> Role object

The following objects are directly related to the role API.

Role

The role object has the following properties:

Property Type Description
roleid string ID of the role.

Property behavior:
- read-only
- required for update operations
name string Name of the role.

Property behavior:
- required for create operations
type integer User type.

Possible values:
1 - (default) User;
2 - Admin;
3 - Super admin.

Property behavior:
- required for create operations
readonly integer Whether the role is readonly.

Possible values:
0 - (default) No;
1 - Yes.

Property behavior:
- read-only

Role rules

The role rules object has the following properties:

Property Type Description
ui array Array of the UI element objects.
ui.default_access integer Whether access to new UI elements is enabled.

Possible values:
0 - Disabled;
1 - (default) Enabled.
services.read.mode integer Read-only access to services.

Possible values:
0 - Read-only access to the services, specified by the services.read.list or matched by the services.read.tag properties;
1 - (default) Read-only access to all services.
services.read.list array Array of Service objects.

The specified services, including child services, will be granted a read-only access to the user role. Read-only access will not override read-write access to the services.

Property behavior:
- supported if services.read.mode is set to "0"
services.read.tag object Array of Service tag object.

The tag matched services, including child services, will be granted a read-only access to the user role. Read-only access will not override read-write access to the services.

Property behavior:
- supported if services.read.mode is set to "0"
services.write.mode integer Read-write access to services.

Possible values:
0 - (default) Read-write access to the services, specified by the services.write.list or matched by the services.write.tag properties;
1 - Read-write access to all services.
services.write.list array Array of Service objects.

The specified services, including child services, will be granted a read-write access to the user role. Read-write access will override read-only access to the services.

Property behavior:
- supported if services.write.mode is set to "0"
services.write.tag object Array of Service tag object.

The tag matched services, including child services, will be granted a read-write access to the user role. Read-write access will override read-only access to the services.

Property behavior:
- supported if services.write.mode is set to "0"
modules array Array of the module objects.
modules.default_access integer Whether access to new modules is enabled.

Possible values:
0 - Disabled;
1 - (default) Enabled.
api.access integer Whether access to API is enabled.

Possible values:
0 - Disabled;
1 - (default) Enabled.
api.mode integer Mode for treating API methods listed in the api property.

Possible values:
0 - (default) Deny list;
1 - Allow list.
api array Array of API methods.
actions array Array of the action objects.
actions.default_access integer Whether access to new actions is enabled.

Possible values:
0 - Disabled;
1 - (default) Enabled.

UI element

The UI element object has the following properties:

Property Type Description
name string Name of the UI element.

Possible values if type of Role object is set to "User", "Admin", or "Super admin":
monitoring.dashboard - Dashboards;
monitoring.problems - Monitoring → Problems;
monitoring.hosts - Monitoring → Hosts;
monitoring.latest_data - Monitoring → Latest data;
monitoring.maps - Monitoring → Maps;
services.services - Services → Services;
services.sla_report - Services → SLA report;
inventory.overview - Inventory → Overview;
inventory.hosts - Inventory → Hosts;
reports.availability_report - Reports → Availability report;
reports.top_triggers - Reports → Triggers top 100.

Possible values if type of Role object is set to "Admin" or "Super admin":
monitoring.discovery - Monitoring → Discovery;
services.sla - Services → SLA;
reports.scheduled_reports - Reports → Scheduled reports;
reports.notifications - Reports → Notifications;
configuration.template_groups - Data collection → Template groups;
configuration.host_groups - Data collection → Host groups;
configuration.templates - Data collection → Templates;
configuration.hosts - Data collection → Hosts;
configuration.maintenance - Data collection → Maintenance;
configuration.discovery - Data collection → Discovery;
configuration.trigger_actions - Alerts → Actions → Trigger actions;
configuration.service_actions - Alerts → Actions → Service actions;
configuration.discovery_actions - Alerts → Actions → Discovery actions;
configuration.autoregistration_actions - Alerts → Actions → Autoregistration actions;
configuration.internal_actions - Alerts → Actions → Internal actions.

Possible values if type of Role object is set to "Super admin":
reports.system_info - Reports → System information;
reports.audit - Reports → Audit log;
reports.action_log - Reports → Action log;
configuration.event_correlation - Data collection → Event correlation;
administration.media_types - Alerts → Media types;
administration.scripts - Alerts → Scripts;
administration.user_groups - Users → User groups;
administration.user_roles - Users → User roles;
administration.users - Users → Users;
administration.api_tokens - Users → API tokens;
administration.authentication - Users → Authentication;
administration.general - Administration → General;
administration.audit_log - Administration → Audit log;
administration.housekeeping - Administration → Housekeeping;
administration.proxies - Administration → Proxies;
administration.macros - Administration → Macros;
administration.queue - Administration → Queue.

Property behavior:
- required
status integer Whether access to the UI element is enabled.

Possible values:
0 - Disabled;
1 - (default) Enabled.

Service

Property Type Description
serviceid string ID of the Service.

Property behavior:
- required

Service tag

Property Type Description
tag string Tag name.

If empty string is specified, the service tag will not be used for service matching.

Property behavior:
- required
value string Tag value.

If no value or empty string is specified, only the tag name will be used for service matching.

Module

The module object has the following properties:

Property Type Description
moduleid string ID of the module.

Property behavior:
- required
status integer Whether access to the module is enabled.

Possible values:
0 - Disabled;
1 - (default) Enabled.

Action

The action object has the following properties:

Property Type Description
name string Name of the action.

Possible values if type of Role object is set to "User", "Admin", or "Super admin:
edit_dashboards - Create and edit dashboards;
edit_maps - Create and edit maps;
add_problem_comments - Add problem comments;
change_severity - Change problem severity;
acknowledge_problems - Acknowledge problems;
suppress_problems - Suppress problems;
close_problems - Close problems;
execute_scripts - Execute scripts;
manage_api_tokens - Manage API tokens.

Possible values if type of Role object is set to "Admin" or "Super admin":
edit_maintenance - Create and edit maintenances;
manage_scheduled_reports - Manage scheduled reports,
manage_sla - Manage SLA.

Possible values if type of Role object is set to "User" or "Admin":
invoke_execute_now - allows to execute item checks for users that have only read permissions on host.

Property behavior:
- required
status integer Whether access to perform the action is enabled.

Possible values:
0 - Disabled;
1 - (default) Enabled.