Progress DataDirect Hybrid Data Pipeline User's Guide Release 5.0.0

Working with user permissions

Save PDF

Working with user permissions

Save PDF

Last Updated: November 20, 2023
2 minute read

Hybrid Data Pipeline
Version 5.0
Documentation

Administrators can use the Users API to create users with a specific role and set permissions explicitly on users. The permissions for a user are the sum of the permissions granted to the user's role(s) and permissions granted explicitly to the user. When creating a user, the administrator must assign the user a role.

Note: Administrators cannot use the Users API to assign themselves a role or set permissions on themselves. Such tasks would have to be done by another administrator. Best practices recommend that there should be at least two users with Administrator (12) permission. Any user with the Administrator (12) permission is in effect a system administrator and has permission to use all Hybrid Data Pipeline features and functionality.

Create a new user
Set explicit permissions on the user
Retrieve permissions on the new user

Create a new user

The following POST creates a user with the ODataOnly role. The user inherits the permissions associated with this role. The administrator must have the Administrator (12) permission, or the CreateUsers (13) permission and administrative access on the tenant.

Request

POST https://MyServer:8443/api/admin/users

Request Payload

{
  "userName": "ODataUser",
  "tenantId": 56,
  "statusInfo": {
    "status": 1,
    "accountLocked": false
  },
  "passwordInfo": {
    "passwordStatus": 1,
    "passwordExpiration": null
  },
  "permissions": {
    "roles": [
      6
    ]
  }
}

Response Payload

{
  "id": 307,
  "userName": "ODataUser",
  "tenantId": 56,
  "statusInfo": {
    "status": 1,
    "accountLocked": false
  },
  "passwordInfo": {
    "passwordStatus": 1,
    "passwordExpiration": null
  },
  "permissions": {
    "roles": [
      6
    ]
  },
  "authenticationInfo": {
    "authUsers": [
      {
        "authUserName": "ODataUser",
        "authServiceId": 1
      }
    ]
  }
}

Set explicit permissions on the user

An administrator can then set permissions explicitly on the new user with the following PUT request, where {id} is the auto-generated user ID. In this example, the user is explicitly being granted ChangePassword (9) permission. The administrator must have the Administrator (12) permission, or the ModifyUsers (15) permission and administrative access on the tenant.

Request

PUT https://MyServer:8443/api/admin/users/{id}/permissions

Request Payload

{
   "roles": [6],
   "permissions": [9]
}

Response Payload

{
   "roles": [
       6
   ],
   "permissions": [
       9
   ]
}

Retrieve permissions on the new user

With the following GET request, the permissions in terms of roles and explicit permissions can be retrieved for the new user, where {id} is the auto-generated ID of the user. The administrator must have the Administrator (12) permission, or the ViewUsers (14) permission and administrative access on the tenant.

Request

GET https://MyServer:8443/api/admin/users/{id}/permissions

Response Payload

{
   "roles": [
       6
   ],
   "permissions": [
       10
   ]
}