Tenable Security Center API: User

 

/user

Methods
GET

Gets the list of Users. Depending on your role, this resource will return the following:

  • A list of all Administrators (by default if the session user has the Administrator Role) or a list of all Users (if the session user is an Administrator and the optional field orgID is provided) in the provided organization.
    • NOTE:  If the orgID field is provided, the Fields parameter is not supported.  See the example response for the static list of fields that are returned.
  • A list of all Users within the Organization's context if the session user is not an Administrator, depending on access and permissions.
Fields Parameter

The fields not under * or ** can be used only by users with enough permissions which includes:

  • Admin role
  • Security Manager
  • Users with 'Manage Users' enabled for any Group [ The fields will however be visible only for the users of the groups they can manage ]
  • Logged in user can use these fields to view details for self only.
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
*uuid
**username
**firstname
**lastname
**status
**email
role
title
address
city
state
country
phone
fax
createdTime
modifiedTime
lastLogin
lastLoginIP
mustChangePassword
passwordExpires
passwordExpiration
passwordExpirationOverride
passwordSetDate
locked
failedLogins
authType
fingerprint
password
apiKeys
canUse
canManage
preferences
ldap
ldapUsername
linkedUsers
parent

Session user is not role "1" (Administrator)

managedUsersGroups
managedObjectsGroups
responsibleAsset
group

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )

 Request User Parameters
Expand

Session user is an Administrator

To see a list of all SecurityManagers the orgID parameter should be specified along the query string, and it takes the syntax

    ?orgID=<number>

Session user is not an Administrator

None

Paginated results:

By default the results set contain all admin users or for the requested org.

To get paginated results a param value should be sent in the request as below

?paginated=true

Additionally for paginated results we can send the offsets 

startOffset <string> [DEFAULT 0]

and 

endOffset <string> [DEFAULT 50]

Filtering params: 

Filtering of the results is allowed for below fields:

  • firstname <string> [Partial match]
  • lastname <string> [Partial match]
  • username <string> [Partial match]
  • lastLoginTimeFrame <string> [15m | 20m | 30m | h | 2h | 4h | 6h | 12h | 24h | 48h | 72h | 5d | 7d | 15d | 25d | 30d | 50d | 60d | 90d | 120d | 180d | 365d] 
  • lastLoginStartTime <string> [unixtimestamp]
  • lastLoginEndTime <string> [unixtimestamp]
  • locked <string> [ true | false ]
  • groupID <string> [comma separated group IDs]
  • authType <string> [ ldap | tns | cert | saml | linked | linked_non_admin ]
  • roleID <string> [comma separated role IDs]
  • title <string> [Partial match]
  • email <string> [Partial match]
  • address <string> [Partial match]
  • state <string> [Partial match]
  • country <string> [Partial match]
  • phone <string> [Partial match]
  • fax <string> [Partial match]
  • name <string> [Partial match] [matches firstname or lastname]


Example Request Query Parameters 
Expand

For request with filter param [ json object ]

