User management and access control
Overview of user management and access control
For storage systems, resource groups and user groups are used to manage the roles and access permissions of users.
Resource group
Resource groups are used to classify and manage resources in the storage system. Only users who have access permissions for a resource group can perform operations on the resources (such as parity groups, LDEVs, and ports) that are added to that resource group.
User group
User groups are used to group users who have the same roles and access permissions for the resources in the storage system. To specify the operations that users in a user group can perform, assign a role to the user group. To specify the resources that the users in a user group can access, assign a resource group to the user group.
Role
Roles are execution permissions for resources. Roles are already set up, and the operations that users of each role can perform on resources are already defined. For details on the roles required to run a particular API request, see the description on that API request.
Users whose accounts were created by using the maintenance utility or Hitachi Device Manager - Storage Navigator can also execute REST API requests. If you want to use other storage management software to create user accounts that can execute REST API requests, specify the user IDs and passwords in accordance with the rules for the REST API.
If you are using Hitachi Device Manager - Storage Navigator, any users, user groups, and resource groups that were created by using the REST API can also be used from Hitachi Device Manager - Storage Navigator.
For details about user management and access control for storage systems, see the System Administrator Guide.
- If a user uses the REST API to lock the resources of a storage system, operations on the users, user groups, or resource groups will no longer be able to be performed. In such a case, unlock the resources before performing these operations.
- For the VSP 5000 series, it takes several minutes for the latest information to be applied to the cache after you create or delete a resource group or add or delete resources belonging to a resource group. For this reason, if you attempt to perform operations on user groups or users after performing any of these operations related to resource groups, the request might fail. If the request fails, wait for a while, and then run the request again.
Workflow for user management and access control
When using the REST API to create a user, specify a user group to which the user will belong. Assign, in advance, resource groups and roles to the user group based on the types of resources on which the users in that user group can operate and the operation permissions of users in that user group.
The following figure shows the workflow for specifying user and access control settings. If you are using the meta_resource group or built-in user group, you do not need to configure the resource group or the user group.
Set resource groups
Create a resource group, and then add resources such as parity groups, LDEVs, and ports. Group resources by business or organization into units for controlling access.
Set user groups
Create a user group. Assign resource groups and roles based on the types of resources on which the users in that user group can operate and the operation permissions of users in that user group.
Set users
Create a user. Specify the user group to which the user will belong, and then add the user to that user group. The user then can use the resources in the resource groups assigned to the user group according to the assigned roles.
Input rules for user IDs and passwords
If you want to include symbols in a request body, be sure to escape the symbols as required for JSON format.
Item |
Number of characters |
Specifiable characters |
User ID |
1 to 63 characters | You can use the following characters.
|
Password |
6 to 63 characters | You can use the following characters.
|
- When creating a user account that will not be used for the REST API but will be used
for other products such as Storage Navigator, you can use the number of characters in the
userId
anduserPassword
attributes of the API function for creating a user account, and in theuserPassword
attribute of the API function for changing the password of the user.- The
userId
attribute: 1 to 256 characters - The
userPassword
attribute: 6 to 256 characters
- The
- If you use Storage Navigator or another product to create a user account whose password includes a double quotation mark ("), you can use that user account to run the REST API. However, you cannot use the REST API to create a user account whose password includes a double quotation mark or to change a password to one that includes a double quotation mark.
Getting a list of resource groups
For a VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system, pay attention to the number of concurrent executions of this API request. For details, see "Implementing retry processing".
Storage Administrator (View Only)
GET base-URL/v1/objects/resource-groups
Object ID
None.
Query parameters
To filter execution results:
Parameter
Type
Filter condition
lockStatus
string
(Optional) Lock status of the resource group
-
Locked: Gets information about the locked resource groups
-
Unlocked: Gets information about the unlocked resource groups
To get information about only certain types of resources in resource groups:
If you try to get information for a large number of resource groups, processing might take a long time. You can reduce the request processing time by using the following query parameter to get information about only certain resources of interest.
Parameter
Type
Filter condition
attributes
string
(Optional) Type of resource for which information is to be obtained
Information will be obtained about only resources corresponding to the specified attributes.
To specify multiple attributes, separate the attributes by using commas.
