Managing Users and Roles

The following methods create, delete, and update users and roles.

Creating a New Role

NOTE: We recommend using the Create Roles REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP.

The create_role method creates a new role.

Request Type: CreateRoleRequest

Element	Type	Description
SessionID Mandatory	String	Session ID obtained from the connect method.
RoleName Mandatory	String	The name of the role.
RoleDescription Mandatory	String	The description of the role.
LdapDN Optional	String	The LDAP group that should automatically inherit this role.
Administrator Optional	String	Whether the role should have administrator permissions. If set to yes, the AuthorizedDevices element is automatically set to ALL_FIREWALLS.
LandingPage Optional	String	The product that appears upon logging in. One of the following: afa aff abf automatic
FireflowAdmin Optional	String	Whether the role should have FireFlow administrator permissions.
EnableAnalysisFromFile Optional	String	Whether the role can perform analyses from configuration files.
EnableGlobalTrustTraffic Optional	String	Whether the role can view and edit trusted traffic settings.
AuthorizedDevices Mandatory	A list of Device objects	A list of devices, groups or matrices the role has permission to view. See Example format of AuthorizedDevices Note: If the Administrator element is set to yes, this value is automatically set to ALL_FIREWALLS to allow permissions to all devices.

Response Type: CreateRoleResponse

Element	Type	Description
Result	String	A message describing whether the role was created successfully.

Deleting a Role

NOTE: We recommend using the Delete Roles REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP.

The delete_role method deletes one or more roles.

Request Type: DeleteRoleRequest

Element	Type	Description
SessionID Mandatory	String	Session ID obtained from the connect method.
RoleName Mandatory	A list of strings	The names for the role(s).

Response Type: DeleteRoleResponse

Element	Type	Description
Result	String	A message describing whether the role was deleted successfully.

Updating a Role

NOTE: We recommend using the Edit Roles REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP.

The update_role method edits a role.

Request Type: UpdateRoleRequest

Element	Type	Description
SessionID Mandatory	String	Session ID obtained from the connect method.
RoleName Mandatory	String	The name for the role.
RoleDescription Mandatory	String	The description of the role.
LdapDN Optional	String	The LDAP group that should automatically inherit this role.
Administrator Optional	String	Whether the role should have administrator permissions. If set to yes, the AuthorizedDevices element is automatically set to ALL_FIREWALLS.
LandingPage Optional	String	The product which appears upon logging in. One of the following: afa aff abf automatic
FireflowAdmin Optional	String	Whether the role should have FireFlow administrator permissions.
EnableAnalysisFromFile Optional	String	Whether the role can perform analyses from configuration files.
EnableGlobalTrustTraffic Optional	String	Whether the role can view and edit trusted traffic settings.
AuthorizedDevices Mandatory	A list of Device objects	A list of devices, groups or matrices the role has permission to view. See Example format of AuthorizedDevices Note: If the Administrator element is set to yes, this value is automatically set to ALL_FIREWALLS to allow permissions to all devices.

Response Type: UpdateRoleResponse

Element	Type	Description
Result	String	A message describing whether the role was updated successfully.

Creating a New User

NOTE: We recommend using the Create New User REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP.

The create_user method creates a new user.

Request Type: CreateUserRequest

Element	Type	Description
SessionID Mandatory	String	Session ID obtained from the connect method.
UserName Mandatory	String	The new user's username.
Password Mandatory	String	The new user's password.
AdminPassword Mandatory	String	The password of logged-in user with administrative permissions who is creating the new user.
FullName Mandatory	String	The user's full name.
Email Mandatory	String	The user's email address.
Role Optional	A list of strings	The roles to assign to the user.
AuthenticationType Mandatory	String	How the user should be authenticated. One of the following: local radius ldap
AdministratorOptional	String	Whether the user should have administrator permissions. If set to yes, the AuthorizedDevices element is automatically set to ALL_FIREWALLS.
LandingPage Optional	String	The product which appears upon logging in. One of the following: afa aff abf automatic
FireflowAdmin Optional	String	Whether the user should have FireFlow administrator permissions.
EnableAnalysisFromFile Optional	String	Whether the user can perform analyses from configuration files.
EnableGlobalTrustTraffic Optional	String	Whether the user can view and edit trusted traffic settings.
AuthorizedDevices Mandatory	A list of Device objects	A list of devices, groups or matrices the role has permission to view. See Example format of AuthorizedDevices Groups type . Note: If the Administrator element is set to yes, this value is automatically set to ALL_FIREWALLS to allow permissions to all devices.

Response Type: CreateUserResponse

Element	Type	Description
Result	String	A message describing whether the user was created successfully.

Deleting a User

NOTE: We recommend using the Delete User REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP.

The delete_user method deletes one or more users.

Request Type: DeleteUserRequest

Element	Type	Description
SessionID Mandatory	String	Session ID obtained from the connect method.
UserName Mandatory	A list of strings	The names for the user(s).

Response Type: DeleteUserResponse

Element	Type	Description
Result	String	A message describing whether the user was deleted successfully.

Updating a User

NOTE: We recommend using the following REST services for this method instead. REST services are more advanced and are the preferred choice over SOAP.

Edit User Details: Update user attributes and permissions.
Change User Password: Update user password.

The update_user method edits a user.

Request Type: UpdateUserRequest

Element	Type	Description
SessionID Mandatory	String	Session ID obtained from the connect method.
UserName Mandatory	String	The user's username.
Password Mandatory	String	The user's password.
AdminPassword Mandatory	String	The password of logged-in user with administrative permissions who is updating the user.
FullName Mandatory	String	The user's full name.
Email Mandatory	String	The user's email address.
Role Optional	A list of strings	The roles to assign to the user.
AuthenticationType Mandatory	String	How the user should be authenticated. One of the following: local radius ldap
Administrator Optional	String	Whether the user should have administrator permissions. If set to yes, the AuthorizedDevices element is automatically set to ALL_FIREWALLS.
LandingPage Optional	String	The product which appears upon logging in. One of the following: afa aff abf automatic
FireflowAdmin Optional	String	Whether the user should have FireFlow administrator permissions.
EnableAnalysisFromFile Optional	String	Whether the user can perform analyses from configuration files.
EnableGlobalTrustTraffic Optional	String	Whether the user can view and edit trusted traffic settings.
AuthorizedDevices Mandatory	A list of Device objects	A list of devices, groups or matrices the role has permission to view. See Example format of AuthorizedDevices . Note: If the Administrator element is set to yes, this value is automatically set to ALL_FIREWALLS to allow permissions to all devices.

Response Type: UpdateUserResponse

Element	Type	Description
Result	String	A message describing whether the user was updated successfully.

Example format of AuthorizedDevices

Copy

<AuthorizedDevices>
    <Device>
        <ID>device 1</ID>
        ...
    </Device>
    <Device>
        <ID>device 2</ID>
        ...
    </Device>
    <Group>
        <ID>group 1</ID>
        ...
    </Group>
    <Group>
        <ID>group 2</ID>
        ...
    </Group>
    <Matrix>
        <ID>matrix 1</ID>
        ...
    </Matrix>
    <Matrix>
        <ID>matrix 2</ID>
        ...
    </Matrix>
</AuthorizedDevices>