[go: up one dir, main page]
Scribd
Upload
24 views28 pages

Free - Friday - Training - API Tips - and - Tricks

The document provides an overview of the RSA Archer Web Services API, detailing its purpose, classes, methods, and access rights required for various operations. It includes information on how to access the API, requirements for usage, and sample XML for creating records and performing searches. Additionally, it mentions upcoming RSA events and weekly tech huddles for customer support.

Uploaded by

reddyvariapple
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views28 pages

Free - Friday - Training - API Tips - and - Tricks

The document provides an overview of the RSA Archer Web Services API, detailing its purpose, classes, methods, and access rights required for various operations. It includes information on how to access the API, requirements for usage, and sample XML for creating records and performing searches. Additionally, it mentions upcoming RSA events and weekly tech huddles for customer support.

Uploaded by

reddyvariapple
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

RSA Archer

Free Friday Tech Huddle


Ibrahim Hashmi
Technical Support Engineer
January 18, 2012

© Copyright 2011 EMC Corporation. All rights reserved. 1


RSA Archer
Web Services - API
Tips and Tricks

© Copyright 2011 EMC Corporation. All rights reserved. 2


Agenda
• Purpose of RSA Archer Web Services API

• RSA Archer Web Services API Suite

• RSA Archer Web Services - Class and Methods

• Access Rights and System Configuration

• Requirements

• Sample XML

© Copyright 2011 EMC Corporation. All rights reserved. 3


Purpose of RSA Archer Web Services API

• Web Services are an industry-standard way of integrating web-based or Internet


connected applications using open standard protocols, such as XML (Extensible
Markup Language) , SOAP (Simple Object Access Protocol) and HTTP (Hyper Text
Transfer Protocol) POSTs/GETs.

• The RSA Archer Web Services API is a collection of web services that provide a
programmatic interface for interacting with RSA Archer eGRC Platform.

• Each Web Service supports multiple methods that can be used to automate the
exchange of information between RSA Archer eGRC Platform and an external
application.

• RSA Archer Web Services API is a licensable feature.

© Copyright 2011 EMC Corporation. All rights reserved. 4


RSA Archer Web Services API Suite
Each web service in RSA Archer Web Services API Suite is designated a ‘Class’. List of
web services and corresponding classes are:

• Access Control - This class provides programmatic access to the Access Control
feature, such as creating users and managing security parameters.

• Access Role - This class provides programmatic access to options relating to


managing access roles.

• Field - This class allows you to manage and configure the values lists used in the
applications, questionnaires, and sub-forms.

© Copyright 2011 EMC Corporation. All rights reserved. 5


RSA Archer Web Services API Suite
(Continued)
• General - This class allows you to create and terminate Web Services API user
sessions.

• Module - This class provides programmatic access to module information.

• Record - This class allows you to create and manipulate content records in content
applications.

• Search - This class allows programmatic access to the Platform’s search features.

***Note: Starting v5.3 - Technology class has been disabled – feature of this class have
been merged with other classes.***

© Copyright 2011 EMC Corporation. All rights reserved. 6


RSA Archer Web Services API - Class and Methods

• List of available methods for each RSA Archer Web Services (Classes):

– Access Control Class

• AddChildToGroup • DoesUserExist
• AddContactInfo • ForcePasswordChange
• AddUserToGroup • GetContactSubTypes
• AddUserToRole • GetContactTypes
• ChangePassword • GetDomainUserList
• CreateDomainUser • GetDomainUserListCount
• CreateExtendedSecurityParameter • GetDomainUserListPaginated
• CreateGroup • GetGroup
• CreateSecurityParameter • GetGroups
• CreateUser • GetGroupInformation
• CreateUserEx • GetSecurityParameterName
• DeleteContactInfo • GetSecurityParameters
• DeleteGroup • GetTimeZones
• DeleteSecurityParameter • GetUser
• DeleteUser • GetUserContactInfo
• DoesDomainUserExist • GetUserDefaultEMail

© Copyright 2011 EMC Corporation. All rights reserved. 7


RSA Archer Web Services API - Class and Methods
(Continued)

• GetUserList • UpdateDomainUser
• GetUserListCount • UpdateExtendedSecurityParameter
• GetUserListPaginated • UpdateGroup
• LookupDomainUserByFirstName • UpdateSecurityParameter
• LookupDomainUserByLastName • UpdateUser
• LookupDomainUserId • UpdateUserAccountStatus
• LookupEveryoneGroup • UpdateUserEx
• LookupGroup • UpdateUserName
• LookupUserByFirstName • UpdateUserNote
• LookupUserByLastName • UseDaylightSavings
• LookupUserId
• LookupUserName
• RemoveChildFromGroup
• RemoveUserFromGroup
• RemoveUserFromRole
• SetUserDefaultEmail
• UpdateContactInfo