You can use this parameter in combination with the
lockStatus
parameter.-
ldevIds: LDEV numbers
-
parityGroupIds: Parity group numbers
-
externalParityGroupIds: External parity group numbers
-
portIds: Port numbers
-
hostGroupIds: Object IDs of host groups or iSCSI targets
If this parameter is omitted, information will be obtained about all of the attributes listed above.
Information about attributes other than those listed above will be obtained regardless of the specification of this parameter.
The following are examples of how to specify these query parameters in various situations.
To get the LDEV numbers of locked resource groups:
?lockStatus=Locked&attributes=ldevIds
To get the port numbers, and the object IDs of host groups or iSCSI targets for all resource groups:
?attributes=portIds,hostGroupIds
-
Body
None.
Body
The following is an example of output when a request is run to get information about all types of resource groups:
{ "data": [ { "resourceGroupId": 4, "resourceGroupName": "devResourceGroup", "lockStatus": "Locked", "lockOwner": "devUser", "lockHost": "host01", "virtualStorageId": 0, "ldevIds": [ 12, 13 ], "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] }, { "resourceGroupId": 5, "resourceGroupName": "sales_group_resource", "lockStatus": "Unlocked", "virtualStorageId": 0, "ldevIds": [ 32, 33 ], "parityGroupIds": [ "2-1", "2-2" ], "externalParityGroupIds": [ "1-7", "1-8" ], "portIds": [ "CL3-A" ], "hostGroupIds": [ "CL3-A,1", "CL3-A,2" ] } ] }
The following is an example of output when a request is run with the
attributes
query parameter specified, to get only information about port numbers and the object IDs of host groups or iSCSI targets:{ "data": [ { "resourceGroupId": 4, "resourceGroupName": "devResourceGroup", "lockStatus": "Locked", "lockOwner": "devUser", "lockHost": "host01", "virtualStorageId": 0, "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] }, { "resourceGroupId": 5, "resourceGroupName": "sales_group_resource", "lockStatus": "Unlocked", "virtualStorageId": 0, "portIds": [ "CL3-A" ], "hostGroupIds": [ "CL3-A,1", "CL3-A,2" ] } ] }
Attribute
Type
Description
resourceGroupName
string
Resource group name
resourceGroupId
int
Resource group ID
lockStatus
string
Lock status of the resource group
- Locked: The resource group is locked.
- Unlocked: The resource group is unlocked.
selfLock
boolean
Whether the session specified in the Authorization header locked the resource group
- true: The specified session locked the resource group
- false: Another session locked the resource group
This attribute is output if the resource group is locked by a session that was generated by the same user who runs the API.
lockOwner
string
User ID that locked the resource group
This attribute is not output if the resource group is unlocked.
lockHost
string
IP address or name of the host that locked the resource group
IP address or the host name of the SVP or GUM is output if the resource group has been locked by the REST API.
This attribute is not output if the resource group is unlocked.
lockSessionId
int
Session ID that locked the resource group
This attribute is output only when the resource group is locked and when a user who belongs to the Administrator user group (built-in user group) runs the API.
virtualStorageId
int
ID of the virtual storage machine that corresponds to the resource group
ldevIds
int[]
LDEV number
parityGroupIds
string[]
Parity group number
externalParityGroupIds
string[]
External parity group number
portIds
string[]
Port number
hostGroupIds
string[]
Object ID of the host group or iSCSI target
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups
Getting information about a specific resource group
Storage Administrator (View Only)
GET base-URL/v1/objects/resource-groups/object-ID
Object ID
Specify the value of
resourceGroupId
that was obtained by the processing to get information about resource groups.Attribute
Type
Description
resourceGroupId
int
(Required) Resource group ID
Specify a decimal (base 10) number in the range from 0 to 1023.
Query parameters
None.
Body
None.
Body
{ "resourceGroupId": 4, "resourceGroupName": "devResourceGroup", "lockStatus": "Locked", "lockOwner": "devUser", "lockHost": "host01", "virtualStorageId": 0, "ldevIds": [ 12, 13 ], "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] }
Attribute
Type
Description
resourceGroupName
string
Resource group name
resourceGroupId
int
Resource group ID
lockStatus
string
Lock status of the resource group
- Locked: The resource group is locked.
- Unlocked: The resource group is unlocked.
selfLock
boolean
Whether the resource group was locked by the session specified in the Authorization header
- true: The specified session locked the resource group.
- false: Another session locked the resource group.
