User management and access control
Overview of user management and access control
For storage systems, resource groups and user groups are used to manage the roles and access permissions of users.
Resource group
Resource groups are used to classify and manage resources in the storage system. Only users who have access permissions for a resource group can perform operations on the resources (such as parity groups, LDEVs, and ports) that are added to that resource group.
User group
User groups are used to group users who have the same roles and access permissions for the resources in the storage system. To specify the operations that users in a user group can perform, assign a role to the user group. To specify the resources that the users in a user group can access, assign a resource group to the user group.
Role
Roles are execution permissions for resources. Roles are already set up, and the operations that users of each role can perform on resources are already defined. For details on the roles required to run a particular API request, see the description on that API request.
The users, user groups, and resource groups created by using the REST API can also be used from Hitachi Device Manager - Storage Navigator. Note that the types of characters that can be used for user IDs and passwords differ between the REST API and Hitachi Device Manager - Storage Navigator. To use Hitachi Device Manager - Storage Navigator to create users who can use the REST API, specify a user ID and password in accordance with the rules for the REST API.
For the user group name and resource group name, you can use the same characters as those that can be used when creating groups in Hitachi Device Manager - Storage Navigator.
For details about user management and access control for storage systems, see the System Administrator Guide.
- If a user uses the REST API to lock the resources of a storage system, operations on the users, user groups, or resource groups will no longer be able to be performed. In such a case, unlock the resources before performing these operations.
- For the VSP 5000 series, it takes several minutes for the latest information to be applied to the cache after you create or delete a resource group or add or delete resources belonging to a resource group. For this reason, if you attempt to perform operations on user groups or users after performing any of these operations related to resource groups, the request might fail. If the request fails, wait for a while, and then run the request again.
User management and access control operations
Operations for resource groups
Target storage system
Operation
Creating and deleting resource groups
Registering and deleting resources
Getting a list of resource groups
Getting information
about a specific resource group
VSP 5000 series
Y
Y
Y
Y
E series, Gx00 or Fx00
Y
Y
Y
Y
G1000, G1500, or F1500
Y
Y
Y
Y
VSP or HUS VM N
N
Y#1
N
Operations for user groups
Target storage system
Operation
Creating and deleting user groups
Changing user group settings
(assigning roles, etc.)
Assigning and releasing resource groups
Getting a list of user groups
Getting information
about a specific user group
VSP 5000 series
Y
Y
Y
Y
Y
E series, Gx00 or Fx00
Y
Y
Y
Y
Y
G1000, G1500, or F1500
N
N
N
Y
Y
VSP or HUS VM N
N
N
N
N
Operations for users
Target storage system
Operation
Creating and deleting user accounts
Changing passwords
Registering and deleting user groups
Getting a list of users
Getting information
about a specific user
VSP 5000 series Y
Y
Y
Y
Y
E series, Gx00 or Fx00
Y
Y#2
Y
Y
Y
G1000, G1500, or F1500
Y
Y
Y
Y
Y
VSP or HUS VM N
N
N
N
N
(Legend)
Y: The operation can be performed from the REST API.
N: The operation cannot be performed from the REST API.
#1: The types of information that can be obtained vary. For details, see the description of the API function for getting resource group information.
#2: If either of the following conditions is met, you can simultaneously change the user password that is registered in the Storage Device list on the SVP:
- You are using a VSP G200, G400, G600, G800, VSP F400, F600, F800 storage system whose microcode version is 83-05-2X-XX/XX or later.
- You are using a VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system whose microcode version is 88-03-0X-XX/XX or later, and a linkage to the SVP is established in the configuration.
- You are using a VSP E series storage system, and a linkage to the SVP is established in the configuration.
For operations that cannot be performed from the REST API, use Hitachi Device Manager - Storage Navigator.
You can use the REST API to manage the passwords of the following user accounts:
- The user accounts of the storage system
These users perform operations on the storage system resources. Information about the users is stored on the storage system. These users are specified in the Authorization header of the REST API request.
- The user account registered in the Storage Device List
This user is registered in the Storage Device List during initial setup of the SVP. Information about the user is stored on the SVP.
- The user accounts of the storage systems
registered in the REST API server
These users are specified in the Authorization header when a storage system is registered in the REST API server. Information about the users is stored on the REST API server.
If the same user account is registered in 1 and 2, you can change the password of the user account of 1 and 2 at the same time by using the API request for changing the password of the user. The request line of the API is as follows:
PUT base-URL/v1/objects/storages/storage-device-ID/users/object-ID
To change the password of a user account of 3, use the API request for changing information about a storage system. The request line of the API is as follows:
PUT base-URL/v1/objects/storages/storage-device-ID
If the user account of 1, 2, and 3 are the same, change the password of the user account of 1 and 2 first, and then change the password of the user account of 3.