?filters=[{"filterName":"roleID","value":"0,2"},{"filterName":"firstname","value":"a"}]
Example Response
Administrator
Expand
{
	"type" : "regular",
	"response" : [
		{
			"id" : "1",
			"status" : "0",
			"username" : "admin",
			"ldapUsername" : "",
			"firstname" : "Admin",
			"lastname" : "User",
			"title" : "Application Administrator",
			"email" : "",
			"address" : "",
			"city" : "",
			"state" : "",
			"country" : "",
			"phone" : "",
			"fax" : "",
			"createdTime" : "1432921843",
			"modifiedTime" : "1453473716",
			"lastLogin" : "1454350174",
			"lastLoginIP" : "172.20.0.0",
			"mustChangePassword" : "false",
 			"passwordExpires": "true",
			"passwordExpiration": "90",
			"passwordExpirationOverride": "false",
			"passwordSetDate": "1432921843", 
			"locked" : "false",
			"failedLogins" : "0",
			"authType" : "tns",
			"fingerprint" : null,
			"password" : "SET",
			"preferences" : [
				{
					"name" : "timezone",
					"value" : "America/New_York",
					"tag" : ""
				}
			],
			"apiKeys" : [],
			"canUse" : true,
			"canManage" : true,
			"role" : {
				"id" : "1",
				"name" : "Administrator",
				"description" : "Role defining an administrator of the application"
			},
			"ldap" : {
				"id" : "-1",
				"name" : "",
				"description" : ""
			},
			"linkedUsers" : [
				{
					"user" {
						"id" : "2",
						"username" : "head",
						"firstname" : "John",
						"lastname" : "Doe",
						"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
					},
					"organization" : {
						"id" : "1",
						"name" : "Org1",
						"description" : "",
						"uuid" : "FF00F4D0-5B9F-4A26-998C-19430295284A"
					}
				}
			],
			"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350178
}
Administrator (with orgID field provided)
Expand
{
	"type" : "regular",
	"response" : [
		{
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"apiKeys". : [],
			"canUse" : true,
			"canManage" : true,
			"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350178
}
Organization User (Security Manager or User with ManageUser permission of any group)
Expand
{
	"type" : "regular",
	"response" : [
		{			
			"id" : "1",
			"status" : "0",
			"username" : "head",
			"ldapUsername" : "",
			"firstname" : "Organization",
			"lastname" : "User",
			"title" : "",
			"email" : "",
			"address" : "",
			"city" : "",
			"state" : "",
			"country" : "",
			"phone" : "",
			"fax" : "",
			"createdTime" : "1432921843",
			"modifiedTime" : "1453473716",
            "managedUsersGroups" : [
                {
                    "id": "-1",
                    "name": "All Groups",
                    "description": "All Groups"
                }
            ],
            "managedObjectsGroups" : [
                {
                    "id": "-1",
                    "name": "All Groups",
                    "description": "All Groups"
                }
            ],
			"lastLogin" : "1454350174",
			"lastLoginIP" : "172.20.0.0",
			"mustChangePassword" : "false",
 			"passwordExpires": "true",
			"passwordExpiration": "90",
			"passwordExpirationOverride": "false",
			"passwordSetDate": "1432921843", 
			"locked" : "false",
			"failedLogins" : "0",
			"authType" : "tns",
			"fingerprint" : null,
			"password" : "SET",
			"preferences" : [
				{
					"name" : "timezone",
					"value" : "America/New_York",
					"tag" : ""
				}
			],
			"apiKeys" : [],
			"canUse" : true,
			"canManage" : true,
			"role" : {
				"id" : "2",
				"name" : "Security Manager",
				"description" : "The Security Manager role has full access to all actions at the organization level. A Security Manager has the ability to create new groups and manage existing ones. A Security Manager can also define how users interact with other groups.\n\nThe ability to manage other users and their objects can be configured using group permissions on the Access tab of User add/edit. This includes viewing and stopping running scans and reports."
			},
			"ldap" : {
				"id" : "-1",
				"name" : "",
				"description" : ""
			},
            "responsibleAsset" : {
                "id": -1,
                "name": "",
                "description": ""
            },
            "group": {
                "id": "0",
                "name": "Full Access",
                "description": "Full Access group"
            },
			"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
		}
   ],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454348491
}
