POST /staged_config/access/users/{id}

Update a staged user.

Update a staged user. Parts of the staged configuration is not active until a deploy is performed. Must have ADMIN or ADMINMANAGER capability to call this endpoint. Users or authorized services without the ADMINMANAGER capability can only update staged users with a user role that does not contain the ADMIN capability. Users or authorized services with the ADMINMANAGER capability can update staged users with any user role. No user can update user_role_id, security_profile_ID, tenant_id or allow_system_authentication_fallback for their own staged user.

Table 1. POST /staged_config/access/users/{id} resource details
MIME Type
application/json

Table 2. POST /staged_config/access/users/{id} request parameter details
Parameter	Type	Optionality	Data Type	MIME Type	Description
id	path	Required	Number (Integer)	text/plain	The ID of the staged user to update.
fields	header	Optional	String	text/plain	Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. POST /staged_config/access/users/{id} request body details
Parameter	Data Type	MIME Type	Description	Sample
body	Object	application/json	Only user_role_id, security_profile_id, tenant_id, description, email, locale_id, enable_popup_notifications, allow_system_authentication_fallback, inactivity_timeout, old_password and password fields on the staged user are modifiable. All other fields in the body are ignored. The user_role_id, security_profile_id, tenant_id and description fields are staged fields. They are only updated on the staged user and are not active until a deploy is performed. All other fields take effect immediately and a deploy is not required. description - String - The description of the staged user. Cannot contain more than 2048 characters. user_role_id - Long - The ID of the staged user role assigned to this staged user. User roles are accessible through the /api/staged_config/access/user_roles APIs. security_profile_id - Long - The ID of the security profile assigned to this staged user. Security profiles are accessible through the /api/staged_config/access/security_profiles APIs. tenant_id - Long - The ID of the tenant assigned to this staged user. Tenants are accessible through the /config/access/tenant_management/tenants APIs. email - String - The email address of the user. locale_id - String - The locale of the user. If this locale is set, this locale is always used for requests as the user. If this locale is not set, the locale provided in each HTTP request is used for requests as the user. If this locale is not set and no locale is in the request, QRadar falls back to the en_US locale for requests as the user. The list of valid locales are accessible through the /system/information/locales API. enable_popup_notifications - Boolean - Indicates if popup system notifications are enabled for this user. old_password - String - The current password for the user. Required when a user is changing the password for their own user. Must not be set when changing the password of a user that is not the caller's own user. password - String - The new password for the user. If set, it must pass the password policy. Can only be set if QRadar is configured using system authentication or the user has the ADMIN capability. allow_system_authentication_fallback - Boolean - Allow system authentication fallback for this user when external authentication is configured. Has no effect if system authentication is configured. inactivity_timeout - Long - The inactivity timeout (in milliseconds), truncated to minutes. Set to 0 if a user should not be logged out after being inactive.	{ "allow_system_authentication_fallback": true, "description": "String", "email": "String", "enable_popup_notifications": true, "id": 42, "inactivity_timeout": 42, "locale_id": "String", "old_password": "String", "password": "String", "password_creation_time": 42, "security_profile_id": 42, "tenant_id": 42, "user_role_id": 42, "username": "String" }

Table 4. POST /staged_config/access/users/{id} response codes
HTTP Response Code	Unique Code	Description
200		The staged user was updated.
403	38303002	Users are forbidden to update their own user_role_id, security_profile_id, tenant_id, inactivity_timeout or allow_system_authentication_fallback.
403	38303004	ADMINMANAGER capability required to update a staged user with a user role that contains the ADMIN capability.
403	38303005	ADMINMANAGER capability required to assign a user role that contains the ADMIN capability to a staged user.
404	38303001	The staged user does not exist.
409	38303021	Cannot set allow_system_authentication_fallback to true when system authentication fallback is globally disabled.
422	38303013	old_password must be set when changing the caller's password.
422	38303014	old_password must not be set when changing a user password that is not the caller's user.
422	38303015	old_password does not match the user's password.
422	38303016	email field cannot contain more than 255 characters.
422	38303017	email field must contain exactly one @ symbol, with at least one character before and after the @ symbol, and no whitespace characters.
422	38303018	locale_id is not a valid locale.
422	38303003	No user role found for the provided user_role_id.
422	38303006	No tenant found for the provided tenant_id.
422	38303007	tenant_id must be null when updating a staged user with a user role that contains the ADMIN capability.
422	38303008	No security profile found for the provided security_profile_id.
422	38303012	security_profile_id must be set to the "Admin" security profile when updating a staged user with the ADMIN capability.
422	38303009	Security profile must contain at least one domain that isn't deleted when staged user is assigned a tenant_id.
422	38303010	Security profile must only contain domains with the same tenant_id as the tenant_id assigned the staged user when staged user is assigned a tenant_id.
422	38303011	Description must contain no more than 2048 characters.
422	38303019	password field cannot be set when allow_system_authentication_fallback is false and system authentication is not configured.
422	38303020	password does not adhere to the password policy.

Response Description

The updated staged user structure.

id - Long - The ID of the user. The ID of the staged user and the ID of the same deployed user are the same. This field is read only.
username - String - The username of the user. This field is read only.
email - String - The email of the user.
description - String - The description of the user. This field is only modifiable in the staged configuration.
user_role_id - Long - The user_role_id of the user. This field is only modifiable in the staged configuration. Access staged user roles using /api/staged_config/user_roles API, and deployed user roles under /api/confg/user_roles API.
security_profile_id - Long - The security_profile_id of the user. This field is only modifiable in the staged configuration. Access staged security profiles using /api/staged_config/security_profiles API, and deployed user roles under /api/config/security_profiles API.
locale_id - String - The locale_id of the user. Access locales using /system/information/locales API.
enable_popup_notifications - Boolean - Indicates if popup system notifications are enabled for this user.
old_password - String - This field will always be null when returned in a response. Required to be set to the current password when a user is changing their own system password. This field is not required to be set when the user currently does not have a system password and they are setting it for the first time.
password - String - This field will always be null when returned in a response. Set to the new password when a user is changing their own system password.
password_creation_time - Long - The time in milliseconds since epoch when the current password was created. Combined with the password_expiry_interval from the /system/authorization/password_policies API to calculate when the password expires.
tenant_id - Long - The tenant_id of the current user. This field is only modifiable in the staged configuration. Access tenants using /config/access/tenant_management/tenants API.
allow_system_authentication_fallback - Boolean - Allow system authentication fallback for this user when external authentication is configured. Has no effect if system authentication is configured.
inactivity_timeout - Long - The inactivity timeout (in milliseconds), truncated to minutes. Set to 0 if a user should not be logged out after being inactive.

Response Sample


{
    "allow_system_authentication_fallback": true,
    "description": "String",
    "email": "String",
    "enable_popup_notifications": true,
    "id": 42,
    "inactivity_timeout": 42,
    "locale_id": "String",
    "old_password": "String",
    "password": "String",
    "password_creation_time": 42,
    "security_profile_id": 42,
    "tenant_id": 42,
    "user_role_id": 42,
    "username": "String"
}