If the user account registered in the Storage Device List is deleted by using the API request for deleting a user account, management software (such as the REST API and Storage Navigator) becomes unavailable.
Therefore, when performing operations, be careful of the order in which passwords are changed and the information about users that is used within the system.
Workflow for user management and access control
When using the REST API to create a user, specify a user group to which the user will belong. Assign, in advance, resource groups and roles to the user group based on the types of resources on which the users in that user group can operate and the operation permissions of users in that user group.
The following figure shows the workflow for specifying user and access control settings. If you are using the meta_resource group or built-in user group, you do not need to configure the resource group or the user group.
Set resource groups
Create a resource group, and then add resources such as parity groups, LDEVs, and ports. Group resources by business or organization into units for controlling access.
Set user groups
Create a user group. Assign resource groups and roles based on the types of resources on which the users in that user group can operate and the operation permissions of users in that user group.
Set users
Create a user. Specify the user group to which the user will belong, and then add the user to that user group. The user then can use the resources in the resource groups assigned to the user group according to the assigned roles.
Input rules for user IDs and passwords
If you want to include symbols in a request body, be sure to escape the symbols as required for JSON format.
Item |
Number of characters |
Specifiable characters |
User ID |
1 to 63 characters | You can use the following characters.#
|
Password |
6 to 63 characters | You can use the following characters.#
|
#: For target storage systems whose microcode versions are earlier than those supported by Configuration Manager 8.6.2, if one of the following conditions is met, the specifiable characters might vary.
- The storage system model is VSP G1000, VSP G1500, or VSP F1500, and SSL communication is used for communication with the REST API server.
- The storage system model is VSP G200, G400, G600, G800, or VSP F400, F600, F800, and SSL communication (the DTLS SVP encrypted communication mode or the SSL TLS encrypted communication mode) is used for communication with the REST API server.
- The storage system model is VSP G350, G370, G700, G900, or VSP F350, F370, F700, F900.
In this case, you can use the following characters for User ID.
- Alphanumeric characters
- The following symbols:
- . / @ _
In this case, you can use the following characters for Password.
- Alphanumeric characters
- The following symbols:
, - . / @ _ \
- When creating a user account that will not be used for the REST API but will be used
for other products such as Storage Navigator, you can use the number of characters in the
userId
anduserPassword
attributes of the API function for creating a user account, and in theuserPassword
attribute of the API function for changing the password of the user.- The
userId
attribute: 1 to 256 characters - The
userPassword
attribute: 6 to 256 characters
- The
- If you use Storage Navigator or another product to create a user account whose password includes a double quotation mark ("), you can use that user account to run the REST API. However, you cannot use the REST API to create a user account whose password includes a double quotation mark or to change a password to one that includes a double quotation mark.
Getting a list of resource groups
Note the following when executing this API request for storage systems of the following models: VSP E series, VSP G350, G370, G700, G900 and VSP F350, F370, F700, F900.
-
Pay attention to the number of concurrent executions of this API request. For details, see "Implementing retry processing".
- In a configuration in which no linkage is established to the SVP, when configuration information of a storage system is updated, this API request is run on the Platform REST API server. While this API request is running, it might affect the execution of API requests for which the number of concurrent executions is restricted.
Storage Administrator (View Only)
GET base-URL/v1/objects/storages/storage-device-ID/resource-groups
Object ID
None.
Query parameters
To filter execution results:
Parameter
Type
Filter condition
lockStatus
string
(Optional) Lock status of the resource group
-
Locked: Gets information about the locked resource groups
-
Unlocked: Gets information about the unlocked resource groups
To get information about only certain types of resources in resource groups:
You can reduce the request processing time by using the following query parameter to get information about only certain resources of interest.
Parameter
Type
Filter condition
attributes
string
(Optional) Type of resource for which information is to be obtained
Information will be obtained about only resources corresponding to the specified attributes.
To specify multiple attributes, separate the attributes by using commas.
You can use this parameter in combination with the
lockStatus
parameter.-
ldevIds: LDEV numbers
-
parityGroupIds: Parity group numbers
-
externalParityGroupIds: External parity group numbers
-
portIds: Port numbers
-
hostGroupIds: Object IDs of host groups or iSCSI targets
If this parameter is omitted, information will be obtained about all of the attributes listed above.
Information about attributes other than those listed above will be obtained regardless of the specification of this parameter.
The following are examples of how to specify these query parameters in various situations.