Organization User (without ManageUsers in any Group permissions)
Expand
{
	"type" : "regular",
	"response" : [
		{
			"id" : "1",
			"username" : "head",
			"firstname" : "",
			"lastname" : "",
			"status" : 0,
			"email" : "",
			"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
		},
		{
			"id" : "2",
			"username" : "User 2",
			"firstname" : "",
			"lastname" : "",
			"status" : 0,
			"email" : "",
			"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
		},
		{			
			"id" : "3",
			"status" : "0",
			"username" : "self",
			"ldapUsername" : "",
			"firstname" : "Organization",
			"lastname" : "Self",
			"title" : "",
			"email" : "",
			"address" : "",
			"city" : "",
			"state" : "",
			"country" : "",
			"phone" : "",
			"fax" : "",
			"createdTime" : "1432921843",
			"modifiedTime" : "1453473716",
            "managedUsersGroups" : [
            ],
            "managedObjectsGroups" : [
                {
                    "id": "-1",
                    "name": "All Groups",
                    "description": "All Groups"
                }
            ],
			"lastLogin" : "1454350174",
			"lastLoginIP" : "172.20.0.0",
			"mustChangePassword" : "false",
 			"passwordExpires": "true",
			"passwordExpiration": "90",
			"passwordExpirationOverride": "false",
			"passwordSetDate": "1432921843", 
			"locked" : "false",
			"failedLogins" : "0",
			"authType" : "tns",
			"fingerprint" : null,
			"password" : "SET",
			"preferences" : [
				{
					"name" : "timezone",
					"value" : "America/New_York",
					"tag" : ""
				}
			],
			"apiKeys" : [],
			"canUse" : true,
			"canManage" : true,
			"role" : {
				"id" : "2",
				"name" : "Any role",
				"description" : "Any role with any permission."
			},
			"ldap" : {
				"id" : "-1",
				"name" : "",
				"description" : ""
			},
            "responsibleAsset" : {
                "id": -1,
                "name": "",
                "description": ""
            },
            "group": {
                "id": "0",
                "name": "Restricted group",
                "description": "Some group with restricted permissions"
            },
			"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350178
}
Paginated response
Expand
{
	"type" : "regular",
	"response" :
	{
		"totalRecords" => 123,
		"returnedRecords" => 50,
		"startOffset" => 0,
		"endOffset" => 50,
		"results" => [
			{
				"id" : "1",
				"username" : "head",
				"firstname" : "",
				"lastname" : "",
				"status" : 0,
				"email" : "",
				"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
			},
			{
				"id" : "2",
				"username" : "User 2",
				"firstname" : "",
				"lastname" : "",
				"status" : 0,
				"email" : "",
				"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
			},
			{			
				"id" : "3",
				"status" : "0",
				"username" : "self",
				"ldapUsername" : "",
				"firstname" : "Organization",
				"lastname" : "Self",
				"title" : "",
				"email" : "",
				"address" : "",
				"city" : "",
				"state" : "",
				"country" : "",
				"phone" : "",
				"fax" : "",
				"createdTime" : "1432921843",
				"modifiedTime" : "1453473716",
				"managedUsersGroups" : [
				],
				"managedObjectsGroups" : [
					{
						"id": "-1",
						"name": "All Groups",
						"description": "All Groups"
					}
       	     	],
				"lastLogin" : "1454350174",
				"lastLoginIP" : "172.20.0.0",
				"mustChangePassword" : "false",
 				"passwordExpires": "true",
				"passwordExpiration": "90",
				"passwordExpirationOverride": "false",
				"passwordSetDate": "1432921843", 
				"locked" : "false",
				"failedLogins" : "0",
				"authType" : "tns",
				"fingerprint" : null,
				"password" : "SET",
				"preferences" : [
					{
						"name" : "timezone",
						"value" : "America/New_York",
						"tag" : ""
					}
				],
				"apiKeys" : [],
				"canUse" : true,
				"canManage" : true,
				"role" : {
					"id" : "2",
					"name" : "Any role",
					"description" : "Any role with any permission."
				},
				"ldap" : {
					"id" : "-1",
					"name" : "",
					"description" : ""
				},
      	      "responsibleAsset" : {
					"id": -1,
	                "name": "",
    	            "description": ""
        	    },
            	"group": {
                	"id": "0",
                	"name": "Restricted group",
                	"description": "Some group with restricted permissions"
				},
				"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
			}
		],
	}
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350178
}

