POST /config/access/users/{id}

Update a deployed user.

Update a deployed user. The deployed configuration is the active configuration. This endpoint is used to update user preferences. Changes to user preferences are not staged and take effect immediately. To modify all other settings see the POST /api/staged_config/users/{user_id} endpoint. This endpoint is available to be called by every user or authorized service. Users or authorized services with the ADMINMANAGER can update any deployed user. Users or authorized service with the ADMIN or SAASADMIN capability can update any deployed user with a user role that does not contain the ADMIN capability. If called by anyone else, only the deployed user for the calling user can be updated. ADMIN capability is required to update allow_system_authentication_fallback field. No user can update the allow_system_authentication_fallback for their own user.

Table 1. POST /config/access/users/{id} resource details
MIME Type

application/json

Table 2. POST /config/access/users/{id} request parameter details
Parameter Type Optionality Data Type MIME Type Description

id

path

Required

Number (Integer)

text/plain

The ID of the deployed user to update.

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. POST /config/access/users/{id} request body details
Parameter Data Type MIME Type Description Sample

body

Object

application/json

The updated deployed user. Only email, locale_id, enable_popup_notifications, allow_system_authentication_fallback, inactivity_timeout, old_password and password fields on the deployed user are modifiable. All other fields are ignored.
  • email - String - The email address of the user.
  • locale_id - String - The locale of the user. If this locale is set, this locale is always used for requests as the user. If this locale is not set, the locale provided in each HTTP request is used for requests as the user. If this locale is not set and no locale is in the request, QRadar falls back to the en_US locale for requests as the user. The list of valid locales are accessible through the /system/information/locales API.
  • enable_popup_notifications - Boolean - Indicates if popup system notifications are enabled for this user.
  • old_password - String - The current password for the user. Required when a user is changing the password for their own user. Must not be set when changing the password of a user that is not the caller's own user.
  • password - String - The new password for the user. If set, it must pass the password policy. Can only be set if QRadar is configured using system authentication or the user has the ADMIN capability.
  • allow_system_authentication_fallback - Boolean - Allow system authentication fallback for this user when external authentication is configured. Has no effect if system authentication is configured.
  • local_only_account - Boolean - Forces local authentication for this user when external authentication is configured. Has no effect if system authentication is configured.
  • inactivity_timeout - Long - The inactivity timeout (in milliseconds), truncated to minutes. Set to 0 if a user should not be logged out after being inactive.

{ "allow_system_authentication_fallback": true, "description": "String", "email": "String", "enable_popup_notifications": true, "id": 42, "inactivity_timeout": 42, "local_only_account": true, "locale_id": "String", "old_password": "String", "password": "String", "password_creation_time": 42, "security_profile_id": 42, "tenant_id": 42, "user_role_id": 42, "username": "String" }

Table 4. POST /config/access/users/{id} response codes
HTTP Response Code Unique Code Description

200

The deployed user was updated.

403

38311002

ADMINMANAGER capability required to update a deployed user with a user role that contains the ADMIN capability.

403

38311012

Users are forbidden to update their own inactivity_timeout or allow_system_authentication_fallback.

403

38311011

ADMIN capability required to update allow_system_authentication_fallback field.

403

38311015

MNGELOCALONLY capability required to update local_only_account field.

403

38311016

Authorized services can only set local_only_account to false.

403

38311014

ADMIN capability required to update inactivity_timeout field. *

404

38311001

The deployed user does not exist.

409

38311013

Cannot set allow_system_authentication_fallback to true when system authentication fallback is globally disabled.

422

38311003

email field cannot contain more than 255 characters.

422

38311004

email field must contain exactly one @ symbol, with at least one character before and after the @ symbol, and no whitespace characters.

422

38311005

Provided locale_id must contain a valid locale.

422

38311006

old_password must be set when changing the caller's password.

422

38311007

old_password must not be set when changing a user password that is not the caller's user.

422

38311008

old_password does not match the user's password.

422

38311009

password field cannot be set when allow_system_authentication_fallback and local_only_account are false and system authentication is not configured.

422

38311010

password does not match the password policy.

Response Description

The updated deployed user structure.
  • id - Long - The ID of the user. The ID of the staged user and the ID of the same deployed user are the same. This field is read only.
  • username - String - The username of the user. This field is read only.
  • email - String - The email of the user.
  • description - String - The description of the user. This field is only modifiable in the staged configuration.
  • user_role_id - Long - The user_role_id of the user. This field is only modifiable in the staged configuration. Access staged user roles using /api/staged_config/user_roles API, and deployed user roles under /api/confg/user_roles API.
  • security_profile_id - Long - The security_profile_id of the user. This field is only modifiable in the staged configuration. Access staged security profiles using /api/staged_config/security_profiles API, and deployed user roles under /api/config/security_profiles API.
  • locale_id - String - The locale_id of the user. Access locales using /system/information/locales API.
  • enable_popup_notifications - Boolean - Indicates if popup system notifications are enabled for this user.
  • old_password - String - This field will always be null when returned in a response. Required to be set to the current password when a user is changing their own system password. This field is not required to be set when the user currently does not have a system password and they are setting it for the first time.
  • password - String - This field will always be null when returned in a response. Set to the new password when a user is changing their own system password.
  • password_creation_time - Long - The time in milliseconds since epoch when the current password was created. Combined with the password_expiry_interval from the /system/authorization/password_policies API to calculate when the password expires.
  • tenant_id - Long - The tenant_id of the current user. This field is only modifiable in the staged configuration. Access tenants using /config/access/tenant_management/tenants API.
  • allow_system_authentication_fallback - Boolean - Allow system authentication fallback for this user when external authentication is configured. Has no effect if system authentication is configured.
  • local_only_account - Boolean - Forces local authentication for this user when external authentication is configured. Has no effect if system authentication is configured.
  • inactivity_timeout - Long - The inactivity timeout (in milliseconds), truncated to minutes. Set to 0 if a user should not be logged out after being inactive.

Response Sample


{
    "allow_system_authentication_fallback": true,
    "description": "String",
    "email": "String",
    "enable_popup_notifications": true,
    "id": 42,
    "inactivity_timeout": 42,
    "local_only_account": true,
    "locale_id": "String",
    "old_password": "String",
    "password": "String",
    "password_creation_time": 42,
    "security_profile_id": 42,
    "tenant_id": 42,
    "user_role_id": 42,
    "username": "String"
}