To get the LDEV numbers of locked resource groups:
?lockStatus=Locked&attributes=ldevIds
To get the port numbers, and the object IDs of host groups or iSCSI targets for all resource groups:
?attributes=portIds,hostGroupIds
-
Body
None.
Body
The following is an example of output for Virtual Storage Platform or Unified Storage VM:
{ "data": [ { "resourceGroupId": 0, "resourceGroupName": "meta_resource", "lockStatus": "Locked", "lockOwner": "devUser", "lockHost": "host01" }, { "resourceGroupName": "sales_group_resource", "resourceGroupId": 1, "lockStatus": "Unlocked" } ] }
The following is an example of output for VSP 5000 series, VSP E series, VSP Gx00 models, VSP G1000, VSP G1500, VSP Fx00 models, or VSP F1500:
{ "data": [ { "resourceGroupId": 4, "resourceGroupName": "devResourceGroup", "lockStatus": "Locked", "lockOwner": "devUser", "lockHost": "host01", "virtualStorageId": 0, "ldevIds": [ 12, 13 ], "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] }, { "resourceGroupId": 5, "resourceGroupName": "sales_group_resource", "lockStatus": "Unlocked", "virtualStorageId": 0, "ldevIds": [ 32, 33 ], "parityGroupIds": [ "2-1", "2-2" ], "externalParityGroupIds": [ "1-7", "1-8" ], "portIds": [ "CL3-A" ], "hostGroupIds": [ "CL3-A,1", "CL3-A,2" ] } ] }
The following is an example of output when a request is run with the
attributes
query parameter specified, to get only information about port numbers and the object IDs of host groups or iSCSI targets:{ "data": [ { "resourceGroupId": 4, "resourceGroupName": "devResourceGroup", "lockStatus": "Locked", "lockOwner": "devUser", "lockHost": "host01", "virtualStorageId": 0, "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] }, { "resourceGroupId": 5, "resourceGroupName": "sales_group_resource", "lockStatus": "Unlocked", "virtualStorageId": 0, "portIds": [ "CL3-A" ], "hostGroupIds": [ "CL3-A,1", "CL3-A,2" ] } ] }
Attribute
Type
Description
resourceGroupName
string
Resource group name
resourceGroupId
int
Resource group ID
lockStatus
string
Lock status of the resource group
- Locked: The resource group is locked.
- Unlocked: The resource group is unlocked.
selfLock
boolean
Whether the session specified in the Authorization header locked the resource group
- true: The specified session locked the resource group
- false: Another session locked the resource group
This attribute is output if the resource group is locked by a session that was generated by the same user who runs the API.
lockOwner
string
User ID that locked the resource group
This attribute is not output if the resource group is unlocked.
lockHost
string
IP address or name of the host that locked the resource group
If the resource group has been locked by the REST API, IP address or host name of one of the following is output:
- SVP
- GUM
- Configuration Manager REST API server
- Relay server when the communication mode of the Configuration Manager REST API server is proxyMode
This attribute is output only when the resource group is locked.
lockSessionId
int
Session ID that locked the resource group
This attribute is output only when the resource group is locked and when a user who belongs to the Administrator user group (built-in user group) for the VSP 5000 series, VSP E series, VSP Gx00 models, VSP G1000, VSP G1500, VSP Fx00 models, or VSP F1500 , or a maintenance user for Virtual Storage Platform or Unified Storage VM runs the API.
virtualStorageId
int
ID of the virtual storage machine that corresponds to the resource group#
ldevIds
int[]
LDEV number#
parityGroupIds
string[]
Parity group number#
externalParityGroupIds
string[]
External parity group number#
portIds
string[]
Port number#
hostGroupIds
string[]
Object ID of the host group or iSCSI target#
#: This attribute can be obtained only for VSP 5000 series, VSP E series, VSP Gx00 models, VSP G1000, VSP G1500, VSP Fx00 models, or VSP F1500.
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups
Getting information about a specific resource group
Storage Administrator (View Only)
GET base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID
Object ID
Specify the value of
resourceGroupId
that was obtained by the processing to get information about resource groups.Attribute
Type
Description
resourceGroupId
int
(Required) Resource group ID
Specify a decimal (base 10) number in the range from 0 to 1023.
Query parameters
None.
Body
None.
Body
{ "resourceGroupId": 4, "resourceGroupName": "devResourceGroup", "lockStatus": "Locked", "lockOwner": "devUser", "lockHost": "host01", "virtualStorageId": 0, "ldevIds": [ 12, 13 ], "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] }
Attribute
Type
Description
resourceGroupName
string
Resource group name
resourceGroupId
int
Resource group ID
lockStatus
string
Lock status of the resource group
- Locked: The resource group is locked.