This attribute is output when the resource group is locked by a session that was generated by the same user who runs the API.
lockOwner
string
User ID of the user who locked the resource group
This attribute is output only when the resource group is locked.
lockHost
string
Name of the host that locked the resource group
If the resource group was locked by the REST API, the host name of the SVP or GUM is output.
This attribute is output only when the resource group is locked.
lockSessionId
int
Session ID of the session that locked the resource group
This attribute is output only when the resource group is locked and the API was run by one of the following users: the user who belongs to the Administrator user group (built-in user group).
virtualStorageId
int
ID of the virtual storage machine that corresponds to the resource group
ldevIds
int[]
LDEV number
parityGroupIds
string[]
Parity group number
externalParityGroupIds
string[]
External parity group number
portIds
string[]
Port number
hostGroupIds
string[]
Object ID of the host group or iSCSI target
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4
Creating a resource group
virtualStorageDeviceId
attribute.If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/resource-groups
Object ID
None.
Query parameters
None.
Body
{ "resourceGroupName":"devResourceGroup", "virtualStorageId":"2" }
Attribute
Type
Description
resourceGroupName
string
(Required) Resource group name
Specify a name consisting of 1 to 32 characters.
virtualStorageDeviceId
string
(Optional) Storage device ID of the virtual storage machine
This attribute cannot be specified at the same time as the
virtualStorageId
attribute.If this attribute is omitted, the default storage device ID (the same storage device ID as that of the target physical storage system) will be set.
virtualStorageId
int
(Optional) ID of the virtual storage machine that corresponds to the resource group
Specify a decimal (base 10) number in the range from 0 to 7.
This attribute cannot be specified at the same time as the
virtualStorageDeviceId
attribute.If this attribute is omitted, 0 will be set.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the description on job objects.Attribute
Description
affectedResources
URL of the created resource group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X POST --data-binary @./InputParameters.json https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups
Adding a resource to a resource group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/resource-groups/object-ID/actions/add-resource/invoke
Object ID
Specify the value of
resourceGroupId
that was obtained by the processing to get information about resource groups.Attribute
Type
Description
resourceGroupId
int
(Required) Resource group ID
Specify a decimal (base 10) number in the range from 1 to 1023.
Query parameters
None.
Body
The following coding example shows how to specify an LDEV number:
{ "parameters": { "ldevIds": [ 2, 3 ], "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] } }
The following coding example shows how to specify a range of LDEV numbers:
{ "parameters": { "startLdevId": 2, "endLdevId": 5, "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] } }
Attribute
Type
Description
parityGroupIds
string[]
(Optional) Parity group number
externalParityGroupIds
string[]
(Optional) External parity group number
portIds
string[]
(Optional) Port number
hostGroupIds
string[]
(Optional) Object ID of the host group or iSCSI target
Specify the value of
hostGroupId
that was obtained by the processing to get information about host groups or iSCSI targets.ldevIds
int[]
(Optional) LDEV number
Specify a value in the range from 0 to 65279. If you specify this attribute, you cannot specify the
startLdevId
attribute or theendLdevId
attribute.startLdevId
int
(Optional) First LDEV number
When specifying a range of LDEVs, specify a value in the range from 0 to 65278. If you specify this attribute, you must also specify the
endLdevId
attribute. If you specify theldevId
attribute, you cannot specify this attribute.endLdevId
int
(Optional) Last LDEV number
When specifying a range of LDEVs, specify a value in the range from 1 to 65279. If you specify this attribute, you must also specify the
startLdevId
attribute. If you specify theldevId
attribute, you cannot specify this attribute.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the description on job objects.Attribute
Description
affectedResources
URL of the resource group to which resources are added
GET base-URL/v1/objects/resource-groups/object-ID/actions/add-resource
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4/actions/add-resource
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4/actions/add-resource/invoke
Removing a resource from a resource group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/resource-groups/object-ID/actions/remove-resource/invoke
Object ID
Specify the value of
resourceGroupId
that was obtained by the processing to get information about resource groups.Attribute
Type
Description
resourceGroupId
int
(Required) Resource group ID
Specify a decimal (base 10) number in the range from 1 to 1023.
Query parameters
None.
