Limiting higher-level administrator access to a tenant
To limit higher-level administrator access to a tenant
Note
This procedure is not applicable to unit tenants.
Authenticate to the cloud platform via the Python shell.
The following variables should be available now:
>>> base_url # the base URL of the API '<the data center URL>/api/2' >>> auth # the 'Authorization' header value with the access token {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'} >>> tenant_id # the UUID of the tenant to which the token provides access 'ede9f834-70b3-476c-83d9-736f9f8c7dae'
Assign either of the following values to the
tenant_id
variable – the UUID of a sub-tenant created via the API or a sub-tenant found by its name:>>> tenant_id = created_tenant_id >>> tenant_id '0fcd4a69-8a40-4de8-b711-d9c83dc000f7'
Obtain the number of the latest tenant revision. You will have to specify this number in a subsequent request to the tenant. This is required to manage concurrent tenant modifications.
Fetch the tenant information as described in steps 3-5 of Fetching information about an individual tenant. As the result, you should have a
tenant
variable with the tenant object.Define a variable named
tenant_version
, and then assign the value of theversion
key from the tenant object to this variable:>>> tenant_version = tenant['version'] >>> tenant_version 3
Define a variable named
tenant_update
, and then assign the following object to this variable:>>> tenant_update = { ... 'ancestral_access': False, ... 'version': tenant_version, # this key is required ... }
Convert the
tenant_update
object to a JSON text:>>> tenant_update = json.dumps(tenant_update, indent=4) >>> print(tenant_update) { "ancestral_access": false, "version": 3 }
Send a PUT request with the JSON text to the
/tenants/{tenant_id}
endpoint:>>> response = requests.put( ... f'{base_url}/tenants/{tenant_id}', ... headers={'Content-Type': 'application/json', **auth}, ... data=tenant_update, ... )
Check the status code of the response:
>>> response.status_code 200
Status code 200 means that the platform has limited access to the tenant for higher-level administrators. These administrators can only modify the tenant properties. They do not have access to the user accounts and child tenants at all.
Note
A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.