Limiting higher-level administrator access to a tenant

To limit higher-level administrator access to a tenant

Note

This procedure is not applicable to unit tenants.

  1. Authenticate to the cloud platform via the Python shell.

    The following variables should be available now:

    >>> base_url  # the base URL of the API
    '<the data center URL>/api/2'
    >>> auth  # the 'Authorization' header value with the access token
    {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
    >>> tenant_id  # the UUID of the tenant to which the token provides access
    'ede9f834-70b3-476c-83d9-736f9f8c7dae'
    
  2. Assign either of the following values to the tenant_id variable – the UUID of a sub-tenant created via the API or a sub-tenant found by its name:

    >>> tenant_id = created_tenant_id
    >>> tenant_id
    '0fcd4a69-8a40-4de8-b711-d9c83dc000f7'
    
  3. Obtain the number of the latest tenant revision. You will have to specify this number in a subsequent request to the tenant. This is required to manage concurrent tenant modifications.

    1. Fetch the tenant information as described in steps 3-5 of Fetching information about an individual tenant. As the result, you should have a tenant variable with the tenant object.

    2. Define a variable named tenant_version, and then assign the value of the version key from the tenant object to this variable:

      >>> tenant_version = tenant['version']
      >>> tenant_version
      3
      
  4. Define a variable named tenant_update, and then assign the following object to this variable:

    >>> tenant_update = {
    ...     'ancestral_access': False,
    ...     'version': tenant_version,  # this key is required
    ... }
    
  5. Convert the tenant_update object to a JSON text:

    >>> tenant_update = json.dumps(tenant_update, indent=4)
    >>> print(tenant_update)
    {
        "ancestral_access": false,
        "version": 3
    }
    
  6. Send a PUT request with the JSON text to the /tenants/{tenant_id} endpoint:

    >>> response = requests.put(
    ...     f'{base_url}/tenants/{tenant_id}',
    ...     headers={'Content-Type': 'application/json', **auth},
    ...     data=tenant_update,
    ... )
    
  7. Check the status code of the response:

    >>> response.status_code
    200
    

    Status code 200 means that the platform has limited access to the tenant for higher-level administrators. These administrators can only modify the tenant properties. They do not have access to the user accounts and child tenants at all.

    Note

    A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.