Adding an individual user

You can create an individual user. To register an LDAP group, follow the instructions in Adding an LDAP server. To create users that are based on an LDAP group, follow the instructions in Adding users that are based on an LDAP group.

Method and URI

To add a user, use a POST method with a URI:

POST    https://{hostname|IPv4}/api/security/user

Parameters

None.

Data

Data 1: name

The username of the new user. Do not use root, admin, or test.

  • Example value: Sarah

  • Type: String. Required. Available in the web user interface.

Data 2: password

The password of the new user. Use at least 8 characters.

  • Example value: MyPassw0rd!

  • Type: String. Required. Available in the web user interface.

Data 3: type

The type of user.

  • Value: NATIVE_USER

  • Type: System string. Available in the web user interface.

Data 4: permissions

Define permissions for the new user. Roles define what actions users can take and resource groups define what resources they can access.

  • Example value: Use the following syntax to specify the roles and the resource groups for the user. You must specify the same roles for all resource groups.

[
    {
        "resourcePoolId": {resourcePoolId 1},
        "roleIds":        [
                              {roleId 1},
                              {roleId 2},
                              ...
                          ]
    }
    {
        "resourcePoolId": {resourcePoolId 2},
        "roleIds":        [
                              {roleId 1},
                              {roleId 2},
                              ...
                          ]
    },
    ...
]

Tip

To get a {roleId} value based on its name, follow the instructions in Getting a {roleId}. To get the {resourcepoolId} value based on its name, follow the instructions in Getting a {resourcepoolId}.

  • Type: Array. Required. Available in the web user interface.

Example: Add a new individual user

Assume that you are an administrator of IBM Spectrum Protect Plus. A new member Sarah has joined your team. You want to create a new individual user for her.

Sarah must have permissions to view all hypervisor objects and some additional resources that are available in the appliance, such as the VMware instances. Sarah must have permissions to start backup jobs manually. But she must not start any other operations.

You can add the following user:

  • Username: Sarah

  • Password: MyPassw0rd!

  • Type: An individual new user

  • Roles to assign:

    • Backup Only ({roleId} 992)

    • Self Service ({roleId} 994)

  • Resource groups to access:

    • BlueMachines - Dallas ({resourcepoolId} 1002)

    • Hypervisor All Resource Group ({resourcepoolId} 1000)

A Python snippet that is similar to the following example can be used to send a request to IBM Spectrum Protect Plus to add the new individual user:

_data = f'''{{
    "name":           "Sarah",
    "password":       "MyPassw0rd!",
    "type":           "NATIVE_USER",
    "sourceProvider": null,
    "sourceUser":     null,
    "sourceUserDN":   "",
    "permissions":    [
        {{
            "resourcePoolId": "1002",
            "roleIds":        ["992", "994"]
        }},
        {{
            "resourcePoolId": "1000",
            "roleIds":        ["992", "994"]
        }}
    ]
}}'''

requests.post('https://' + spp_ipv4 + '/api/security/user',
    headers={...}, data=_data, verify=...)
_images/reference_accounts_user_create02.png

Figure 81 The same action can be taken in the IBM Spectrum Protect Plus web user interface: In the navigation pane, click Accounts > User and click Add User. You proceed to the Add User - User Information and Role section. To add an individual user, from the Select the type of user or group you want to add list, select Individual new user. Enter the username and the password. Select roles for the new user. Click Continue.

_images/reference_accounts_user_create03.png

Figure 82 In the Add User - Assign Resources section, select resource groups that you want to assign to the new user. Click Add resources and click Create user.

The request prompts a response that is structured as shown, with the HTTP status of 201 (Created). Review the response to ensure that the new user, Sarah, was added. The response body is similar to the JSON object for Sarah , as shown in Getting user information.