Modifying the user account roles

In this example, we will change the role of the user account from partner_admin to hci_admin in the partner tenant.

To modify the user account roles

  1. Authenticate to the cloud platform via the Python shell.

    The following variables should be available now:

    >>> base_url  # the base URL of the API
'<the data center URL>/api/2'
>>> auth  # the 'Authorization' header value with the access token
{'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
>>> tenant_id  # the UUID of the tenant to which the token provides access
'ede9f834-70b3-476c-83d9-736f9f8c7dae'

  2. Assign the user_id variable the UUID of a user account created via the API or a user account found via search:

    >>> user_id = created_user_id
>>> user_id
'1c234e69-5469-424a-a6d1-ff5658b387a6'

  3. Define a variable named policies_object, and then assign the items array of the access policy objects with a new role to this variable:

    >>> policies_object = {
...     "items": [
...         {
...             "id": "00000000-0000-0000-0000-000000000000",
...             "issuer_id": "00000000-0000-0000-0000-000000000000",
...             "trustee_id": user_id,
...             "trustee_type": "user",
...             "tenant_id": tenant_id,
...             "role_id": "hci_admin",
...             "version": 0
...         }
...     ]
... }

    Name

    Value type

    Required

    Description

    id

    UUID string

    Yes

    {{internal}} Must be any valid UUID string.

    issuer_id

    UUID string

    Yes

    {{internal}} Must be any valid UUID string.

    tenant_id

    UUID string

    Yes

    The UUID of the tenant.

    trustee_id

    UUID string

    Yes

    The UUID of the user account.

    trustee_type

    string

    Yes

    The type of the user account. The only available value is user.

    role_id

    string

    Yes

    The role of the user account. See the table describing available roles.

    version

    number

    Yes

    Revision number.

    Important

    Setting a role with higher access level, such as partner_admin, will override all other roles related to the service(s).

  4. Convert the policies_object object to a JSON text:

    >>> policies_object = json.dumps(policies_object, indent=4)

  5. Send a PUT request with the JSON text to the /users/{user_id}/access_policies endpoint:

    >>> response = requests.put(
...     f'{base_url}/users/{user_id}/access_policies',
...     headers={'Content-Type': 'application/json', **auth},
...     data=policies_object,
... )

    Warning

    This request overwrites all existing access policies for the user account.

  6. Check the status code of the response:

    >>> response.status_code
200

    Status code 200 means that the user account access policies have been successfully updated.

    Note

    A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.

    Also, the response body contains the items array of updated access policy objects, formatted as a JSON text. When converted to an object, it will look like this:

    >>> pprint.pprint(response.json())
{'items': [{'id': '00000000-0000-0000-0000-000000000000',
            'issuer_id': '00000000-0000-0000-0000-000000000000',
            'role_id': 'hci_admin',
            'tenant_id': 'ede9f834-70b3-476c-83d9-736f9f8c7dae',
            'trustee_id': '1c234e69-5469-424a-a6d1-ff5658b387a6',
            'trustee_type': 'user',
            'version': 0}]}