Using the APIs to set up a single-tenant environment
- Last Updated: September 7, 2022
- 4 minute read
- Hybrid Data Pipeline
- Version 5.0
- Documentation
The following operations show how you can set up a single-tenant environment using Hybrid Data Pipeline APIs.
- Retrieving valid roles in the system tenant
- Create a user with the Tenant Administrator role
- Grant the administrator user administrative access to the system tenant
- Create a new role with tenant and elevated permissions
- Assign the new role to the administrator user
- Retrieving and setting system configurations
- Retrieving and setting limits
Retrieving valid roles in the system tenant
The following GET operation retrieves the valid roles and their IDs for the system tenant in a single-tenant environment. Role IDs can then be used to assign roles to users.
Request
GET https://MyServer:8443/api/admin/rolesResponse Payload
{
"roles": [
{
"id": 1,
"name": "System Administrator",
"tenantId": 1,
"description": "This role has all permissions. This role cannot be
modified or deleted."
},
{
"id": 2,
"name": "User",
"tenantId": 1,
"description": "This role has the default permissions that a normal
user will be expected to have."
},
{
"id": 3,
"name": "Tenant Administrator",
"tenantId": 1,
"description": "This role has all the tenant administrator
permissions."
}
]
}Create a user with the Tenant Administrator role
The ID for the Tenant Administrator role (3) can then be used to create a user with the Tenant Administrator role, as shown in the following POST operation. The user inherits the permissions associated with this role.
Request
POST https://MyServer:8443/api/admin/usersRequest Payload
{
"userName": "TenantAdmin",
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"password": "<password>",
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00"
},
"permissions": {
"roles": [
3
]
}
}Response Payload
{
"id": 87,
"userName": "TenantAdmin",
"tenantId": 1,
"tenantName": "Root",
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00.0"
},
"permissions": {
"roles": [
3
]
},
"authenticationInfo": {
"authUsers": [
{
"authUserName": "TenantAdmin",
"authServiceId": 1
}
]
}
}Grant the administrator user administrative access to the system tenant
In addition to being granted the Tenant Administrator role, the tenant administrator must be granted administrative access to the system tenant. The following Users API request grants user account 87 administrative access to the system tenant.
Request
PUT https://MyServer:8443/api/admin/users/87/tenantsadministeredRequest Payload
{
"tenantsAdministered": [
1
]
}Response Payload
{
"tenantsAdministered": [
1
]
}Create a new role with tenant and elevated permissions
The following POST request creates the new Tenant Admin Plus role. The new role has all user and tenant permissions plus the Logging (24), Limits (27), and OAuth (28) permissions.
Request
POST https://MyServer:8443/api/admin/rolesRequest Payload
{
"name": "Tenant Admin Plus",
"description": "This role has all the tenant administrator permissions plus
elevated permissions.",
"permissions": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
13,
14,
15,
16,
17,
18,
19,
20,
21,
24,
27,
28
],
"users": []
}Response Payload
{
"id": 42,
"name": "Tenant Admin Plus",
"description": "This role has all the tenant administrator permissions plus
elevated permissions.",
"permissions": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
13,
14,
15,
16,
17,
18,
19,
20,
21,
24,
27,
28
],
"users": []
}Assign the new role to the administrator user
The following PUT assigns the new Tenant Admin Plus role to the administrator user. The user inherits the permissions associated with this role. Note that the ID of the Tenant Admin Plus role (42) was provided in the response payload when the role was created. Also, note that any existing roles and permissions are removed by this operation.
Request
PUT https://MyServer:8443/api/admin/users/87/permissionsRequest Payload
{
"roles": [42],
"permissions": []
}Response Payload
{
"roles": [42]
}Retrieving and setting system configurations
The following GET operation retrieves a list of system configurations.
Request
GET https://MyServer:8443/api/admin/configurationsResponse Payload
{
"configurations": [
{
"id": 1,
"description": "Delimiter between user name and authentication
service/configuration name",
"value": null
},
{
"id": 2,
"description": "Enable Secure Password Change, when value is set to
true, the change password api will require a valid old password
in order to update the logged in user password.",
"value": "true"
},
...,
{
"id": 8,
"description": "Configure whitelist filtering. Enables filtering when
value is set to 'true'. Default value is "true" ",
"value": "true"
}
]
}The following PUT operation disables IP address whitelists. The number 8 is the ID of the IP address whitelist feature.
Request
PUT https://MyServer:8443/api/admin/configurations/8Request Payload
{
"value":"false"
}Retrieving and setting limits
The following GET operation retrieves a list of limits.
Request
GET https://MyServer:8443/api/admin/limitsResponse Payload
{
"limits": [
{
"id": 1,
"name": "MaxFetchRows",
"description": "Maximum number of rows allowed to be fetched for a
single query",
"minValue": 1,
"maxValue": 9000000000000000000,
"defaultValue": 9000000000000000000,
"validForLimits": 15
},
...,
{
"id": 6,
"name": "ODataMaxConcurrentQueries",
"description": "Maximum number of concurrent active queries per
data source",
"minValue": 0,
"maxValue": 9000000000000000000,
"defaultValue": 0,
"validForLimits": 15
},
...
]
}The following POST creates a system-level limit of 50000 queries. The number 6 is the ID of the ODataMaxConcurrentQueries limit. The payload passes 50000 as the value for this limit.
Request
POST https://MyServer:8443/api/admin/limits/system/6Request Payload
{
"value": 50000
}