- Unlocked: The resource group is unlocked.
selfLock
boolean
Whether the resource group was locked by the session specified in the Authorization header
- true: The specified session locked the resource group.
- false: Another session locked the resource group.
This attribute is output when the resource group is locked by a session that was generated by the same user who runs the API.
lockOwner
string
User ID of the user who locked the resource group
This attribute is output only when the resource group is locked.
lockHost
string
IP address or name of the host that locked the resource group
If the resource group has been locked by the REST API, IP address or host name of one of the following is output:
- SVP
- GUM
- Configuration Manager REST API server
- Relay server when the communication mode of the Configuration Manager REST API server is proxyMode
This attribute is output only when the resource group is locked.
lockSessionId
int
Session ID of the session that locked the resource group
This attribute is output only when the resource group is locked and the API was run by one of the following users: the user who belongs to the Administrator user group (built-in user group)(for VSP 5000 series, VSP E series, VSP Gx00 models, VSP G1000, VSP G1500, VSP Fx00 models, or VSP F1500).
virtualStorageId
int
ID of the virtual storage machine that corresponds to the resource group
ldevIds
int[]
LDEV number
parityGroupIds
string[]
Parity group number
externalParityGroupIds
string[]
External parity group number
portIds
string[]
Port number
hostGroupIds
string[]
Object ID of the host group or iSCSI target
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4
Creating a resource group
virtualStorageDeviceId
attribute.If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/storages/storage-device-ID/resource-groups
Object ID
None.
Query parameters
None.
Body
{ "resourceGroupName":"devResourceGroup", "virtualStorageDeviceId":"900000050001" }
Attribute
Type
Description
resourceGroupName
string
(Required) Resource group name
Specify a name consisting of 1 to 32 characters.
virtualStorageDeviceId
string
(Optional) Storage device ID of the virtual storage machine
This attribute cannot be specified at the same time as the
virtualStorageId
attribute.If this attribute is omitted, the default storage device ID (the same storage device ID as that of the target physical storage system) will be set.
virtualStorageId
int
(Optional) ID of the virtual storage machine that corresponds to the resource group
This attribute cannot be specified at the same time as the
virtualStorageDeviceId
attribute.If this attribute is omitted, 0 will be set.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the description on job objects.Attribute
Description
affectedResources
URL of the created resource group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X POST --data-binary @./InputParameters.json https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups
Adding a resource to a resource group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PUT base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID/actions/add-resource/invoke
You can run this API request in a POST method.
Object ID
Specify the value of
resourceGroupId
that was obtained by the processing to get information about resource groups.Attribute
Type
Description
resourceGroupId
int
(Required) Resource group ID
Specify a decimal (base 10) number in the range from 1 to 1023.
Query parameters
None.
Body
The following coding example shows how to specify an LDEV number:
{ "parameters": { "ldevIds": [ 2, 3 ], "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] } }
The following coding example shows how to specify a range of LDEV numbers:
{ "parameters": { "startLdevId": 2, "endLdevId": 5, "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] } }
Attribute
Type
Description
parityGroupIds
string[]
(Optional) Parity group number
externalParityGroupIds
string[]
(Optional) External parity group number
portIds
string[]
(Optional) Port number
hostGroupIds
string[]
(Optional) Object ID of the host group or iSCSI target
Specify the value of
hostGroupId
that was obtained by the processing to get information about host groups or iSCSI targets.ldevIds
int[]
(Optional) LDEV number
Specify a value in the range from 0 to 65279. If you specify this attribute, you cannot specify the
startLdevId
attribute or theendLdevId
attribute.startLdevId
int
(Optional) First LDEV number
When specifying a range of LDEVs, specify a value in the range from 0 to 65278. If you specify this attribute, you must also specify the
endLdevId
attribute. If you specify theldevId
attribute, you cannot specify this attribute.endLdevId
int
(Optional) Last LDEV number
When specifying a range of LDEVs, specify a value in the range from 1 to 65279. If you specify this attribute, you must also specify the
startLdevId
attribute. If you specify theldevId
attribute, you cannot specify this attribute.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the description on job objects.Attribute
Description
affectedResources
URL of the resource group to which resources are added
GET base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID/actions/add-resource
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4/actions/add-resource
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4/actions/add-resource/invoke
Removing a resource from a resource group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PUT base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID/actions/remove-resource/invoke
You can run this API request in a POST method.
Object ID
Specify the value of
resourceGroupId
that was obtained by the processing to get information about resource groups.Attribute
Type
Description
resourceGroupId
int
(Required) Resource group ID
Specify a decimal (base 10) number in the range from 1 to 1023.