© Copyright 2011 EMC Corporation. All rights reserved. 8


RSA Archer Web Services API - Class and Methods
(Continued)

– Access Role Class – Field Class

• CreateRole • CreateChildValuesListItemWithNumericValue
• DeleteRole • CreateValuesListItemWithNumericValue
• GetRole • CreateValuesListValue
• GetRoleDependencies • CreateValuesListValueChild
• DeleteValuesListValue
• GetRolePagePermissions
• GetFieldIdByGUID
• GetRolePagePermissionsForModule
• GetValueListByParent
• GetRoles
• GetValueListForField
• UpdateRole • GetValuesList
• UpdateRolePagePermissions (Deprecated) • GetValuesListItem
• UpdateRolePagePermissions2 • GetValuesListValue
• GetValuesListValueIdByGUID
• LookupListValue
• UpdateValuesListItemWithNumericValue
• UpdateValuesListNumericValueToNull
• UpdateValuesListValue

© Copyright 2011 EMC Corporation. All rights reserved. 9


RSA Archer Web Services API - Class and Methods
(Continued)

– General Class – Module Class

• CreateDomainUserSession • GetModuleIDByGUID
• CreateDomainUserSessionFromInstance
• CreateUserSession
• CreateUserSessionFromInstance
• TerminateSession

© Copyright 2011 EMC Corporation. All rights reserved. 10


RSA Archer Web Services API - Class and Methods
(Continued)

– Record Class – Search Class

• BindContentToChildLevelContent • CheckSearchStatus
• BindContentToParentLevelContent • CheckSearchStatusByPageSize
• CreateCMSTEntry • ExecuteQuickSearchWithModuleIds
• CreateQuestionnaireRecord • ExecuteQuickSearchWithSolutionId
• CreateRecord • ExecuteSearch
• CreateRecords • ExecuteStatisticSearch
• CreateSubformRecord • GetReports
• DeleteAllRecords • RetrieveSearchResultsPage
• DeleteRecord • RetrieveSearchResultsPageByPageSize
• GetAccessHistory • SearchRecords
• GetChildRecordIds • SearchRecordsByField
• GetParentRecordIds • SearchRecordsByReport
• GetRecordById
• UnbindContentFromChildLevelContent

© Copyright 2011 EMC Corporation. All rights reserved. 11


RSA Archer Web Services API - Class and Methods
(Continued)
– Technology Class

© Copyright 2011 EMC Corporation. All rights reserved. 12


Access Rights and Platform Configuration
• All Web Services API calls require valid user credentials to be submitted before the
calling application gains access. Method names in each web services (class) are
indicative of the access rights required to execute that method.

• Methods that start with the word “Create” require Create rights.

• Methods that start with the following words require “Read” rights:

– Check
– Does
– Get
– Lookup
– Retrieve
– Search

© Copyright 2011 EMC Corporation. All rights reserved. 13


Access Rights and Platform Configuration
(Continued)
• Methods that start with the following words require “Update” permissions:

– Add
– Associate
– Bind
– Change
– Disassociate
– Force
– Set
– Unbind
– Update
– User

© Copyright 2011 EMC Corporation. All rights reserved. 14


Access Rights and Platform Configuration
(Continued)
• Methods that start with the following words require “Delete” permissions:

– Delete
– Remove
– Terminate

• Starting v5.3, Web Services API and RSA Archer eGRC Platform rights are shared. If a
Platform user has “Read” rights to a certain application, that user is now able to use
Web Services API calls that require Read permissions for that application.

• In v5.2 and prior, Web Services API and RSA Archer eGRC Platform rights require
exclusive assignment and are not shared.

© Copyright 2011 EMC Corporation. All rights reserved. 15


Access Rights and Platform Configuration
(Continued)
• Platform configuration with Single Sign-On (SSO) enabled:

– Windows Authentication (SSO) Solution: Internet Information Services (IIS) virtual directory
‘/Archer/WS’ requires to have Anonymous Authentication “enabled” and Windows Authentication
“disabled”.

– Third Party SSO solution i-e Siteminder : Internet Information Services (IIS) virtual directory
‘/Archer/WS’ and its contents require exclusion from URL monitoring. This is to avoid credential
prompts when accessing web services API pages.