Body
The following coding example shows how to specify an LDEV number:
{ "parameters": { "ldevIds": [ 2, 3 ], "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-5", "1-6" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] } }
The following coding example shows how to specify a range of LDEV numbers:
{ "parameters": { "startLdevId": 2, "endLdevId": 5, "parityGroupIds": [ "1-1", "1-2" ], "externalParityGroupIds": [ "1-7", "1-8" ], "portIds": [ "CL1-A", "CL1-B" ], "hostGroupIds": [ "CL1-A,4", "CL1-A,5", "CL1-A,6" ] } }
Attribute
Type
Description
parityGroupIds
string[]
(Optional) Parity group number
externalParityGroupIds
string[]
(Optional) External parity group number
portIds
string[]
(Optional) Port number
hostGroupIds
string[]
(Optional) Object ID of the host group or iSCSI target
Specify the value of
hostGroupId
that was obtained by the processing to get information about host groups or iSCSI targets.ldevIds
int[]
(Optional) LDEV number
Specify a value in the range from 0 to 65279. If you specify this attribute, you cannot specify the
startLdevId
attribute or theendLdevId
attribute.startLdevId
int
(Optional) First LDEV number
When specifying a range of LDEVs, specify a value in the range from 0 to 65278. If you specify this attribute, you must also specify the
endLdevId
attribute. If you specify theldevId
attribute, you cannot specify this attribute.endLdevId
int
(Optional) Last LDEV number
When specifying a range of LDEVs, specify a value in the range from 1 to 65279. If you specify this attribute, you must also specify the
startLdevId
attribute. If you specify theldevId
attribute, you cannot specify this attribute.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the description on job objects.Attribute
Description
affectedResources
URL of the resource group from which resources were removed
GET base-URL/v1/objects/resource-groups/object-ID/actions/remove-resource
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4/actions/remove-resource
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4/actions/remove-resource/invoke
Deleting a resource group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
DELETE base-URL/v1/objects/resource-groups/object-ID
Object ID
Specify the value of
resourceGroupId
that was obtained by the processing to get information about resource groups.Attribute
Type
Description
resourceGroupId
int
(Required) Resource group ID
Specify a decimal (base 10) number in the range from 1 to 1023.
Query parameters
None.
Body
None.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the description on job objects.Attribute
Description
affectedResources
URL of the deleted resource group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X DELETE https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4
Getting a list of user groups
Security Administrator (View Only)
GET base-URL/v1/objects/user-groups
Object ID
None.
Query parameters
None.
Body
None.
Body
{ "data": [ { "userGroupObjectId": "devGroup", "userGroupId": "devGroup", "roleNames": [ "Audit Log Administrator (View & Modify)" ], "resourceGroupIds": [ 1, 2, 3 ], "isBuiltIn": false, "hasAllResourceGroup": false }, { "userGroupObjectId": "adminGroup", "userGroupId": "adminGroup", "roleNames": [ "Audit Log Administrator (View & Modify)", "Security Administrator (View & Modify)", "Storage Administrator (Initial Configuration)", "Storage Administrator (Local Copy)", "Storage Administrator (Performance Management)", "Storage Administrator (Provisioning)", "Storage Administrator (Remote Copy)", "Storage Administrator (System Resource Management)" ], "isBuiltIn": false, "hasAllResourceGroup": true } ] }
Attribute
Type
Description
userGroupObjectId
string
The object ID for a user group ID
An encoded character string is output if the user group ID includes reserved characters defined in RFC3986.
userGroupId
string
The user group ID
roleNames
string[]
The role name assigned to the user group
resourceGroupIds
int[]
The IDs of the resource groups assigned to the user group
isBuiltIn
boolean
Information about whether the user group is a built-in user group.
-
true: A built-in user group.
-
false: A user group created by a user.
hasAllResourceGroup
boolean
Information about whether all the resource groups are assigned to the target.
-
true: All the resource groups are assigned.
-
false: The specified resource groups are assigned.
-
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/user-groups
Getting information about a specific user group
Security Administrator (View Only)
GET base-URL/v1/objects/user-groups/object-ID
Object ID
Set the
userGroupObjectId
value obtained by getting the information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
None.
