Tenable Security Center API: Current User

 

/currentUser

Methods

GET

Gets the Current User.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

NOTE: The 'userPrefs' field duplicates the 'preferences' field.

Allowed Fields

*id
*uuid
**username
**firstname
**lastname
**status
role
title
email
address
city
state
country
phone
fax
createdTime
modifiedTime
lastLogin
lastLoginIP
mustChangePassword
passwordExpires
passwordExpiration
passwordExpirationOverride
passwordSetDate
locked
failedLogins
authType
fingerprint
password
description
managedUsersGroups
managedObjectsGroups
userPrefs
preferences
organization

ldapUsername
ldap
orgName
switchableUsers
linkedUserRole

Session user is not role "1" (Administrator)

responsibleAsset
group

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request User Parameters

None

Example Response
Administrator
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1",
		"status" : "0",
		"username" : "admin",
		"ldapUsername" : "",
		"firstname" : "Admin",
		"lastname" : "User",
		"title" : "Application Administrator",
		"email" : "",
		"address" : "",
		"city" : "",
		"state" : "",
		"country" : "",
		"phone" : "",
		"fax" : "",
		"createdTime" : "1432921843",
		"modifiedTime" : "1453473716",
		"lastLogin" : "1454350174",
		"lastLoginIP" : "172.168.0.0",
		"mustChangePassword" : "false",
        "passwordExpires": "true",
        "passwordExpiration": "90",
		"passwordExpirationOverride": "false",
		"locked" : "false",
		"failedLogins" : "0",
		"authType" : "tns",
		"fingerprint" : null,
		"password" : "SET",
		"managedUsersGroups" : [],
		"managedObjectsGroups" : [],
		"preferences" : [
			{
				"name" : "timezone",
				"value" : "America/New_York",
				"tag" : ""
			}
		],
		"organization" : {
			"id" : 0,
			"name" : "Tenable.sc Administration",
			"description" : ""
		},
		"userPrefs" : [
			{
				"name" : "timezone",
				"value" : "America/New_York",
				"tag" : ""
			}
		],
		"role" : {
			"id" : "1",
			"name" : "Administrator",
			"description" : "Role defining an administrator of the application"
		},
		"group" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"ldap" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"orgName" : "Tenable.sc Administration",
		"switchableUsers" : [
			{
				"user" {
					"id" : "2",
					"username" : "head",
					"firstname" : "John",
					"lastname" : "Doe",
					"locked" : "false",
					"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
				},
				"organization" : {
					"id" : "1",
					"name" : "Organization 1",
					"description" : "",
					"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
				}
			}, ...
		],
	 	"linkedUserRole" : {
      		"id": "11",
      		"name": "SM-Linked",
      		"description": "Role description"
    	},
		"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350604
}	
Organization User

Note: If the Current User is a linked user / Non-Admin linked user, the response includes a list of the users that can be switched to including the parent Administrator / Specific organization. 

Expand
{
	"type" : "regular",
	"response" : {
		"id" : "2",
		"status" : "0",
		"username" : "head",
		"firstname" : "",
		"lastname" : "",
		"title" : "",
		"email" : "",
		"address" : "",
		"city" : "",
		"state" : "",
		"country" : "",
		"phone" : "",
		"fax" : "",
		"createdTime" : "1433519288",
		"modifiedTime" : "1453477493",
		"lastLogin" : "1454349916",
		"lastLoginIP" : "172.20.0.0",
		"mustChangePassword" : "false",
        "passwordExpires": "true",
        "passwordExpiration": "90",
		"passwordExpirationOverride": "false",    
		"locked" : "false",
		"failedLogins" : "0",
		"authType" : "tns",
		"fingerprint" : null,
		"password" : "SET",
		"managedUsersGroups" : [
			{
				"id" : "-1",
				"name" : "All Groups",
				"description" : "All Groups"
			}
		],
		"managedObjectsGroups" : [
			{
				"id" : "-1",
				"name" : "All Groups",
				"description" : "All Groups"
			}
		],
		"preferences" : [
			{
				"name" : "timezone",
				"value" : "America/Nome",
				"tag" : "system"
			}
		],
		"organization" : {
			"id" : 1,
			"name" : "org1",
			"description" : "",
			"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
		},
		"userPrefs" : [
			{
				"name" : "timezone",
				"value" : "America/Nome",
				"tag" : "system"
			}
		],
		"role" : {
			"id" : "2",
			"name" : "Security Manager",
			"description" : "The Security Manager role has full access to all actions at the organization level. A Security Manager has the ability to create new groups and manage existing ones. A Security Manager can also define how users interact with other groups.\n\nThe ability to manage other users and their objects can be configured using group permissions on the Access tab of User add/edit. This includes viewing and stopping running scans and reports."
		},
		"responsibleAsset" : {
			"id" : "19",
			"name" : "Windows Hosts",
			"description" : "The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with Tenable.sc."
		},
		"group" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"orgName" : "org",
		"switchableUsers" : [
			{
				"user" : {
					"id" : "1",
					"username" : "admin",
					"firstname" : "Jane",
					"lastname" : "Doe",
					"locked" : "false",
					"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
				},
				"organization" : {
					"id" : "0",
					"name" : "Tenable.sc Administration",
					"description" : ""
				}
			}, ...
		],
	 	"linkedUserRole" : {
      		"id": "11",
      		"name": "SM-Linked",
      		"description": "Role description"
    	},
		"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350550
}