Query parameters
None.
Body
The following coding example shows how to specify an LDEV number:
{ "parameters": { "ldevIds": [ 2, 3 ], "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] } }
The following coding example shows how to specify a range of LDEV numbers:
{ "parameters": { "startLdevId": 2, "endLdevId": 5, "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-7", "1-8" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] } }
Attribute
Type
Description
parityGroupIds
string[]
(Optional) Parity group number
externalParityGroupIds
string[]
(Optional) External parity group number
portIds
string[]
(Optional) Port number
hostGroupIds
string[]
(Optional) Object ID of the host group or iSCSI target
Specify the value of
hostGroupId
that was obtained by the processing to get information about host groups or iSCSI targets.ldevIds
int[]
(Optional) LDEV number
Specify a value in the range from 0 to 65279. If you specify this attribute, you cannot specify the
startLdevId
attribute or theendLdevId
attribute.startLdevId
int
(Optional) First LDEV number
When specifying a range of LDEVs, specify a value in the range from 0 to 65278. If you specify this attribute, you must also specify the
endLdevId
attribute. If you specify theldevId
attribute, you cannot specify this attribute.endLdevId
int
(Optional) Last LDEV number
When specifying a range of LDEVs, specify a value in the range from 1 to 65279. If you specify this attribute, you must also specify the
startLdevId
attribute. If you specify theldevId
attribute, you cannot specify this attribute.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the description on job objects.Attribute
Description
affectedResources
URL of the resource group from which resources were removed
GET base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID/actions/remove-resource
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4/actions/remove-resource
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4/actions/remove-resource/invoke
Deleting a resource group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
DELETE base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID
Object ID
Specify the value of
resourceGroupId
that was obtained by the processing to get information about resource groups.Attribute
Type
Description
resourceGroupId
int
(Required) Resource group ID
Specify a decimal (base 10) number in the range from 1 to 1023.
Query parameters
None.
Body
None.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the description on job objects.Attribute
Description
affectedResources
URL of the deleted resource group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X DELETE https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4
Getting a list of user groups
Security Administrator (View Only)
GET base-URL/v1/objects/storages/storage-device-ID/user-groups
Object ID
None.
Query parameters
None.
Body
None.
Body
{ "data": [ { "userGroupObjectId": "devGroup", "userGroupId": "devGroup", "roleNames": [ "Audit Log Administrator (View & Modify)" ], "resourceGroupIds": [ 1, 2, 3 ], "isBuiltIn": false, "hasAllResourceGroup": false }, { "userGroupObjectId": "adminGroup", "userGroupId": "adminGroup", "roleNames": [ "Audit Log Administrator (View & Modify)", "Security Administrator (View & Modify)", "Storage Administrator (Initial Configuration)", "Storage Administrator (Local Copy)", "Storage Administrator (Performance Management)", "Storage Administrator (Provisioning)", "Storage Administrator (Remote Copy)", "Storage Administrator (System Resource Management)" ], "isBuiltIn": false, "hasAllResourceGroup": true } ] }
Attribute
Type
Description
userGroupObjectId
string
The object ID for a user group ID
An encoded character string is output if the user group ID includes reserved characters defined in RFC3986.
userGroupId
string
The user group ID
roleNames
string[]
The role name assigned to the user group
resourceGroupIds
int[]
The IDs of the resource groups assigned to the user group
isBuiltIn
boolean
Information about whether the user group is a built-in user group.
-
true: A built-in user group.
-
false: A user group created by a user.
hasAllResourceGroup
boolean
Information about whether all the resource groups are assigned to the target.
-
true: All the resource groups are assigned.
-
false: The specified resource groups are assigned.
-
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups
Getting information about a specific user group
Security Administrator (View Only)
GET base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID
Object ID
Set the
userGroupObjectId
value obtained by getting the information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
None.
Body
{ "userGroupObjectId": "devGroup", "userGroupId": "devGroup", "roleNames":[ "Security Administrator (View Only)" ], "resourceGroupIds": [ 1, 2, 3 ], "isBuiltIn":false, "hasAllResourceGroup":false }
Attribute
Type
Description
userGroupObjectId
string
The object ID for a user group ID
An encoded character string is output if the user group ID includes reserved characters defined in RFC 3986.
userGroupId
string
The user group ID
roleNames
string[]
The role name assigned to the user group
resourceGroupIds
int[]
The IDs of the resource groups assigned to the user group
isBuiltIn
boolean
Information about whether the user group is a built-in user group.
-
true: A built-in user group.
-
false: A user group created by a user.
hasAllResourceGroup
boolean
Information about whether all the resource groups are assigned to the target.
