Mapping Rule Owners using API

Overview

Use RLM API to import asset owners, rule owners, or both, programmatically. Rule Owners can make certification decisions about the rules for which they are responsible after you define the owners and their assets,

  • Asset owners are responsible for certifying individual objects within a rule.

  • Rule owners are responsible for a rule in its entirety.

For information on mapping Rule Owners to assets and rules in RLM, see Mapping Assets to Rule Owners.

Prerequisites

  • Create users in SecureChange for all Rule Owners in RLM.

    • Each user must have User name and Email attributes.

    • The field, Owner, in the RLM mapping template must be an identical match to the field User name.

    For SecureChange login credentials, contact your TOS Administrator.

  • Use either Google Chrome or Mozilla Firefox internet browser for RLM.

  • Configure all relevant users and workflows in SecureChange.

  • Provide SMTP server information if notifications need to be sent.

  • Ensure a list of owners and their associated assets, if available.

Import Owners using API

You can use API to upload information for owner and assets, rules, or both. Newly imported data will override data that was previously imported.

  • API URL is https://<Server_IP>/apps/public/rlm/api/owners.

  • HTTP method is POST.

  • Authentication method must be OAuth2 (using a Bearer token) and must be done before importing owner data using API. The required fields are as follows:

    Field

    Value
    Grant type Resource Owner Password Credentials
    Username/password Credentials for the API user
    Access Token URL https://<Server_IP>/apps/public/rlm/oauth/token
    Client ID rlm
    Client Secret 123

  • JSON payload must have the following structure. To exclude optional parameters, leave the value empty. They will be considered any/null.

    {
      "owners": [
        {
          "owner": {
            "name": "<OWNER_NAME>"
          },
          "asset": {
            "assets": {
              "name": "<GROUP_NAME>",
              "values": [
                "IP_ASSET",
                "IP_ASSET"
              ]
            },
            "objects": [
              "<OBJECT_NAME>"
            ]
          },
          "match_on": [
            "source",
            "destination"
          ],
          "service": {
            "services": [
              {
                "protocol": "PROTOCOL",
                "min_port": "NUMBER",
                "max_port": "NUMBER"
              }
            ],
            "object_names": [
              "<OBJECT_NAME>"
            ]
          },
          "application": "<TEXT>",
          "description": "<TEXT>",
          "aurora_rule_uids": [
            "RULE UID#1",
            "RULEUID#2"
          ]
        }
      ]
    }