Modifying the user account roles
In this example, we will change the role of the user account from partner_admin
to hci_admin
in the partner tenant.
To modify the user account roles
Authenticate to the cloud platform via the Python shell.
The following variables should be available now:
>>> base_url # the base URL of the API '<the data center URL>/api/2' >>> auth # the 'Authorization' header value with the access token {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'} >>> tenant_id # the UUID of the tenant to which the token provides access 'ede9f834-70b3-476c-83d9-736f9f8c7dae'
Assign the
user_id
variable the UUID of a user account created via the API or a user account found via search:>>> user_id = created_user_id >>> user_id '1c234e69-5469-424a-a6d1-ff5658b387a6'
Define a variable named
policies_object
, and then assign theitems
array of the access policy objects with a new role to this variable:>>> policies_object = { ... "items": [ ... { ... "id": "00000000-0000-0000-0000-000000000000", ... "issuer_id": "00000000-0000-0000-0000-000000000000", ... "trustee_id": user_id, ... "trustee_type": "user", ... "tenant_id": tenant_id, ... "role_id": "hci_admin", ... "version": 0 ... } ... ] ... }
Name
Value type
Required
Description
id
UUID string
Yes
{{internal}} Must be any valid UUID string.
issuer_id
UUID string
Yes
{{internal}} Must be any valid UUID string.
tenant_id
UUID string
Yes
The UUID of the tenant.
trustee_id
UUID string
Yes
The UUID of the user account.
trustee_type
string
Yes
The type of the user account. The only available value is
user
.role_id
string
Yes
The role of the user account. See the table describing available roles.
version
number
Yes
Revision number.
Important
Setting a role with higher access level, such as
partner_admin
, will override all other roles related to the service(s).Convert the
policies_object
object to a JSON text:>>> policies_object = json.dumps(policies_object, indent=4)
Send a PUT request with the JSON text to the
/users/{user_id}/access_policies
endpoint:>>> response = requests.put( ... f'{base_url}/users/{user_id}/access_policies', ... headers={'Content-Type': 'application/json', **auth}, ... data=policies_object, ... )
Warning
This request overwrites all existing access policies for the user account.
Check the status code of the response:
>>> response.status_code 200
Status code 200 means that the user account access policies have been successfully updated.
Note
A different status code means that an error has occurred. For details of the error, see HTTP status response codes and API error codes.
Also, the response body contains the
items
array of updated access policy objects, formatted as a JSON text. When converted to an object, it will look like this:>>> pprint.pprint(response.json()) {'items': [{'id': '00000000-0000-0000-0000-000000000000', 'issuer_id': '00000000-0000-0000-0000-000000000000', 'role_id': 'hci_admin', 'tenant_id': 'ede9f834-70b3-476c-83d9-736f9f8c7dae', 'trustee_id': '1c234e69-5469-424a-a6d1-ff5658b387a6', 'trustee_type': 'user', 'version': 0}]}