POST

Adds a User. Depending on your role, this resource will add the following:

  • An Administrator (by default if the session user has the Administrator Role) or a SecurityManager (if the session user is an Administrator and the optional field orgID is provided) into the provided organization.
  • A User within the Organization's context if the session user is not an Administrator and has permission to manage users in group.
Request Parameters
Expand

The passwordExpirationOverride parameter does not apply to Administrator users. 

{
	"status" : <number> DEFAULT "0",
	"roleID" : <number>,
	"username" : <string>,
	"firstname" : <string> DEFAULT "",
	"lastname" : <string> DEFAULT "",
	"title" : <string> DEFAULT "",
	"email" : <string> DEFAULT "" (required to be present and valid if emailNotice is not empty and is not "none"),
	"address" : <string> DEFAULT "",
	"city" : <string> DEFAULT "",
	"state" : <string> DEFAULT "",
	"country" : <string> DEFAULT "",
	"phone" : <string> DEFAULT "",
	"fax" : <string> DEFAULT "",
	"locked" : <string> "false" | "true" DEFAULT "false",
	"authType" : <string> "ldap" | "legacy" | "linked" | "saml" | "tns",
	"fingerprint" : <string> DEFAULT null,
	"emailNotice" :  <string> "both" | "id" | "none" | "password" DEFAULT "",
	"preferences" : [
		{
			"name" : <string>,
			"tag" : <string> DEFAULT "",
			"value" : <string>
		}...
	] DEFAULT [
		{
			"name" : "timezone",
			"tag" : "system",
			"value" : <string> (default timezone)
		}
	]
}

authType "ldap"

Note: The "ldapUsername" attribute will be set to mirror the "username" attribute.

...
	"mustChangePassword" : <string> "false" DEFAULT "false",
	"ldap" : {
		"id" : <string>
	}
...

authType "saml"

...
	"mustChangePassword" : <string> "false" DEFAULT "false"
...

authType not "ldap" or "saml"

...
	"password" : <string> (must meet the requirements for configuration setting, "PasswordMinLength"),
	"mustChangePassword" : <string> "false" | "true" DEFAULT "false"
    "passwordExpires" : <string> "false" | "true" DEFAULT "false",
    "passwordExpiration" : <number> (a number between 1 and 365) DEFAULT 90,
    "passwordExpirationOverride" : <string> "false" | "true" DEFAULT "false", 
 ...

authType "linked"

Note: Only Administrators can create linked users and linked users cannot be Administrators.

...
	"parent" : {
		"id" : <number> DEFAULT "-1"
	}
...

Session user's role can manage group relationships or Session user role "1" (Administrator)

...
	"managedUsersGroups" : [
		{
			"id" : <number>
		}...
	],
	"managedObjectsGroups" : [
		{
			"id" : <number>
		}...
	]
...

Session user role "1" (Administrator)

...
	"orgID" : <number> DEFAULT "0" (adding another admin),
...

Session user role not "1" (Administrator)

...
	"groupID" : <number> (required to be a valid group ID whose users you can manage),
	"responsibleAssetID" : "-1" (NOT SET) | "0" (ALL ASSETS ACCESS) | <number> (number is required to be the id of a valid, usable, accessible asset) 
...

roleID not "1" (Administrator)

WARNING: The parameters in this section have been DEPRECATED as of Tenable.sc 5.11.0. Relying on their usage is highly discouraged. See /group::POST (createDefaultObjects parameter).

...
	"importReports" : <string> "false" | "true" DEFAULT <Target Group's createDefaultObjects setting> ,
	"importDashboards" : <string> "false" | "true" DEFAULT <Target Group's createDefaultObjects setting>,
	"importARCs" : <string> "false" | "true" DEFAULT <Target Group's createDefaultObjects setting>,

	"importDashboards" is "true"
	----------------------------
	"dashboardTemplate" : <string> (File path to template) DEFAULT <Default filepath>,