-
true: All the resource groups are assigned.
-
false: The specified resource groups are assigned.
-
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup
Creating a user group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/storages/storage-device-ID/user-groups
Object ID
None.
Query parameters
None.
Body
{ "userGroupId":"devGroup", "roleNames":[ "Storage Administrator (Provisioning)" ], "resourceGroupIds": [ 8, 9 ], "hasAllResourceGroup":false }
Attribute
Type
Description
userGroupId
string
(Required) The user group ID
Specify an ID consisting of 1 to 64 characters.
roleNames
string[]
(Required) The role name
Specify one or more of the following role names. The role names are case sensitive. If you specify multiple role names, delimit the names by commas.
You must specify Storage Administrator (View Only).
-
Audit Log Administrator (View & Modify)#
-
Audit Log Administrator (View Only)#
-
Security Administrator (View & Modify)#
-
Security Administrator (View Only)#
-
Storage Administrator (Initial Configuration)
-
Storage Administrator (Local Copy)
-
Storage Administrator (Performance Management)
-
Storage Administrator (Provisioning)
-
Storage Administrator (Remote Copy)
-
Storage Administrator (System Resource Management)
-
Storage Administrator (View Only)
-
Support Personnel#
-
User Maintenance#
#: If you specify this role, be sure to specify true for
hasAllResourceGroup
.resourceGroupIds
int[]
(Optional) The resource group IDs
Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas. This cannot be specified if the
hasAllResourceGroup
attribute is true.hasAllResourceGroup
boolean
(Required) Information about whether all the resource groups are assigned to the target.
If the roles specified for
roleNames
include any of the following roles, be sure to specify true for this attribute.-
Audit Log Administrator (View & Modify)
-
Audit Log Administrator (View Only)
-
Security Administrator (View & Modify)
-
Security Administrator (View Only)
-
Support Personnel
-
User Maintenance
If the roles specified for
roleNames
does not include any of these roles, be sure to specify false for this attribute.-
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the created user group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X POST --data-binary @./InputParameters.json https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups
Changing the user group settings
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PUT base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID
You can run this API request in a PATCH method.
Object ID
Set the
userGroupObjectId
value obtained by getting the information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
The following coding example shows how to change the user group ID:
{ "userGroupId":"adminGroup" }
The following coding example shows how to change a role:
{ "roleNames":[ "Storage Administrator (Provisioning)", "Storage Administrator (Local Copy)" ] }
Only one attribute can be specified in one request.
Attribute
Type
Description
userGroupId
string
(Optional) The user group ID
Specify an ID consisting of 1 to 64 characters.
hasAllResourceGroup
boolean
(Optional) Information about whether all the resource groups are assigned to the target.
If the roles specified for
roleNames
include any of the following roles, be sure to specify true for this attribute.-
Audit Log Administrator (View & Modify)
-
Audit Log Administrator (View Only)
-
Security Administrator (View & Modify)
-
Security Administrator (View Only)
-
Support Personnel
-
User Maintenance
If the roles specified for
roleNames
does not include any of these roles, be sure to specify false for this attribute.roleNames
string[]
(Optional) The role name
Specify one or more of the following role names. The role names are case sensitive. If you specify multiple role names, delimit the names by commas.
You must specify Storage Administrator (View Only).
-
Audit Log Administrator (View & Modify)#
-
Audit Log Administrator (View Only)#
-
Security Administrator (View & Modify)#
-
Security Administrator (View Only)#
-
Storage Administrator (Initial Configuration)
-
Storage Administrator (Local Copy)
-
Storage Administrator (Performance Management)
-
Storage Administrator (Provisioning)
-
Storage Administrator (Remote Copy)
-
Storage Administrator (System Resource Management)
-
Storage Administrator (View Only)
-
Support Personnel#
-
User Maintenance#
#: If you specify this role, be sure to specify true for
hasAllResourceGroup
.-
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user group on which settings are changed
None.
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup
Assigning resource groups to a user group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PUT base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID/actions/add-resource-group/invoke
You can run this API request in a POST method.
Object ID
Set the
userGroupObjectId
value obtained by getting the information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
{ "parameters": { "resourceGroupIds": [ 1, 2 ] } }
Attribute
Type
Description
resourceGroupIds
int[]
(Required) The resource group IDs
Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user group to which resource groups are assigned
GET base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID/actions/add-resource-group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup/actions/add-resource-group
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup/actions/add-resource-group/invoke
Releasing resource groups assigned to a user group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PUT base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID/actions/remove-resource-group/invoke
You can run this API request in a POST method.