Body
{ "userGroupObjectId": "devGroup", "userGroupId": "devGroup", "roleNames":[ "Security Administrator (View Only)" ], "resourceGroupIds": [ 1, 2, 3 ], "isBuiltIn":false, "hasAllResourceGroup":false }
Attribute
Type
Description
userGroupObjectId
string
The object ID for a user group ID
An encoded character string is output if the user group ID includes reserved characters defined in RFC 3986.
userGroupId
string
The user group ID
roleNames
string[]
The role name assigned to the user group
resourceGroupIds
int[]
The IDs of the resource groups assigned to the user group
isBuiltIn
boolean
Information about whether the user group is a built-in user group.
-
true: A built-in user group.
-
false: A user group created by a user.
hasAllResourceGroup
boolean
Information about whether all the resource groups are assigned to the target.
-
true: All the resource groups are assigned.
-
false: The specified resource groups are assigned.
-
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup
Creating a user group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/user-groups
Object ID
None.
Query parameters
None.
Body
{ "userGroupId":"devGroup", "roleNames":[ "Storage Administrator (Provisioning)" ], "resourceGroupIds": [ 8, 9 ], "hasAllResourceGroup":false }
Attribute
Type
Description
userGroupId
string
(Required) The user group ID
Specify an ID consisting of 1 to 64 characters.
roleNames
string[]
(Required) The role name
Specify one or more of the following role names. The role names are case sensitive. If you specify multiple role names, delimit the names by commas.
-
Audit Log Administrator (View & Modify)#
-
Audit Log Administrator (View Only)#
-
Security Administrator (View & Modify)#
-
Security Administrator (View Only)#
-
Storage Administrator (Initial Configuration)
-
Storage Administrator (Local Copy)
-
Storage Administrator (Performance Management)
-
Storage Administrator (Provisioning)
-
Storage Administrator (Remote Copy)
-
Storage Administrator (System Resource Management)
-
Storage Administrator (View Only)
-
Support Personnel#
-
User Maintenance#
#: If you specify this role, be sure to specify true for
hasAllResourceGroup
.resourceGroupIds
int[]
(Optional) The resource group IDs
Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas. This cannot be specified if the
hasAllResourceGroup
attribute is true.hasAllResourceGroup
boolean
(Required) Information about whether all the resource groups are assigned to the target.
If the roles specified for
roleNames
include any of the following roles, be sure to specify true for this attribute.-
Audit Log Administrator (View & Modify)
-
Audit Log Administrator (View Only)
-
Security Administrator (View & Modify)
-
Security Administrator (View Only)
-
Support Personnel
-
User Maintenance
If the roles specified for
roleNames
does not include any of these roles, be sure to specify false for this attribute.-
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the created user group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X POST --data-binary @./InputParameters.json https://192.0.2.100/ConfigurationManager/v1/objects/user-groups
Changing the user group settings
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PATCH base-URL/v1/objects/user-groups/object-ID
Object ID
Set the
userGroupObjectId
value obtained by getting the information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
The following coding example shows how to change the user group ID:
{ "userGroupId":"adminGroup" }
The following coding example shows how to change a role:
{ "roleNames":[ "Storage Administrator (Provisioning)", "Storage Administrator (Local Copy)" ] }
Only one attribute can be specified in one request.
Attribute
Type
Description
userGroupId
string
(Optional) The user group ID
Specify an ID consisting of 1 to 64 characters.
hasAllResourceGroup
boolean
(Optional) Information about whether all the resource groups are assigned to the target.
If the roles specified for
roleNames
include any of the following roles, be sure to specify true for this attribute.-
Audit Log Administrator (View & Modify)
-
Audit Log Administrator (View Only)
-
Security Administrator (View & Modify)
-
Security Administrator (View Only)
-
Support Personnel
-
User Maintenance
If the roles specified for
roleNames
does not include any of these roles, be sure to specify false for this attribute.roleNames
string[]
(Optional) The role name
Specify one or more of the following role names. The role names are case sensitive. If you specify multiple role names, delimit the names by commas.
-
Audit Log Administrator (View & Modify)#
-
Audit Log Administrator (View Only)#
-
Security Administrator (View & Modify)#
-
Security Administrator (View Only)#
-
Storage Administrator (Initial Configuration)
-
Storage Administrator (Local Copy)
-
Storage Administrator (Performance Management)
-
Storage Administrator (Provisioning)
-
Storage Administrator (Remote Copy)
-
Storage Administrator (System Resource Management)
-
Storage Administrator (View Only)
-
Support Personnel#
-
User Maintenance#
#: If you specify this role, be sure to specify true for
hasAllResourceGroup
.-
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user group on which settings are changed
None.
