Skip to main content

Role Management APIs V2 (Beta)

icon

Beta

Roles determine the functions that users are able to perform in Sumo Logic. The Role Management API (V2) allows you to configure access on partitions and manage roles from HTTP endpoints.

To manage roles, you must have an administrator role or your role must have been assigned the Manage Users and Roles capability.

Documentation

To get started with Sumo Logic APIs, see API Authentication, Endpoints, and Security.

Our APIs are built with OpenAPI. You can generate client libraries in several languages and explore automated testing.

To access our API documentation, navigate to the appropriate link based on your Sumo deployment. Deployment types differ based on geographic location and account creation date. If unsure, see Which endpoint should I use?

DeploymentDocumentation URL
AUhttps://api.au.sumologic.com/docs/#tag/roleManagementV2
CAhttps://api.ca.sumologic.com/docs/#tag/roleManagementV2
DEhttps://api.de.sumologic.com/docs/#tag/roleManagementV2
EUhttps://api.eu.sumologic.com/docs/#tag/roleManagementV2
FEDhttps://api.fed.sumologic.com/docs/#tag/roleManagementV2
INhttps://api.in.sumologic.com/docs/#tag/roleManagementV2
JPhttps://api.jp.sumologic.com/docs/#tag/roleManagementV2
KRhttps://api.kr.sumologic.com/docs/#tag/roleManagementV2
US1https://api.sumologic.com/docs/#tag/roleManagementV2
US2https://api.us2.sumologic.com/docs/#tag/roleManagementV2

Migrate audit logs queries from Role Management API V1 to V2

If you use role-based audit data filtering, we recommend you migrate the search from V1 to V2 audit logging.

With advanced search filters added, you can obtain more granular information about the selected role. The filterPredicate field in V1 audit logging is replaced with logAnalyticsFilter, auditDataFilter, and securityDataFilter fields in V2. In addition, we have also added selectionType and selectedViews fields to apply for audit data filtering.

Currently, Role Management APIs V2 records both the V1 and V2 log line changes.

note

V2 changes are only applicable for RoleUpdate and RoleCreated events.


JSON-diff-V1-V2

For example, consider you are interested in querying upon audit logs with change in RoleUpdated or RoleCreated events. Now, if you perform this search you will initially see the V1 type of event in the search results. However, to view the results with the V2 event type, you are required to adjust the parameters in the query.

V1 Audit Logging
(_index=sumologic_audit_events)
| json fields=_raw "roleIdentity.roleName" as role_name
| json fields=_raw "eventTime" as eventTime
| json fields=_raw "role.filterPredicate" as create_role
| json fields=_raw "to.filterPredicate" as update_role
| json fields=_raw "operator.email" as actor
| json fields=_raw "eventName" | where eventName matches "RoleCreated" OR eventName="RoleUpdate"
| count by eventTime, eventName, actor, role_name, create_role, update_role
V2 Audit Logging
(_index=sumologic_audit_events)
| json fields=_raw "roleIdentity.roleName" as role_name
| json fields=_raw "eventTime" as eventTime
| json fields=_raw "role.logAnalyticsFilter" as created_log_analytics_filter
| json fields=_raw "role.auditDataFilter" as created_audit_data_filter
| json fields=_raw "to.logAnalyticsFilter" as updated_log_analytics_filter
| json fields=_raw "to.auditDataFilter" as updated_audit_data_filter
| json fields=_raw "operator.email" as actor
| json fields=_raw "eventName" | where eventName matches "RoleCreatedV2" OR eventName="RoleUpdateV2"
| count by eventTime, eventName, actor, role_name, created_log_analytics_filter, created_audit_data_filter, updated_log_analytics_filter, updated_log_analytics_filter
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.