	"importARCs" is "true"
	----------------------
	"arcTemplate" : <string> (File path to template) DEFAULT <Default filepath>,
...
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1",
		"status" : "0",
		"username" : "head",
		"ldapUsername" : "",
		"firstname" : "",
		"lastname" : "",
		"title" : "",
		"email" : "",
		"address" : "",
		"city" : "",
		"state" : "",
		"country" : "",
		"phone" : "",
		"fax" : "",
		"createdTime" : "1433519288",
		"modifiedTime" : "1453477493",
		"lastLogin" : "1454349916",
		"lastLoginIP" : "172.20.0.0",
		"mustChangePassword" : "false",
        "passwordExpires": "true",
        "passwordExpiration": "90",
        "passwordExpirationOverride": "false",
        "passwordSetDate": "1433519288",
	    "locked" : "false",
		"failedLogins" : "0",
		"authType" : "tns",
		"fingerprint" : null,
		"password" : "SET",
		"managedUsersGroups" : [
			{
				"id" : "-1",
				"name" : "All Groups",
				"description" : "All Groups"
			}
		],
		"managedObjectsGroups" : [
			{
				"id" : "-1",
				"name" : "All Groups",
				"description" : "All Groups"
			}
		],
		"preferences" : [
			{
				"name" : "timezone",
				"value" : "America/Nome",
				"tag" : "system"
			}
		],
		"canUse" : true,
		"canManage" : true,
		"role" : {
			"id" : "2",
			"name" : "Security Manager",
			"description" : "The Security Manager role has full access to all actions at the organization level. A Security Manager has the ability to create new groups and manage existing ones. A Security Manager can also define how users interact with other groups.\n\nThe ability to manage other users and their objects can be configured using group permissions on the Access tab of User add/edit. This includes viewing and stopping running scans and reports."
		},
		"responsibleAsset" : {
			"id" : "19",
			"name" : "Windows Hosts",
			"description" : "The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with Tenable.sc.",
			"uuid" : "2DF066B8-F310-44BB-B6BE-BC6D5BDEE0AB"
		},
		"group" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"ldap" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"parent" : {
			"user" {
				"id" : "0",
				"username" : "admin",
				"firstname" : "Jane",
				"lastname" : "Doe",
				"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
			}
			"organization" : {
				"id" : "0",
				"name" : "Tenable.sc Administration",
				"description" : "",
				"uuid" : "FF00F4D0-5B9F-4A26-998C-19430295284A"
			}
		},
		"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350250
}

/user/{id}

/user/{uuid}

Methods
GET

Gets the User associated with {id} or {uuid}. Depending on your role, this resource will return the following:

  • An Administrator (by default if the session user has the Administrator Role) or a SecurityManager (if the session user is an Administrator and the optional field orgID is provided) in the provided organization.
  • A User within the Organization's context if the session user is not an Administrator, depending on access and permissions.
Fields Parameter

The fields not under * or ** can be used only by users with enough permissions which includes:

  • Admin role
  • Security Manager
  • Users with 'Manage Users' enabled for any Group [ The fields will however be visible only for the users of the groups they can manage ]
  • Logged in user can use these fields to view details for self only.
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
*uuid
**username
**firstname
**lastname
**status
**email
**role
title
address
city
state
country
phone
fax
createdTime
modifiedTime
lastLogin
lastLoginIP
mustChangePassword
passwordExpires
passwordExpiration
passwordExpirationOverride
passwordSetDate
locked
failedLogins
authType
fingerprint
password
apiKeys
**canUse
**canManage
managedUsersGroups
managedObjectsGroups
preferences
ldapUsername
ldap

linkedUsers
parent
linkedUserRole

Session user is not role "1" (Administrator)

responsibleAsset
**group

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request User Parameters
Expand

Session user is an Administrator

To see a list of all SecurityManagers the orgID parameter should be specified along the query string, and it takes the syntax

    ?orgID=<number>

Session user is not an Administrator

None

Example Response
Administrator
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1",
		"status" : "0",
		"username" : "admin",
		"ldapUsername" : "",
		"firstname" : "Admin",
		"lastname" : "User",
		"title" : "Application Administrator",
		"email" : "",
		"address" : "",
		"city" : "",
		"state" : "",
		"country" : "",
		"phone" : "",
		"fax" : "",
		"createdTime" : "1432921843",
		"modifiedTime" : "1453473716",
		"lastLogin" : "1454350174",
		"lastLoginIP" : "172.20.0.0",
		"mustChangePassword" : "false",
        "passwordExpires": "true",
        "passwordExpiration": "90",
        "passwordExpirationOverride": "false",
        "passwordSetDate": "1432921843",
		"locked" : "false",
		"failedLogins" : "0",
		"authType" : "tns",
		"fingerprint" : null,
		"password" : "SET",
		"managedUsersGroups" : [],
		"managedObjectsGroups" : [],
		"preferences" : [
			{
				"name" : "timezone",
				"value" : "America/New_York",
				"tag" : ""
			}
		],
		"apiKeys" : [],
		"canUse" : true,
		"canManage" : true,
		"role" : {
			"id" : "1",
			"name" : "Administrator",
			"description" : "Role defining an administrator of the application"
		},
		"group" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"ldapUsername" : "",
		"ldap" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		linkedUsers : [
			{
				"user" {
					"id" : "2",
					"username" : "head",
					"firstname" : "John",
					"lastname" : "Doe",
					"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
				},
				"organization" : {
					"id" : "1",
					"name" : "Org1",
					"description" : "",
					"uuid" : "C61339EA-680C-4946-8181-8A4A8C0EF05A"
				}
			}
		],
	 	"linkedUserRole" : {
      		"id" : "11",
      		"name" : "SM-Linked",
      		"description" : "Role description"
    	},
		"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350376
}
Organization User (Security Manager or User with ManageUser permission of any group)

