admin_roles

The following methods allow for interaction with the ZTW Admin Role Management API endpoints.

Methods are accessible via ztw.admin_roles

Copyright (c) 2023, Zscaler Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class AdminRolesAPI

Bases: APIClient

A Client object for the Admin and Role resource.

add_role(name, policy_access='NONE', report_access='NONE', username_access='NONE', dashboard_access='NONE', **kwargs)

Create a new admin role.

Parameters:

  • name (str) – The name of the role.

  • policy_access (str) – The policy access level.

  • report_access (str) – The report access level.

  • username_access (str) – The username access level.

  • dashboard_access (str) – The dashboard access level.

Keyword Arguments:

  • feature_permissions_tuples (List[Tuple[str, str]]) –

    A list of tuple pairs specifying the feature permissions. Each tuple contains the feature name (case-insensitive) and its access level.

    Accepted feature names (case-insensitive) are:

    • APIKEY_MANAGEMENT

    • EDGE_CONNECTOR_CLOUD_PROVISIONING

    • EDGE_CONNECTOR_LOCATION_MANAGEMENT

    • EDGE_CONNECTOR_DASHBOARD

    • EDGE_CONNECTOR_FORWARDING

    • EDGE_CONNECTOR_TEMPLATE

    • REMOTE_ASSISTANCE_MANAGEMENT

    • EDGE_CONNECTOR_ADMIN_MANAGEMENT

    • EDGE_CONNECTOR_NSS_CONFIGURATION

  • alerting_access (str) – The alerting access level.

  • analysis_access (str) – The analysis access level.

  • admin_acct_access (str) – The admin account access level.

  • device_info_access (str) – The device info access level.

Note

For access levels, the accepted values are:

  • NONE

  • READ_ONLY

  • READ_WRITE

Returns:

The newly created role.

Return type:

dict

Examples

Minimum required arguments:

ztw.admin.add_role(name="NewRole")

Including keyword arguments:

ztw.admin.add_role(
    name="AdvancedRole",
    policy_access="READ_ONLY",
    feature_permissions_tuples=[
        ("apikey_management", "read_only"),
        ("EDGE_CONNECTOR_CLOUD_PROVISIONING", "NONE")
    ],
    alerting_access="READ_WRITE"
)
delete_role(role_id)

Delete the specified admin role.

Parameters:

role_id (str) – The ID of the role to delete.

Returns:

The status code of the operation.

Return type:

int

Examples

Delete a role:

ztw.admin.delete_role("123456789")
list_roles(query_params=None)

List all existing admin roles.

Parameters:

{dict} (query_params) –

Optional query parameters.

[query_params.include_auditor_role] {bool}: Include or exclude auditor user information in the list.

[query_params.include_partner_role] {bool}: Include or exclude admin user

information in the list. Default is True.

[query_params.include_api_roles] {bool}: Include or exclude API role

information in the list. Default is True.

[query_params.id] {list}: Include or exclude role ID information in the list.

Returns:

The list of roles.

Return type:

Tuple

Examples

Print all roles:

for role in ztw.admin.list_roles():
    print(role)

Print all roles with additional parameters:

for role in ztw.admin.list_roles(
    include_auditor_role=True,
    include_partner_role=True,
    include_api_roles=True,
):
    print(role)
update_role(role_id, **kwargs)

Update an existing admin role.

Parameters:

role_id (str) – The ID of the role to update.

Keyword Arguments:

  • name (str) – The name of the role.

  • policy_access (str) – The policy access level.

  • report_access (str) – The report access level.

  • username_access (str) – The username access level.

  • dashboard_access (str) – The dashboard access level.

  • feature_permissions (List[Tuple[str, str]]) –

    A list of tuple pairs specifying the feature permissions. Each tuple contains the feature name (case-insensitive) and its access level.

    Accepted feature names (case-insensitive) are:

    • APIKEY_MANAGEMENT

    • EDGE_CONNECTOR_CLOUD_PROVISIONING

    • EDGE_CONNECTOR_LOCATION_MANAGEMENT

    • EDGE_CONNECTOR_DASHBOARD

    • EDGE_CONNECTOR_FORWARDING

    • EDGE_CONNECTOR_TEMPLATE

    • REMOTE_ASSISTANCE_MANAGEMENT

    • EDGE_CONNECTOR_ADMIN_MANAGEMENT

    • EDGE_CONNECTOR_NSS_CONFIGURATION

  • alerting_access (str) – The alerting access level.

  • analysis_access (str) – The analysis access level.

  • admin_acct_access (str) – The admin account access level.

  • device_info_access (str) – The device info access level.

Note

For access levels, the accepted values are:

  • NONE

  • READ_ONLY

  • READ_WRITE

Returns:

The updated role.

Return type:

Tuple

Examples

Update a role:

ztw.admin.update_role(
    role_id="123456789",
    policy_access="READ_ONLY",
    feature_permissions=[
        ("apikey_management", "read_only"),
        ("EDGE_CONNECTOR_CLOUD_PROVISIONING", "NONE")
    ],
    alerting_access="READ_WRITE"
)