Object ID
Set the
userGroupObjectId
value obtained by getting information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
{ "parameters": { "resourceGroupIds": [ 1, 2 ] } }
Attribute
Type
Description
resourceGroupIds
int[]
(Required) The resource group IDs
Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user group where assignment of resource groups is released
GET base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID/actions/remove-resource-group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup/actions/remove-resource-group
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup/actions/remove-resource-group/invoke
Deleting a user group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
DELETE base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID
Object ID
Set the
userGroupObjectId
value obtained by getting the information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
None.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the deleted user group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X DELETE https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup
Getting a list of users
Security Administrator (View Only)
GET base-URL/v1/objects/storages/storage-device-ID/users
Object ID
None.
Query parameters
None.
Body
None.
Body
{ "data": [ { "userObjectId": "devUser", "userId": "devUser", "authentication": "local", "userGroupNames": [ "Audit Log Administrator (View Only) User Group", "Storage Administrator (View & Modify) User Group" ], "isBuiltIn": false, "isAccountStatus": true }, { "userObjectId": "adminUser", "userId": "adminUser", "authentication": "local", "userGroupNames": [ "Administrator User Group" ], "isBuiltIn": false, "isAccountStatus": true } ] }
Attribute
Type
Description
userObjectId
string
Object ID of the user ID
If the user ID contains a reserved character defined in RFC 3986, the encoded character string is output.
userId
string
User ID
userGroupNames
string[]
User group name
isBuiltIn
boolean
Whether the user account is built-in
-
true: Indicates a built-in user account
-
false: Indicates that the account is created by the user
isAccountStatus
boolean
Status of the user account -
true: The user account is valid
-
false: The user account is invalid
authentication
string
Set authentication
-
local: Authorized by the storage system
-
external: Authorized by the external authentication server
-
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users
Getting information about a specific user
Security Administrator (View Only)
GET base-URL/v1/objects/storages/storage-device-ID/users/object-ID
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
None.
Body
{ "userObjectId": "devUser", "userId": "devUser", "authentication": "local", "userGroupNames": [ "Audit Log Administrator (View Only) User Group", "Storage Administrator (View & Modify) User Group" ], "isBuiltIn": false, "isAccountStatus": true }
Attribute
Type
Description
userObjectId
string
Object ID of the user ID
If the user ID contains a reserved character defined in RFC 3986, the encoded character string is output.
userId
string
User ID
userGroupNames
string[]
User group name
isBuiltIn
boolean
Whether the user account is built-in
-
true: Indicates a built-in user account
-
false: Indicates that the account is created by the user
isAccountStatus
boolean
Status of the user account -
true: The user account is valid
-
false: The user account is invalid
authentication
string
Set authentication
-
local: Authorized by the storage system
-
external: Authorized by the external authentication server
-
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser
Creating a user account
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/storages/storage-device-ID/users
Object ID
None.
Query parameters
None.
Body
{ "userId": "devUser", "authentication": "local", "userPassword":"devPassword", "userGroupNames": [ "Audit Log Administrator (View Only) User Group", "Storage Administrator (View & Modify) User Group" ] }
Attribute
Type
Description
userId
string
(Required) User ID
For details about the number of characters that can be specified for user IDs and the characters that can be used, see the description about input rules for user IDs and passwords.
userPassword
string
(Optional) Password
The password cannot be specified if the
authentication
attribute is external.For details about the number of characters that can be specified for passwords and the characters that can be used, see the description about input rules for user IDs and passwords.
userGroupNames
string[]
(Required) User group name
Specify a name consisting of 1 to 64 characters. You can specify up to 8 group names.
authentication
string
(Required) Set authentication
-
local: Authorized by the storage system
-
external: Authorized by the external authentication server#
#: To authenticate users on an external authentication server, specify the settings on the SVP so that the external authentication server. For details, see the System Administrator Guide.
-
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the created user
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X POST --data-binary @./InputParameters.json https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/
Changing the password of the user
If either of the following conditions is met, and the specified user account is also registered in the storage information of the Storage Device List on the SVP, you can also change the password of the user account registered in the Storage Device List at the same time:
- You are using a VSP G200, G400, G600, G800, VSP F400, F600, F800 storage system whose microcode version is 83-05-2X-XX/XX or later.
- You are using a VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system whose microcode version is 88-03-0X-XX/XX or later, and a linkage to the SVP is established in the configuration.
- You are using a VSP E series storage system, and a linkage to the SVP is established in the configuration.
- If you change a password registered in the Storage Device List, the management software running on the SVP will restart. As a result, management software (such as the REST API and Storage Navigator) becomes temporarily unavailable. You can use the software again after the job is complete.