NOTE: The parent object is only returned when viewing an Organization User as an Administrator.

Expand
{
	"type" : "regular",
	"response" : {
		"id" : "2",
		"status" : "0",
		"username" : "head",
		"ldapUsername" : "",
		"firstname" : "",
		"lastname" : "",
		"title" : "",
		"email" : "",
		"address" : "",
		"city" : "",
		"state" : "",
		"country" : "",
		"phone" : "",
		"fax" : "",
		"createdTime" : "1433519288",
		"modifiedTime" : "1453477493",
		"lastLogin" : "1454349916",
		"lastLoginIP" : "172.20.0.0",
		"mustChangePassword" : "false",
        "passwordExpires": "true",
        "passwordExpiration": "90",
        "passwordExpirationOverride": "false",
        "passwordSetDate": "1433519288",    
		"locked" : "false",
		"failedLogins" : "0",
		"authType" : "tns",
		"fingerprint" : null,
		"password" : "SET",
		"managedUsersGroups" : [
			{
				"id" : "-1",
				"name" : "All Groups",
				"description" : "All Groups"
			}
		],
		"managedObjectsGroups" : [
			{
				"id" : "-1",
				"name" : "All Groups",
				"description" : "All Groups"
			}
		],
		"preferences" : [
			{
				"name" : "timezone",
				"value" : "America/Nome",
				"tag" : "system"
			}
		],
		"apiKeys" : [],
		"canUse" : true,
		"canManage" : true,
		"role" : {
			"id" : "2",
			"name" : "Security Manager",
			"description" : "The Security Manager role has full access to all actions at the organization level. A Security Manager has the ability to create new groups and manage existing ones. A Security Manager can also define how users interact with other groups.\n\nThe ability to manage other users and their objects can be configured using group permissions on the Access tab of User add/edit. This includes viewing and stopping running scans and reports."
		},
		"responsibleAsset" : {
			"id" : "19",
			"name" : "Windows Hosts",
			"description" : "The operating system detected has Windows installed.\n\nThis will be helpful for those getting started with Tenable.sc.",
			"uuid" : "2DF066B8-F310-44BB-B6BE-BC6D5BDEE0AB"
		},
		"group" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"ldapUserName" : "",
		"ldap" : {
			"id" : -1,
			"name" : "",
			"description" : ""
		},
		"parent" : {
			"user" : {
				"id" : "0",
				"username" : "admin",
				"firstname" : "Jane",
				"lastname" : "Doe",
				"uuid" : "C61339EA-680C-4946-8181-8A4A8C0EF05A"
			},
			"organization" : {
				"id" : "0",
				"name" : "Tenable.sc Administration",
				"description" : "",
				"uuid" : "FF00F4D0-5B9F-4A26-998C-19430295284A"
			}
		},
	 	"linkedUserRole" : {
      		"id" : "11",
      		"name" : "SM-Linked",
      		"description" : "Role description"
    	},
		"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350250
}
Organization User (without ManageUsers in any Group permissions)
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "2",
		"username" : "User 2",
		"firstname" : "",
		"lastname" : "",
		"status" : 0,
		"email" : "",
		"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350178
}
Any User (fetching details of self)
Expand
{
	"type" : "regular",
	"response" : {	
		"id" : "3",
		"status" : "0",
		"username" : "self",
		"ldapUsername" : "",
		"firstname" : "Organization",
		"lastname" : "Self",
		"title" : "",
		"email" : "",
		"address" : "",
		"city" : "",
		"state" : "",
		"country" : "",
		"phone" : "",
		"fax" : "",
		"createdTime" : "1432921843",
		"modifiedTime" : "1453473716",
        "managedUsersGroups" : [
        ],
        "managedObjectsGroups" : [
            {
                "id": "-1",
                "name": "All Groups",
                "description": "All Groups"
            }
        ],
		"lastLogin" : "1454350174",
		"lastLoginIP" : "172.20.0.0",
		"mustChangePassword" : "false",
 		"passwordExpires": "true",
		"passwordExpiration": "90",
		"passwordExpirationOverride": "false",
		"passwordSetDate": "1432921843", 
		"locked" : "false",
		"failedLogins" : "0",
		"authType" : "tns",
		"fingerprint" : null,
		"password" : "SET",
		"preferences" : [
			{
				"name" : "timezone",
				"value" : "America/New_York",
				"tag" : ""
			}
		],
		"apiKeys" : [],
		"canUse" : true,
		"canManage" : true,
		"role" : {
			"id" : "2",
			"name" : "Any role",
			"description" : "Any role with any permission."
		},
		"ldap" : {
			"id" : "-1",
			"name" : "",
			"description" : ""
		},
        "responsibleAsset" : {
            "id": -1,
            "name": "",
            "description": ""
        },
        "group": {
            "id": "0",
            "name": "Restricted group",
            "description": "Some group with restricted permissions"
        },
		"uuid" : "18C16668-F942-407D-B7E0-4EEB8523F429"
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1454350178
}

