Providing direct access

The following operations show how you can provision a direct-access user with Hybrid Data Pipeline APIs.

• Creating a user account
• Creating new role
• Assigning new role
• Setting permissions on a user account
• Resetting user account password
• Changing user account status
• Deleting a user account

Creating a user account

The following operation creates a user account in tenant 26 with role 86. The administrator must have the Administrator (12) permission, or the CreateUsers (13) permission and administrative access on the tenant.

Request

POST https://MyServer:8443/api/admin/users

Request Payload

{
    "userName": "testuser",
    "tenantId": 26,
    "statusInfo": {
        "status": 1,
        "accountLocked": false
    },
    "passwordInfo": {
        "password": "TempPassword",
        "passwordStatus": 1,
        "passwordExpiration": "2020-01-01 00:00:00"
    },
    "permissions": {
        "roles": [
            86
        ]
    }
}

Response Payload

{
    "id": 31,
    "userName": "testuser",
    "tenantId": 26,
    "statusInfo": {
        "status": 1,
        "accountLocked": false
    },
    "passwordInfo": {
        "password": "TempPassword",
        "passwordStatus": 1,
        "passwordExpiration": "2020-01-01 00:00:00"
    },
    "permissions": {
        "roles": [
            86
        ]
    },
    "authenticationInfo": {
        "authUsers": [
            {
                "authUserName": "testuser",
                "authServiceId": 1
            }
        ]
    }
}

Creating new role

The following operation creates a new role in tenant 26. The administrator must have the Administrator (12) permission; or the administrator must have the CreateRole (17) permission, any permissions specified in the new role, and administrative access on the tenant.

Request

POST https://MyServer:8443/api/admin/roles

Request Payload

{
    "name": "odata_ds_role",
    "tenantId": 26,
    "description": "This role allows users to create and work with OData data sources.",
    "permissions": [
        1,
        2,
        3,
        4,
        7,
        8,
        9,
        10,
        11
    ],
    "users": []
}

Response Payload

{
    "id": 94,
    "name": "odata_ds_role",
    "tenantId": 26,
    "description": "This role allows users to create and work with OData data sources.",
    "permissions": [
        1,
        2,
        3,
        4,
        7,
        8,
        9,
        10,
        11
    ],
    "users": []
}

Assigning new role

The following operation assigns the odata_ds_role to the testuser user account. The user account ID 31 is specified in the URL. The administrator must have the Administrator (12) permission; or the administrator must have the ModifyUsers (15) permission, any permissions specified in the new role, and administrative access on the tenant.

Request

PUT https://MyServer:8443/api/admin/users/31

Request Payload

{
    "userName": "testuser",
    "tenantId": 26,
    "statusInfo": {
        "status": 1,
        "accountLocked": false
    },
    "passwordInfo": {
        "passwordStatus": 1,
        "passwordExpiration": "2025-01-01 00:00:00"
    },
    "permissions": {
        "roles": [
            94
        ]
    }
}

Response Payload

{
    "userName": "testuser",
    "tenantId": 26,
    "statusInfo": {
        "status": 1,
        "accountLocked": false
    },
    "passwordInfo": {
        "passwordStatus": 1,
        "passwordExpiration": "2025-01-01 00:00:00"
    },
    "permissions": {
        "roles": [
            94
        ]
    },
    "authenticationInfo": {
        "authUsers": [
            {
                "authUserName": "testuser",
                "authServiceId": 1
            }
        ]
    }
}

Setting permissions on a user account

The following operation shows how permissions can be set explicitly on a user account. In this example, the administrator retains the odata_ds_role for the user, but adds the UseDataSourceWithJDBC (5) permission. The administrator must have the Administrator (12) permission; or the administrator must have the ModifyUsers (15) permission, any permissions specified in the new role, and administrative access on the tenant.

Request

PUT https://MyServer:8443/api/admin/users/31/permissions

Request Payload

{
  "roles": [
    94
  ],
  "permissions": [
    5
  ]
}

Response Payload

{
  "roles": [
    94
  ],
  "permissions": [
    5
  ]
}

Resetting user account password

The following operation shows how to reset a user account password. Making this request changes the password and sets the passwordStatus to 2 (reset). The end user must change the password when he or she next logs in. Users can change their passwords either through the Web UI or through the User Details API. The administrator must have the Administrator (12) permission, or the ModifyUsers (15) permission and administrative access on the tenant.

Request

PUT https://MyServer:8443/api/admin/users/31/resetpassword

Request Payload

{
   "newPassword": "tempsecret"
}

Response Payload

      Status code: 204
      No Content
            

Changing user account status

The following operation shows how to change user account status from active (1) to inactive (0). An inactive user cannot log in to the Web UI, use APIs, or establish JDBC, ODBC, or OData connections. The administrator must have the Administrator (12) permission, or the ModifyUsers (15) permission and administrative access on the tenant.

Request

PUT https://MyServer:8443/api/admin/users/31/statusinfo

Request Payload

{
   "status": 0
}

Response Payload

{
   "status": 0
}

Deleting user account

The following operation shows how to delete a user account. The user account ID 31 is specified in the URL. The administrator must have the Administrator (12) permission, or the DeleteUsers (16) permission and administrative access on the tenant.

Request

DELETE https://MyServer:8443/api/admin/users/31

Response Payload

{
  "success":true
}