REST API  4.0.0
REST API for SafeNet Network HSMs
Partition Role Actions

Partition Role Actions

Object
    roles: Object
    type:  array
        items: Object
            id: Object
                type:  string
                description:  id is an internal reference for the role action.  
                              Use this identifier to complete the action with a POST.
                              Valid actions are:
                                 reset - return the password for the role to the factory default or
                                         to a specified value or resets the contents of the black
                                         PED token.  Note that the reset action applies
                                         to both password- and PED-based partitions. In the case of
                                         a PED-based partition, if it has a challenge, an administrator
                                         can reset the challenge by providing the PIN.  Otherwise, for
                                         a PED-based partition, an administrator can reset the secret
                                         on the black PED token by providing no password.
                                         See "Applied Example" below for a password-based partition.
                                 createChallenge - create a challenge for the partition role.
                                 deactivate - decache the partition PED key data.


           url: string (see POST /api/lunasa/hsms/{hsmid}/partitions/{partitionid}/roles/{roleid}/actions/{actionid})

Applied Example

CO role is locked out.

GET /api/lunasa/hsms/150607/partitions/350659181751/roles/co

{}

==> OK. SERVER RESPONSE (200):

{"loginAttemptsLeft": 0, "name": "Crypto Officer", "lockedOut": true, "activated": false,
                                                    ----------------
 "challengeToBeChanged": false, "initialized": true, "pinToBeChanged": false, "id": "co"}

Login as Security Officer and perform the reset password action.

POST /api/lunasa/hsms/150607/partitions/350659181751/roles/co/actions/reset

{"password": "password"}

==> OK. SERVER RESPONSE (204):

{}

Get information on the CO role to verify that the role is no longer locked out.

GET /api/lunasa/hsms/150607/partitions/350659181751/roles/co

{}

==> OK. SERVER RESPONSE (200):

{"loginAttemptsLeft": 10, "name": "Crypto Officer", "lockedOut": false, "activated": false, 
                                                     -----------------
"challengeToBeChanged": false, "initialized": true, "pinToBeChanged": false, "id": "co"}