PATCH

Edits the User associated with {id} or (uuid), changing only the passed in fields. Depending on your role, this resource allow you to edit the following:

  • An Administrator (by default if the session user has the Administrator Role) or a SecurityManager (if the session user is an Administrator and the optional field orgID is provided) in the provided organization.
  • A User within the Organization's context if the session user is not an Administrator, depending on access and permissions.

You cannot edit the current user using this endpoint.

If you are locking an Administrator, and that Administrator has linked users (organization users whose authType = "linked" and whose parent matches the Administrator being locked), those linked users are locked as well.

Only Administrators can edit linked users (organization users whose authType = "linked"), and the following fields cannot be edited:  roleID, groupID, authType , parent, password, mustChangePassword.

The passwordExpirationOverride parameter does not apply to Administrator users. 

Request Parameters

If the 'password' is included in the PATCH parameters, a valid 'currentPassword' is required in the same request payload.  Otherwise all other parameters are optional and identical to /user::POST


Expand
{
	"password" : <string> "NEW_PASSWORD",
	"currentPassword" : <string> "OLD_PASSWORD"
}
Example Response
See /user/{id}::GET

DELETE

Deletes the User associated with {id} or {uuid}, depending on access and permissions. Depending on your role, this resource allows you to delete the following:

  • An Administrator (by default if the session user has the Administrator Role) or a SecurityManager (if the session user is an Administrator and the optional field orgID is provided) in the provided organization.
  • A User within the Organization's context if the session user is not an Administrator, depending on access and permissions.

The objects owned by the user being deleted can be migrated to another user by passing in the optional migrateUserID parameter. Depending on your role, this resource allows you to migrate based on the following conditions:

  • If the session user has the Administrator Role, the Migrate User must be an Organization Security Manager in the Full Access Group and in the same Organization as the user being deleted.
  • If the session user does not have the Administrator Role, you must be able to manage the objects of the Migrate User's group.

If an Administrator has linked users (organization users whose authType = "linked" and whose parent is the Administrator being deleted), that Administrator cannot be deleted without deleting the linked users first.  Additionally, linked users can only be deleted by an Administrator.

Request Parameters
Expand

Session user is an Administrator

{
	"orgID" : <number> (org ID) OR "orgUUID" : <string> (org UUID) OPTIONAL,
	"migrateUserID": <number> (user ID) OR "migrateUserUUID" : <string> (user UUID) OPTIONAL
}

Session user is not an Administrator

{
	"migrateUserID": <number> (user ID) OR "migrateUserUUID" : <string> (user UUID) OPTIONAL
}
Example Response
Expand
{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1402436001
}