© Copyright 2011 EMC Corporation. All rights reserved. 16


Requirements

• How to access RSA Archer Web Services

– via SOAP client - Visual Studio etc.

– via HTTP POSTs and GETs by using a Web Browser - Internet Explorer , Firefox etc.

– XML is the format used for exchanging data between the web services and the client (Development
client and/or external applications)

• What to know while working with RSA Archer Web Services

– Web services server URL: (‘http:’//OR https://)/ServerName/ContextBase/WS

** ServerName = FQDN of Web services server OR Network Load Balancer Name


** ContextBase = Root virtual directory where Archer framework is installed i-e RSAArcher , Archer etc.

© Copyright 2011 EMC Corporation. All rights reserved. 17


Requirements (Continued)

• What to know while working with RSA Archer Web Services (Continued)

– User credentials (with valid Access rights)


– Instance Name (as it exists in Archer Control Panel)

– Module Information - System ID or GUID

© Copyright 2011 EMC Corporation. All rights reserved. 18


Requirements (Continued)
• What to know while working with RSA Archer Web Services (Continued)

– Field Information – System ID or GUID

– Report information System ID or GUID (if working with Reports)

© Copyright 2011 EMC Corporation. All rights reserved. 19


Requirements (Continued)

• What to know while working with RSA Archer Web Services (Continued)

– Obtain GUIDs per module via Archer front end : Administration > Integration > Obtain API References >
Generate API Code > Select an Application and Download.

– Web Service Description Language (WSDL)

• How to download and use it as a service reference in the Code


i-e
(‘http:’//OR https://)/ServerName/ContextBase/WS/<WebSerivce_ClassName>.asmx?wsdl
http://Archer53/RSAarcher/WS/general.asmx?wsdl

• Or Download via Archer front end : Administration > Integration > Obtain API References > Download
WSDL > Select a web services /class name.

© Copyright 2011 EMC Corporation. All rights reserved. 20


Sample XML
• New Record XML String (SOAP)

<?xml version="1.0" encoding="utf-8" ?>


<Record>
<Field id="9403" value="Random text in a text area" />
<Field id="9407" value="123.21" />
<Field id="9412" value="12/31/1999 1:59PM" />
<Field id="9413" value="Search Engine" link="http://www.goggle.com" />
<Field id="9415" value="191.167.0.255" />
<Field id="9429" value="0054:0230:0253:0511:0747:0066:0034:0023" />
<Field id="9420">
<Users>
<User id="221" />
</Users>
</Field>
<Field id="9421">
<Groups>
<Group id="91" />
<Group id="92" />
</Groups>
</Field>
</Record>

© Copyright 2011 EMC Corporation. All rights reserved. 21


Sample XML (Continued)
• Keyword Search XML String (SOAP)

<?xml version="1.0" encoding="utf-8" ?>


<Search>
<Keywords value="Windows" />
<Display>
<Field id="7205" />
<Field id="7226" />
<Field id="7232" />
<Field id="7242" />
</Display>
<KeywordModules>
<Module id="17" />
</KeywordModules>
<PrimarySort id="7205" order="ASC" />
<DisplayFormat value="3" />
</Search>

© Copyright 2011 EMC Corporation. All rights reserved. 22


Demonstration

© Copyright 2011 EMC Corporation. All rights reserved. 23


Q&A

© Copyright 2011 EMC Corporation. All rights reserved. 24


Upcoming RSA Events
• RSA Archer GRC Roadshow – Philadelphia, Jan. 29
– Register Now:
https://community.emc.com/docs/DOC-19114

• RSA Conference 2013 – San Francisco, Feb. 25 –


March 1 @ Moscone Center
Register Now: https://community.emc.com/events/1745
Free Friday Tech Huddle
• Join the ‘customer only’ weekly Free Friday
Tech Huddle live webcasts @ 12 ET
• Customer Support team addresses how to
troubleshoot common issues & utilize new
functionality delivered by the RSA Archer
products
• Join us!
https://community.emc.com/docs/DOC-18975
RSA Archer Public Webcast – every
Thursday
• Jan 24 at 10ET: New BMC Solution and BCM Mobile
• Jan 31 at 2ET: Using FedRAMP to Enable Secure Cloud
Computing
• Feb 7 at 2ET: PCI Compliance
Register on the RSA public website
http://www.emc.com/campaign/global/rsa/rsa-webcast.htm

© Copyright 2011 EMC Corporation. All rights reserved. 27


THANK YOU

© Copyright 2011 EMC Corporation. All rights reserved. 28

You might also like