandatory

String

Session ID obtained from the connect method.

RoleName

Mandatory

String

The name of the role.

RoleDescription

Mandatory

String

The description of the role.

LdapDN

Optional

String

The LDAP group that should automatically inherit this role.

Administrator

Optional

String

Whether the role should have administrator permissions.

If set to yes, the AuthorizedDevices element is automatically set to ALL_FIREWALLS.

LandingPage

Optional

String

The product that appears upon logging in. One of the following:

  • afa
  • aff
  • abf
  • automatic

FireflowAdmin

Optional

String

Whether the role should have FireFlow administrator permissions.

EnableAnalysisFromFile

Optional

String

Whether the role can perform analyses from configuration files.

EnableGlobalTrustTraffic

Optional

String

Whether the role can view and edit trusted traffic settings.

AuthorizedDevices

Mandatory

A list of Device objects

A list of devices, groups or matrices the role has permission to view. See Example format of AuthorizedDevices

Note: If the Administrator element is set to yes, this value is automatically set to ALL_FIREWALLS to allow permissions to all devices.

Response Type: CreateRoleResponse

Element

Type

Description

Result

String

A message describing whether the role was created successfully.

Deleting a Role

The delete_role method deletes one or more roles.

Request Type: DeleteRoleRequest

Element

Type

Description

SessionIDMandatory

String

Session ID obtained from the connect method.

RoleName

Mandatory

A list of strings

The names for the role(s).

Response Type: DeleteRoleResponse

Element

Type

Description

Result

String

A message describing whether the role was deleted successfully.

Updating a Role

The update_role method edits a role.

Request Type: UpdateRoleRequest

Element

Type

Description

SessionIDMandatory

String

Session ID obtained from the connect method.

RoleName

Mandatory

String

The name for the role.

RoleDescription

Mandatory

String

The description of the role.

LdapDN

Optional

String

The LDAP group that should automatically inherit this role.

Administrator

Optional

String

Whether the role should have administrator permissions.

If set to yes, the AuthorizedDevices element is automatically set to ALL_FIREWALLS.

LandingPage

Optional

String

The product which appears upon logging in. One of the following:

  • afa
  • aff
  • abf
  • automatic

FireflowAdmin

Optional

String

Whether the role should have FireFlow administrator permissions.

EnableAnalysisFromFile

Optional

String

Whether the role can perform analyses from configuration files.

EnableGlobalTrustTraffic

Optional

String

Whether the role can view and edit trusted traffic settings.

AuthorizedDevices

Mandatory

A list of Device objects

A list of devices, groups or matrices the role has permission to view. See Example format of AuthorizedDevices

Note: If the Administrator element is set to yes, this value is automatically set to ALL_FIREWALLS to allow permissions to all devices.

Response Type: UpdateRoleResponse

Element

Type

Description

Result

String

A message describing whether the role was updated successfully.

Creating a New User

The create_user method creates a new user.

Request Type: CreateUserRequest

Element

Type

Description

SessionID Mandatory

String

Session ID obtained from the connect method.

UserName Mandatory

String

The new user's username.

Password Mandatory

String

The new user's password.

AdminPassword Mandatory

String

The password of logged-in user with administrative permissions who is creating the new user.

FullName Mandatory

String

The user's full name.

Email Mandatory

String

The user's email address.

Role Optional

A list of strings

The roles to assign to the user.

AuthenticationType Mandatory

String

How the user should be authenticated. One of the following:

  • local
  • radius
  • ldap
AdministratorOptional

String

Whether the user should have administrator permissions.

If set to yes, the AuthorizedDevices element is automatically set to ALL_FIREWALLS.

LandingPage

Optional

String

The product which appears upon logging in. One of the following:

  • afa
  • aff
  • abf
  • automatic

FireflowAdmin

Optional

String

Whether the user should have FireFlow administrator permissions.

EnableAnalysisFromFile

Optional

String

Whether the user can perform analyses from configuration files.

EnableGlobalTrustTraffic

Optional

String

Whether the user can view and edit trusted traffic settings.

AuthorizedDevices

Mandatory

A list of Device objects

A list of devices, groups or matrices the role has permission to view. See Example format of AuthorizedDevicesGroups type .

Note: If the Administrator element is set to yes, this value is automatically set to ALL_FIREWALLS to allow permissions to all devices.

Response Type: CreateUserResponse

Element

Type

Description

Result

String

A message describing whether the user was created successfully.

Deleting a User

The delete_user method deletes one or more users.

Request Type: DeleteUserRequest

Element

Type

Description

SessionIDMandatory

String

Session ID obtained from the connect method.

UserName

Mandatory

A list of strings

The names for the user(s).

Response Type: DeleteUserResponse

Element

Type

Description

Result

String

A message describing whether the user was deleted successfully.

Updating a User

The update_user method edits a user.

Request Type: UpdateUserRequest

Element

Type

Description

SessionIDMandatory

String

Session ID obtained from the connect method.

UserNameMandatory

String

The user's username.

PasswordMandatory

String

The user's password.

AdminPasswordMandatory

String

The password of logged-in user with administrative permissions who is updating the user.

FullNameMandatory

String

The user's full name.

EmailMandatory

String

The user's email address.

RoleOptional

A list of strings

The roles to assign to the user.

AuthenticationTypeMandatory

String

How the user should be authenticated. One of the following:

  • local
  • radius
  • ldap
AdministratorOptional

String

Whether the user should have administrator permissions.

If set to yes, the AuthorizedDevices element is automatically set to ALL_FIREWALLS.

LandingPage

Optional

String

The product which appears upon logging in. One of the following:

  • afa
  • aff
  • abf
  • automatic

FireflowAdmin

Optional

String

Whether the user should have FireFlow administrator permissions.

EnableAnalysisFromFile

Optional

String

Whether the user can perform analyses from configuration files.

EnableGlobalTrustTraffic

Optional

String

Whether the user can view and edit trusted traffic settings.

AuthorizedDevices

Mandatory

A list of Device objects

A list of devices, groups or matrices the role has permission to view. See Example format of AuthorizedDevices .

Note: If the Administrator element is set to yes, this value is automatically set to ALL_FIREWALLS to allow permissions to all devices.

Response Type: UpdateUserResponse

Element

Type

Description

Result

String

A message describing whether the user was updated successfully.

Example format of AuthorizedDevices

Copy
<AuthorizedDevices>
    <Device>
        <ID>device 1</ID>
        ...
    </Device>
    <Device>
        <ID>device 2</ID>
        ...
    </Device>
    <Group>
        <ID>group 1</ID>
        ...
    </Group>
    <Group>
        <ID>group 2</ID>
        ...
    </Group>
    <Matrix>
        <ID>matrix 1</ID>
        ...
    </Matrix>
    <Matrix>
        <ID>matrix 2</ID>
        ...
    </Matrix>
</AuthorizedDevices>