- When changing the password of a user account registered in the Storage Device List, we strongly recommend specifying Completed for the Response-Job-Status in the request header. If Completed is not specified and processing for the storage system fails, information about communication errors might not be correctly obtained.
- The user ID and password that were used to register a storage system to the REST API server are stored on the REST API server. To change such a password, in addition to executing the API request for changing the password of the user, you will also need to change the information stored on the REST API server by executing the API request for changing information about a storage system.
-
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PUT base-URL/v1/objects/storages/storage-device-ID/users/object-ID
You can run this API request in a PATCH method.
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
To change the password of a user account of a storage system:
{ "userPassword":"userPass" }
To simultaneously change the password of a user account of a storage system and the password of a user account registered in the Storage Device List:
(Example of using a VSP G200, G400, G600, G800, VSP F400, F600, F800 storage system)
{ "userPassword":"userPass", "changesStorageDeviceListPassword":true, "mappWebServerHttpsPort":20443 }
To simultaneously change the password of a user account of a storage system and the password of a user account registered in the Storage Device List:
(Example of using a VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system with linkage to the SVP established in the configuration)
{ "userPassword":"userPass", "changesStorageDeviceListPassword":true }
Attribute
Type
Description
userPassword
string
(Required) New password
For details about the number of characters that can be specified for passwords and the characters that can be used, see the description about input rules for user IDs and passwords.
If true is specified for the attribute
changesStorageDeviceListPassword
, follow the rules for creating a user account that performs operations on storage systems from the REST API.changesStorageDeviceListPassword
boolean
(Optional) Whether to change the password of a user account registered in the Storage Device List
You can use this attribute when either of the following conditions is met:
- You are using a VSP G200, G400, G600, G800, VSP F400, F600, F800 storage system.
- You are using a VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system, and linkage to the SVP is established in the configuration.
- You are using a VSP E series storage system, and linkage to the SVP is established in the configuration.
If this attribute is specified, the password of a user account of the storage system and the password of a user account registered in the Storage Device List are simultaneously changed.
-
true: Change the password in the Storage Device List
-
false: Do not change the password in the Storage Device List
If this attribute is omitted, false is assumed.
mappWebServerHttpsPort
int
(Optional) Port number used by the SVP for HTTPS communication
You can use this attribute for VSP G200, G400, G600, G800, VSP F400, F600, F800.
Specify this attribute if
changesStorageDeviceListPassword
is true and if you are either using non-SSL communication or using SSL communication in DTLS encryption communication mode.If you are using non-SSL communication or DTLS encryption communication mode and you omit this attribute, 443 will be set.
If you are using SSL communication in DTLS SVP encrypted communication mode or SSL TLS encrypted communication mode between the REST API server and the storage system, you cannot specify this attribute, because this attribute requires the use of the port registered in the storage system.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user whose password was changed
None.
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser
Adding users to user groups
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PUT base-URL/v1/objects/storages/storage-device-ID/users/object-ID/actions/add-user-group/invoke
You can run this API request in a POST method.
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
{ "parameters": { "userGroupNames": [ "System User Group" ] } }
Attribute
Type
Description
userGroupNames
string[]
(Required) User group name
Specify a name consisting of 1 to 64 characters.
The following are the maximum numbers of user groups to which one user can belong:
- For VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900: 8
- For VSP 5000 series, VSP G1000, VSP G1500, VSP F1500: 8
- For VSP G200, G400, G600, G800, VSP F400, F600, F800: 1
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user who was added to the user group
GET base-URL/v1/objects/storages/storage-device-ID/users/object-ID/actions/add-user-group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser/actions/add-user-group
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser/actions/add-user-group/invoke
Removing users from user groups
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PUT base-URL/v1/objects/storages/storage-device-ID/users/object-ID/actions/remove-user-group/invoke
You can run this API request in a POST method.
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
{ "parameters": { "userGroupNames": [ "System User Group" ] } }
Attribute
Type
Description
userGroupNames
string[]
(Required) User group name
Specify a name consisting of 1 to 64 characters.
The following are the maximum numbers of user groups to which one user can belong:
- For VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900: 8
- For VSP 5000 series, VSP G1000, VSP G1500, VSP F1500: 8
- For VSP G200, G400, G600, G800, VSP F400, F600, F800: 1
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user who was removed from the user group
GET base-URL/v1/objects/storages/storage-device-ID/users/object-ID/actions/remove-user-group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser/actions/remove-user-group
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser/actions/remove-user-group/invoke
Deleting a user account
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
DELETE base-URL/v1/objects/storages/storage-device-ID/users/object-ID
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
None.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the deleted user account
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X DELETE https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser