User Attribute Change
Update attribute values for one or more users, outside of the normal collection cycle.
POST https://instance.securid.com/aveksa/command.submit?cmd=userAttributeChange
Updated values are overwritten on the next collection. Use this command to push attribute updates that cannot wait for the next scheduled collection.
Request
Parameters
| userAttributeChange | |
| format | xml - (Default) Returns the response as XML.json - Returns the response as JSON. |
| token | Deprecated. Use the Authorization request header instead. |
Headers
Bearer token | |
| application/xml |
Body
The request body is an XML document with a <userchanges> root element containing one or more <userchange> elements.
<userchanges>
<userchange>
<id>userId</id>
<attribute>
<name>attributeName</name>
<value>attributeValue</value>
</attribute>
<attribute>
<name>anotherAttribute</name>
<value>anotherValue</value>
</attribute>
</userchange>
<userchange>
<id>anotherUserId</id>
<attribute>
<name>attributeName</name>
<value>attributeValue</value>
</attribute>
</userchange>
</userchanges>
Body Elements
userchanges | Root element. Contains one or more userchange elements. |
userchange | Describes the attribute updates for one user. Contains one id element and one or more attribute elements. |
id | The user identifier. Matches the value of the UNIQUE_ID column by default. The configured id-attribute for the web service determines which column is used. This is typically the user's login ID. |
attribute | Describes a single attribute update. Must contain a name element and a value element. |
name | The attribute identifier. Must be either the database column ID of the attribute, or the external name mapped to that column in aveksa-plug-ins.xml. Valid attribute names are environment-specific and depend on the RSA Governance & Lifecycle configuration on your server. |
value | The new value to set for the attribute. |
The <name> element must match either the internal database column ID or an external name defined in the aveksa-plug-ins.xml configuration file on your RSA Governance & Lifecycle server. Contact your system administrator for the list of valid attribute names.
Response
Returns HTTP 200 with an empty body on success. No output properties are returned.
Examples
Request
- Curl
- Python
- Node.js
curl -K -X POST \
"https://instance.securid.com/aveksa/command.submit?cmd=userAttributeChange" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/xml" \
-d '<userchanges>
<userchange>
<id>jsmith</id>
<attribute>
<name>department</name>
<value>Engineering</value>
</attribute>
<attribute>
<name>title</name>
<value>Senior Engineer</value>
</attribute>
</userchange>
</userchanges>'
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "userAttributeChange"
}
headers = {
'Authorization': 'Bearer <token>',
'Content-Type': 'application/xml'
}
body = """<userchanges>
<userchange>
<id>jsmith</id>
<attribute>
<name>department</name>
<value>Engineering</value>
</attribute>
<attribute>
<name>title</name>
<value>Senior Engineer</value>
</attribute>
</userchange>
</userchanges>"""
response = requests.post(url, params=params, headers=headers, data=body)
if response.status_code == 200:
print("Attributes updated successfully")
else:
print(f"Request failed with status code {response.status_code}")
print(response.text)
const axios = require('axios');
const url = "https://instance.securid.com/aveksa/command.submit";
const params = {
cmd: "userAttributeChange"
};
const headers = {
'Authorization': 'Bearer <token>',
'Content-Type': 'application/xml'
};
const body = `<userchanges>
<userchange>
<id>jsmith</id>
<attribute>
<name>department</name>
<value>Engineering</value>
</attribute>
<attribute>
<name>title</name>
<value>Senior Engineer</value>
</attribute>
</userchange>
</userchanges>`;
axios.post(url, body, { params, headers })
.then(response => {
if (response.status === 200) {
console.log("Attributes updated successfully");
}
})
.catch(error => {
if (error.response) {
console.error(`Error ${error.response.status}:`, error.response.data);
} else {
console.error('Error:', error.message);
}
});
Multiple users in one request
<userchanges>
<userchange>
<id>jsmith</id>
<attribute>
<name>department</name>
<value>Engineering</value>
</attribute>
</userchange>
<userchange>
<id>jdoe</id>
<attribute>
<name>department</name>
<value>Finance</value>
</attribute>
</userchange>
</userchanges>
Response
- 200
- 401 Invalid Token
- 401 No Token
- 400 No Attribute
- 400 No Name
- 400 Invalid Attribute
- 400 Wrong Root
- 500 No Body
Returns HTTP 200 with an empty body. Attribute names are environment-specific and must match the server configuration.
(empty body)
<html>
<head>
<title>Error</title>
</head>
<body>The token is not valid for the command 'userAttributeChange'. Token is invalid or expired</body>
</html>
<html>
<head>
<title>Error</title>
</head>
<body>The token is required for the command 'userAttributeChange'</body>
</html>
Returned when a <userchange> element contains no <attribute> element:
<html>
<head>
<title>Error</title>
</head>
<body>no 'attribute' element in 'userchange' element
Query String=cmd=userAttributeChange</body>
</html>
Returned when an <attribute> element contains no <name> element:
<html>
<head>
<title>Error</title>
</head>
<body>no 'name' element in 'attribute' element
Query String=cmd=userAttributeChange</body>
</html>
Returned when the attribute name is not recognized. The valid attribute names depend on your RSA Governance & Lifecycle configuration:
<html>
<head>
<title>Error</title>
</head>
<body>invalid attribute name '<name>'
Query String=cmd=userAttributeChange</body>
</html>
Returned when the request body has a different root element than <userchanges>:
<html>
<head>
<title>Error</title>
</head>
<body>The root element is not 'userchanges'
Query String=cmd=userAttributeChange</body>
</html>
Returned when the request body is empty:
<html>
<head>
<title>Error</title>
</head>
<body>Content is required with a root element 'userchanges'
Query String=cmd=userAttributeChange</body>
</html>