Tetra Chromeleon Agent User Role Fetch Command

The following procedure shows how to have the Tetra Chromeleon Agent programmatically retrieve user and role information from Chromeleon and upload it to the Tetra Data Platform (TDP) by using the User Role Fetch command and the Command Service.

Use Cases

The User Role Fetch command can help you do any of the following:

  1. Auditing and Compliance: Track user role assignments for regulatory compliance
  2. User Management: Monitor user access levels across Chromeleon installations
  3. Security Analysis: Review role assignments to ensure proper access controls
  4. Documentation: Generate up-to-date documentation of user permissions

Prerequisites

To run the User Role Fetch command, you must have the following:

Step 1: Verify That the Agent Can Receive Commands

To allow the Agent to securely receive and run commands from the TDP, do the following:

  1. From the Tetra Chromeleon Agent Management Console, in the left navigation menu, under Menu, choose Configuration.
  2. Verify that the Receive Commands toggle is set to Yes (the default value).

For more information, see Enter TDP Connection Settings in the Tetra Chromeleon Agent Installation Guide.

Step 2: Run the User Role Fetch Command

To run the Tetra Chromeleon Agent User Role Fetch command, do the following:

  1. Create a valid Create Command in your code editor by using the following User Role Fetch Command Example code snippet.
  2. Copy and run the updated command by using a tool that will allow you to run REST API calls, such as curl or Postman.

After the Agent receives the User Role Fetch command, it does the following:

  • Connects to Chromeleon and authenticates using the configured credentials
  • Retrieves all available roles from Chromeleon
  • For each role, it retrieves the list of users assigned to that role
  • Generates a response containing the role-user mappings

For an example response, see the Command Response section.

Command Structure

The User Role Fetch command uses the following structure:

{
  "targetId": "7659ef3a-95e9-4e4c-9742-eaf18e4a8af8",
  "action": "TetraScience.Agent.chromeleon.UserRoleFetch",
  "expiresAt": "2025-12-31T23:58:43.749Z",
  "payload": {}
}

User Role Fetch Command Example

🚧

IMPORTANT

You must enter values for the following variables:

curl --location --request POST 'https://api.tetrascience.com/v1/commands' \
--header 'ts-auth-token: <JWT Token>' \
--header 'x-org-slug: <Your Org Slug>' \
--header 'Content-Type: application/json' \
--data-raw '{
  "targetId": "<Agent ID>",
  "action": "TetraScience.Agent.chromeleon.UserRoleFetch",
  "expiresAt": "2025-12-31T23:58:43.749Z",
  "payload": {}
}'

Request Body Data Fields

FieldDescriptionExample
targetId(Required) The ID of the Tetra Chromeleon Agent that receives the command7659ef3a-95e9-4e4c-9742-eaf18e4a8af8
action(Required) Command name (this field is a constant varible)TetraScience.Agent.chromeleon.UserRoleFetch
expiresAt(Required) Command expiration date in ISO-8601 format2025-12-31T23:58:43.749Z
payload(Required) An empty object for this command, but still requiredFor an example "payload", see the User Role Fetch Command Example.

Command Response

The command response includes a list of all available roles from Chromeleon and the users assigned to each role.

Example Response

[
  {
    "RoleName": "Full Access",
    "Users": ["User1", "User2"]
  },
  {
    "RoleName": "Users",
    "Users": ["User3", "User4"]
  }
]

Response Fields

FieldDescription
RoleNameThe name of the Chromeleon role
UsersArray of usernames assigned to the role

Troubleshooting

The Tetra Chromeleon Agent will send a FAILURE status back to the TDP after it receives a User Role Fetch command under any of the following conditions:

Potential IssueResolution
The command is expired.Update the request body's "expiresAt" value.
Authentication failuresFor ts-auth-token, make sure that you enter a valid service user JWT. For x-org-slug, make sure that you enter a valid organization slug.
Network connectivity issuesVerify that you've configured the Agent's data connection with the TDP correctly. For instructions, see Step 4: Configure the Data Connection in the Tetra Chromeleon Agent Installation Guide (v2.2.x).
Chromeleon User Mode isn't activatedActivate User Mode in your Chromeleon software. For more information, see Enable and configure user management in the Chromeleon documentation.

Limitations

Keep in mind the following limitations when running the User Fetch Role command:

  • The command will only return information about roles and users that exist in Chromeleon at the time the command is executed.
  • Users not assigned to any role will not appear in the response.
  • This command requires Chromeleon User Mode to be activated.