Acronis #CyberFit Developer Training Part III: Users Management and Usage Information for UI/UX

This is the third part of the course focusing on offering items management. The first part can be found here Acronis #CyberFit Developer Training Part I: Get Started, Authorization, and Tenant Management and the second here Acronis #CyberFit Developer Training Part II: Offering Items and Applications Management.

The hands-on manuals, hands-on code, and presentations are for the full course.

Business Automation and account management training course is focused on the Acronis Cyber Platform Account Management API. It provides you the knowledge and hands-on experience you’ll need to successfully automate the provisioning of accounts, applications, offering items, quota management, user creation, and activation, as well as reports management and much more.

The training’s Hands-on Manuals

The training’s Hands-on Code

  1. Bash
  2. PowerShell
  3. Postman
  4. Python

The training's presentation in PDF

Account Management API

Users Management

Types of accounts

  • Administrators: have access to Management Portal and administrator role in all configured services might be limited scope by assigning a specific role
  • Users: have no access to Management Portal, access to services and role in services defined by an Administrator

Accounts are created within a tenant

  • Each Customer tenant must have at least 1 Administrator account for service configuration and software installation purposes
  • Administrators can create and manage tenants and accounts at or below their level in the tenant hierarchy

Administrators at Customer and higher levels can limit access to their tenant by toggling off the Support access to manage this tenant setting. In this case, the API access disables as well.

All operations with user accounts in the cloud platform are located under the /users endpoint. User accounts represent users registered on the platform. 

User accounts created in Customer tenant have a personal tenant. Personal tenant represents a tenant bound to a specific user account and is used only to control user account quotas and to collect user account real usage

All users are created inactivated. To activate a user, you need either to send an activation e-mail or set a password. We recommend using the activation e-mail method for better security reasons.

Create, Update, Delete a User

The Acronis Cyber Cloud requires that user login should be unique through all datacenters. Thus before creating a user with a specific login it's needed to check this login availability:

GET /users/check_login?username={login}

To create a user, you only need login and e-mail and tenant_id for which the user is creating. All other fields are to fill your business requirements.

POST /users

{   
"tenant_id": "{tenant_id}",
  "login": "{login}",
  "contact": {
      "email": "{e-mail}”
}

To update a user only a current version is required and you can specify only changed values.

POST /users/{user_id}

{
    “enabled": false,
    “version": "{current_version}"
}

When deleting a user account, all data associated with this user account will be deleted. This operation is not reversible!

Users Activation

After the user account has been successfully created on the platform, it is necessary to perform one of the account activation steps.

There are 2 ways to activate a user account

  • Send an email with the account activation link using API. The user will have to open the activation link sent to his/her email address and set the password, in order to be able to log in
  • Set a password for the user account using API. The user will be able to log in to the service console using his/her password. This can be useful when implementing custom user account provisioning methods. However, you need to establish a secure communication channel to communicate passwords un-compromised.

Clients can send activation emails only to user accounts located in sub-tenants. This also means that the client cannot perform this operation within its parent tenant

To send activation e-mail use:

POST /users/{user_id}/send-activation-email

The platform enforces the following rules for user account passwords

  • Password may contain any Unicode and special characters
  • Password may be empty. The user will not be able to log in using login/password authorization, but it still will be possible to log in using an external login URL

It's possible to only change the passwords of user accounts in sub-tenants. This also means that the client cannot perform this operation within its parent tenant

To activate a user by setting a password:

POST /users/{user_id}/password

{
    "password": "newUserPassword312"
}

Enable Roles and  Assigning Services

The roles are used to manage user account access to the services available in the same tenant. All operations with the user account roles are located under the /users/{user_id}/access_policies endpoint.

Setting a role with a higher access level, like partner_admin, will override all other roles related to the service(s).

Update request overwrites the current user roles with request content.

User Roles of a Partner Tenant

  • partner_admin, the "ultimate" administrator (full access to all services available within a tenant, no need to assign other roles)
  • accounts_admin, the administrator of the Management Portal
  • accounts_ro_admin, the read-only administrator of Management Portal
  • protection_admin, the administrator of the Cyber Protection services
  • protection_ro_admin, the read-only administrator of the Cyber Protection service
  • readonly_adminobsolete The non-granular read-only administrator role.
  • sync_share_admin, the administrator of Cyber Files

User Roles for a Customer Tenant

  • company_admin, the "ultimate" administrator (full access to all services available within a tenant, no need to assign other roles)
  • accounts_admin, the administrator of Management Portal
  • accounts_ro_admin, the read-only administrator of Management Portal
  • protection_admin, the administrator of the Cyber Protection services
  • protection_ro_admin, the read-only administrator of the Cyber Protection service
  • backup_user, the user of the Cyber Protection service
  • sync_share_admin, the administrator of the Cyber Files services
  • sync_share_user, a user of the Cyber Files services
  • notary_admin, the administrator of the Cyber Notary services
  • notary_user, a user of the Cyber Notary services
  • readonly_admin, obsolete the non-granular read-only administrator role.

Search for a User

To search for tenants or users:

GET /search

With the following query parameters
  • tenant – the root tenant for tenants hierarchy to search
  • text – text to search
  • limit – limit output (default 10).

The following property values are checked in user accounts:

  • Account login – login
  • First name – firstname in the contact object
  • Last name – lastname in the contact object
  • Email address (not displayed in search results) – email in the contact object.

Tenant Usage

Tenants and personal tenants provide metrics of service usage on the level of offering items.

The information about a service usage of the tenant, provided by the /tenants/usages endpoint. It is updated on average every 5-6 hours and intended for UX/UI usage purposes. For usage reports and billing automation, you need to use reports.

Summary

With the third part of Acronis #CyberFit Developer Training for Bussiness Automation, you now know how to manage users and retrieve usage information for UI/UX purposes.

The next part of Acronis #CyberFit Developer Training for Bussiness Automation will discuss usage reporting and working with locations and infrastructure information.

Updated
Stas Pavlov
Technology Evangelist
Account management API
Acronis Cyber Platform