Create Roles

Creates a new role in the system with the specified parameters and configurations. Requires admin permissions to run this API.

Note: See Manage users and roles in AFA to better understand the request parameters.

Resource Name: /api/v1/roles

Request Method: POST

Request Parameters:

Parameter Type Description
roleName
mandatory 		string Name of the role. Must match the specified regex pattern.
roleDescription string Description of the role.
ldapDn string LDAP group distinguished name (DN) that automatically inherits this role.
landingPage string Landing page for the role after login. Default: "automatic".
administrator string Administrator permissions. Accepts "yes" or "no".
fireflowAdmin string FireFlow administrator permissions. Accepts "yes" or "no".
enableAnalysisFromFile string Allow analysis from a file. Accepts "yes" or "no".
enableGlobalTrustTraffic string Allow global trust traffic. Accepts "yes" or "no".
authorizedViewsAndActions object Permissions for reports and actions.
reportAll string Access to all reports. Accepts "yes" or "no".
reportRisks string Access to risks reports. Accepts "yes" or "no".
reportChanges string Access to change reports. Accepts "yes" or "no".
reportOptimize string Access to optimization reports. Accepts "yes" or "no".
reportVpn string Access to VPN reports. Accepts "yes" or "no".
reportCompliance string Access to compliance reports. Accepts "yes" or "no".
reportBaseline string Access to baseline reports. Accepts "yes" or "no".
reportExplore string Access to explore reports. Accepts "yes" or "no".
reportConfig string Access to configuration reports. Accepts "yes" or "no".
actionViews string Permission to view actions. Accepts "yes" or "no".
actionMap string Permission to view map actions. Accepts "yes" or "no".
actionMonitor string Permission to monitor actions. Accepts "yes" or "no".
artPermission string Permission to use ART features. Accepts "yes" or "no".
actionAll string Permission to perform all actions. Accepts "yes" or "no".
actionAnalyze string Permission to perform analysis actions. Accepts "yes" or "no".
actionQuery string Permission to query actions. Accepts "yes" or "no".
actionTrusted string Permission to manage trusted traffic. Accepts "yes" or "no".
actionTopology string Permission to view topology. Accepts "yes" or "no".
actionCompare string Permission to compare configurations. Accepts "yes" or "no".
actionDelete string Permission to delete configurations or objects. Accepts "yes" or "no".
actionDocumentation string Permission to access documentation features. Accepts "yes" or "no".
firewallProfile string Default firewall authorization profile ("Standard", "ReadOnly", or "None"). Default: "Standard".
authorizedDevices
mandatory 		array List of authorized devices for the user, including displayName, id, profile, and notification.
id string Unique device ID.
displayName
Mandatory		 string Device display name.
profile string Device-specific profile ("Standard", "ReadOnly", "None"). If "None" is selected, the default profile from firewallProfile is used.
notification string Receive notifications for this device ("yes" or "no").

Request Body JSON Example: 

Copy
{
  "roleName": "Role",
  "roleDescription": "Example role",
  "ldapDn": "string",
  "landingPage": "automatic",
  "administrator": "no",
  "fireflowAdmin": "no",
  "enableAnalysisFromFile": "no",
  "enableGlobalTrustTraffic": "no",
  "authorizedViewsAndActions": {
    "reportAll": "yes",
    "reportRisks": "no",
    "reportChanges": "no",
    "reportOptimize": "no",
    "reportVpn": "no",
    "reportCompliance": "no",
    "reportBaseline": "no",
    "reportExplore": "no",
    "reportConfig": "no",
    "actionViews": "yes",
    "actionMap": "no",
    "actionMonitor": "no",
    "artPermission": "yes",
    "actionAll": "yes",
    "actionAnalyze": "no",
    "actionQuery": "no",
    "actionTrusted": "no",
    "actionTopology": "no",
    "actionCompare": "no",
    "actionDelete": "no",
    "actionDocumentation": "no"
  },
  "firewallProfile": "Standard",
  "authorizedDevices": [
    {
      "id": "device123",
      "displayName": "device123",
      "profile": "Standard",
      "notification": "yes"
    }
  ]
}

cURL Example:

Copy 
curl -X POST "https://<localhost>/api/v1/roles" \
-H "Content-Type: application/json" \
-d '{
  "roleName": "Role",
  "roleDescription": "Example role",
  "ldapDn": "string",
  "landingPage": "automatic",
  "administrator": "no",
  "fireflowAdmin": "no",
  "enableAnalysisFromFile": "no",
  "enableGlobalTrustTraffic": "no",
  "authorizedViewsAndActions": {
    "reportAll": "yes",
    "reportRisks": "no",
    "reportChanges": "no",
    "reportOptimize": "no",
    "reportVpn": "no",
    "reportCompliance": "no",
    "reportBaseline": "no",
    "reportExplore": "no",
    "reportConfig": "no",
    "actionViews": "yes",
    "actionMap": "no",
    "actionMonitor": "no",
    "artPermission": "yes",
    "actionAll": "yes",
    "actionAnalyze": "no",
    "actionQuery": "no",
    "actionTrusted": "no",
    "actionTopology": "no",
    "actionCompare": "no",
    "actionDelete": "no",
    "actionDocumentation": "no"
  },
  "firewallProfile": "Standard",
  "authorizedDevices": [
    {
      "id": "device123",
      "displayName": "device123",
      "profile": "Standard",
      "notification": "yes"
    }
  ]
}'

Status Codes:

Code Description
200 OK
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
500 Internal Server Error

Response Parameters:

Parameter Type Description
errorDetails object Details about errors, if any.
successRoles array List of successfully created roles.
failedRoles array List of roles that failed to be created.

Response Example (Success 200):

Copy 
{
    "successRoles": [
        "ExampleRole"
    ],
    "failedRoles": [
        "ExampleRole1"
    ],
    "errorDetails": {
        "additionalProp1": "string",
        "additionalProp2": "string",
        "additionalProp3": "string"
    },
    "status": "100 CONTINUE"
}    

Response Example (Failure 400):

Copy 
{
    "error": "string",
    "description": "string",
    "fieldErrors": [
        {
            "field": "string",
            "error": "string"
        }
    ]
}