Chapter 13. Users
Users are exposed in a top-level collection and are referenced with the
rel="users" link. Individual user elements contain the following:
| Element | Type | Description | Properties |
|---|---|---|---|
user_name | string | The user principal name (UPN). The UPN is used as a more convenient identifier when adding a new user. | 
|
link rel="tags" | relationship | A link to the tags sub-collection for user resources. | |
link rel="roles" | relationship | A link to the roles sub-collection for user resources. | |
name | string | A free-text name for the user. |
|
domain | string | The containing directory service domain. |
|
groups | complex | A list of directory service groups for this user. |
|
Example 13.1. An XML representation of a user resource
GET /api/users HTTP/1.1
Accept: application/xml
<user id="225f15cd-e891-434d-8262-a66808fcb9b1"
href="/api/users/225f15cd-e891-434d-8262-a66808fcb9b1">
<name>Admin</name>
<actions/>
<link rel="roles"
href="/api/users/225f15cd-e891-434d-8262-a66808fcb9b1/roles"/>
<link rel="tags"
href="/api/users/225f15cd-e891-434d-8262-a66808fcb9b1/tags"/>
<domain>domain.example.com</domain>
<logged_in>false</logged_in>
<user_name>admin@domain.example.com</user_name>
<groups>
<group>Group Policy Creator Owners@domain.example.com/Users</group>
<group>Domain Admins@domain.example.com/Users</group>
<group>Enterprise Admins@domain.example.com/Users</group>
<group>Schema Admins@domain.example.com/Users</group>
<group>Administrators@domain.example.com/Builtin</group>
</groups>
</user>
The API adds an existing directory service user to the Red Hat Storage Console database with a
POST request to the users collection. The client-provided new user representation includes an embedded roles list with at least one initial role to assign to the user. For example, the following request assigns two initial roles to the user joe@domain.example.com:
Example 13.2. Adding a user from directory service and assigning two roles
POST /api/users HTTP/1.1
Content-Type: application/xml
Accept: application/xml
<user>
<user_name>joe@domain.example.com</user_name>
<roles>
<role>
<name>RHSC User</name>
</role>
<role id="00000000-0000-0000-0001-000000000003"/>
</roles>
</user>
The new user is identified either by Red Hat Storage Console user ID or via the directory service user principal name (UPN). The user ID format reported from the directory service domain might be different to the expected Red Hat Storage Console format, such as in LDIF, [3]the ID has the opposite byte order and is base-64 encoded. Hence it is usually more convenient to refer to the new user by UPN.
Note
The user exists in the directory service domain before it is added to the Red Hat Storage Console database. An API user has the option to query this domain through the
domains collection prior to creation of the user.
Roles are identified either by name or ID. The example above shows both approaches.
Further roles are attached or detached with
POST or DELETE requests to the roles sub-collection of an individual user. The example below illustrates how the API adds the RHSCUser role to the role assignments for a particular user.
Note
The embedded user roles list of the
user element is only used for the initial creation. All interactions post-creation with the user's role assignments go through the roles sub-collection.
Example 13.3. Adding roles to a user
POST /api/users/225f15cd-e891-434d-8262-a66808fcb9b1/roles HTTP/1.1
Content-Type: application/xml
Accept: application/xml
<role>
<name>RHSCUser</name>
</role>
Note
Users are not updated with the
PUT verb. The only changes allowed post-creation are in the user's role assignments.
The API removes users from the Red Hat Storage Console database with a
DELETE request on the users collection. The directory service domain remains unchanged after such a deletion.
22632%2C+Console+Developer+Guide-322-09-2014+17%3A11%3A35Report a bug
