Managing user account roles

All operations with the user account roles are located under the /users/{user_id}/access_policies endpoint.

The roles are used to manage user account access to the services available in the same tenant.

JSON object structure of a user access policy

Name

Value type

Description

id

UUID string

An internal value.

issuer_id

UUID string

An internal value.

tenant_id

UUID string

The UUID of the tenant.

trustee_id

UUID string

The UUID of the user account.

trustee_type

string

The type of the user account. The only available value is user.

role_id

string

The role of the user account. Refer to the table describing available roles.

version

number

Revision number.

Example user access policy 

{
    "id": "fb261178-06bc-4268-9337-9639e049e1c8",
    "issuer_id": "48ef84eb-b0dc-4ade-83d1-0662c8b54f6d",
    "trustee_id": "de092d74-a977-4c4b-bf15-751fcba6f1a7",
    "trustee_type": "user",
    "tenant_id": "72acaf6a-b15a-11e6-80f5-76304dec7eb7",
    "role_id": "unit_admin",
    "version": 1
}

Available user account roles

Role

Tenant level

Service

Description

partner_admin

Partner, Folder

No

Provides full access to the management portal in Partner or Folder tenant.

hci_admin

Partner, Folder

No

This role enables the user account to monitor the usage history for all Cyber Infrastructure clusters registered within the same tenant.

company_admin

Customer

All services

Provides full access to the management portal in Customer tenant. This role also enables access to the disaster recovery functionality.

unit_admin

Unit

All services

Provides full access to the management portal in Unit tenant.

Service-specific roles that are used only on Customer and Unit levels:

Role

Tenant level

Service

Description

backup_user

Customer, Unit

Cyber Protection

Enables configuring backup and recovery and managing backups.

sync_share_admin

Customer

File Sync & Share

Enables storing files in the cloud storage, syncing folders between local folders and the cloud storage, sharing files with other people, and configuring the File Sync & Share service.

sync_share_user

Customer, Unit

File Sync & Share

Enables storing files in the cloud storage, syncing folders between local folders and the cloud storage, sharing files with other people in the File Sync & Share service.

notary_admin

Customer, Unit

Notary

This role enables notarization, e-signature, verification of files and objects, and the API integration keys management.

notary_user

Customer, Unit

Notary

This role enables notarization, e-signature, and verification of files and objects.

What you can do with user account roles

Operation

Methods and endpoints used
Check current available access policies for a user account
GET /users/{user_id}/access_policies
Change access policies for a user account
PUT /users/{user_id}/access_policies