PATCH

Edits the current User, changing only the passed in fields.

Request Parameters
Expand
(All fields are optional)


{
	"firstname" : <string> DEFAULT "",
	"lastname" : <string> DEFAULT "",
	"title" : <string> DEFAULT "",
	"email" : <string> DEFAULT "" (required to be present and valid if emailNotice is not empty and is not "none"),
	"address" : <string> DEFAULT "",
	"city" : <string> DEFAULT "",
	"state" : <string> DEFAULT "",
	"country" : <string> DEFAULT "",
	"phone" : <string> DEFAULT "",
	"fax" : <string> DEFAULT "",
	"fingerprint" : <string> DEFAULT null,
	"emailNotice" :  <string> "both" | "id" | "none" | "password" DEFAULT "",
	"password" : <string> (must meet the requirements for configuration setting, "PasswordMinLength"),
	"preferences" : [
		{
			"name" : <string>,
			"tag" : <string> DEFAULT "",
			"value" : <string>
		}...
	]
}
Example Response
See /currentUser::GET


/currentUser/associateCert

Methods

POST

Associates a certificate that was presented to the server with the user's account, allowing for auto-login.

Note: When askAboutCert="true", then the F/E would allow you to save fingerprint.

Note: Certificates cannot be associated with linked users.

Request Parameters

Active Certificate (CAT Card, etc).

Example Response

See /currentUser::GET

/currentUser/preferences

Methods

GET

Gets the Current User's preferences specified by parameters 'name' and/or 'tag'. If neither name nor tag is provided, this gets all of the Current User's preferences.

NOTE: This functionality may also be performed in /currentUser::GET with the field 'preferences'

Request Parameters
Expand

Parameters must be passed in as query string (as opposed to JSON) in the format of: /currentUser/preferences?name=foo&tag=foo

{
	"name" : <string> OPTIONAL,
	"tag" : <string> OPTIONAL
}
Example Response


Expand
{
    "type" : "regular",
    "response" : [
        {
            "name" : "timezone",
            "value" : "America\/New_York",
            "tag" : ""
        }
    ],
    "error_code" : 0,
    "error_msg" : "",
    "warnings" : [],
    "timestamp" : 1409327492
}

DELETE

Deletes the Current User's preferences specified by parameters 'name' and/or 'tag'. If neither name nor tag is provided, this deletes all of the Current User's preferences.

NOTE : This functionality may also be performed in /currentUser::PATCH with the field 'preferences'

Request Parameters
Expand
{
	"name" : <string> OPTIONAL,
	"tag" : <string> OPTIONAL
}
Example Response


Expand
{
    "type" : "regular",
    "response" : "",
    "error_code" : 0,
    "error_msg" : "",
    "warnings" : [],
    "timestamp" : 1410976021
}

PATCH

Edits or adds the preferences associated with the Current User, changing only the passed in fields.

NOTE #1: If the given preference name/tag combination exists, this will update the value. Otherwise, the preference provided will be added.

NOTE #2 : This functionality may also be performed in /currentUser::PATCH with the field 'preferences'

Request Parameters
Expand
{
	"name" : <string>,
	"tag" : <string> DEFAULT "",
	"value" : <string>
}
Example Response


Expand
{
	"type" : "regular",
	"response" : [
		{
			"name" : "TestNewPreference",
			"value" : "test",
			"tag" : ""
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410977629
}

/currentUser/switch

Methods

POST

Switches from the current user to the specified user.

Note: You can switch

  • from an Administrator to a linked user (an organization user where authType = "linked" and parentID matches the id of the Administrator)
  • from a linked user to another linked user with the same parent Administrator
  • from a linked user back to the parent Administrator
Request Parameters
Expand
{
	"username" : <string>
}
Example Response

See /currentUser::GET