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X PATCH https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup
Assigning resource groups to a user group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/user-groups/object-ID/actions/add-resource-group/invoke
Object ID
Set the
userGroupObjectId
value obtained by getting the information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
{ "parameters": { "resourceGroupIds": [ 1, 2 ] } }
Attribute
Type
Description
resourceGroupIds
int[]
(Required) The resource group IDs
Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user group to which resource groups are assigned
GET base-URL/v1/objects/user-groups/object-ID/actions/add-resource-group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup/actions/add-resource-group
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup/actions/add-resource-group/invoke
Releasing resource groups assigned to a user group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/user-groups/object-ID/actions/remove-resource-group/invoke
Object ID
Set the
userGroupObjectId
value obtained by getting information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
{ "parameters": { "resourceGroupIds": [ 1, 2 ] } }
Attribute
Type
Description
resourceGroupIds
int[]
(Required) The resource group IDs
Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user group where assignment of resource groups is released
GET base-URL/v1/objects/user-groups/object-ID/actions/remove-resource-group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup/actions/remove-resource-group
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup/actions/remove-resource-group/invoke
Deleting a user group
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
DELETE base-URL/v1/objects/user-groups/object-ID
Object ID
Set the
userGroupObjectId
value obtained by getting the information about the user group.Attribute
Type
Description
userGroupObjectId
string
(Required) The object ID for a user group ID
The object ID is case sensitive.
Query parameters
None.
Body
None.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the deleted user group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X DELETE https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup
Getting a list of users
Security Administrator (View Only)
GET base-URL/v1/objects/users
Object ID
None.
Query parameters
None.
Body
None.
Body
{ "data": [ { "userObjectId": "devUser", "userId": "devUser", "authentication": "local", "userGroupNames": [ "Audit Log Administrator (View Only) User Group", "Storage Administrator (View & Modify) User Group" ], "isBuiltIn": false, "isAccountStatus": true }, { "userObjectId": "adminUser", "userId": "adminUser", "authentication": "local", "userGroupNames": [ "Administrator User Group" ], "isBuiltIn": false, "isAccountStatus": true } ] }
Attribute
Type
Description
userObjectId
string
Object ID of the user ID
If the user ID contains a reserved character defined in RFC 3986, the encoded character string is output.
userId
string
User ID
userGroupNames
string[]
User group name
isBuiltIn
boolean
Whether the user account is built-in
-
true: Indicates a built-in user account
-
false: Indicates that the account is created by the user
isAccountStatus
boolean
Status of the user account -
true: The user account is valid
-
false: The user account is invalid
authentication
string
Set authentication
-
local: Authorized by the storage system
-
external: Authorized by the external authentication server
-
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/users
Getting information about a specific user
Security Administrator (View Only)
GET base-URL/v1/objects/users/object-ID
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
None.
Body
{ "userObjectId": "devUser", "userId": "devUser", "authentication": "local", "userGroupNames": [ "Audit Log Administrator (View Only) User Group", "Storage Administrator (View & Modify) User Group" ], "isBuiltIn": false, "isAccountStatus": true }
Attribute
Type
Description
userObjectId
string
Object ID of the user ID
If the user ID contains a reserved character defined in RFC 3986, the encoded character string is output.
userId
string
User ID
userGroupNames
string[]
User group name
isBuiltIn
boolean
Whether the user account is built-in
-
true: Indicates a built-in user account
-
false: Indicates that the account is created by the user
isAccountStatus
boolean
Status of the user account -
true: The user account is valid
-
false: The user account is invalid
authentication
string
Set authentication
-
local: Authorized by the storage system
-
external: Authorized by the external authentication server
-
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser
Creating a user account
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/users
Object ID
None.
Query parameters
None.
Body
{ "userId": "devUser", "authentication": "local", "userPassword":"devPassword", "userGroupNames": [ "Audit Log Administrator (View Only) User Group", "Storage Administrator (View & Modify) User Group" ] }
Attribute
Type
Description
userId
string
(Required) User ID
For details about the number of characters that can be specified for user IDs and the characters that can be used, see the description about input rules for user IDs and passwords.
userPassword
string
(Optional) Password
The password cannot be specified if the
authentication
attribute is external.For details about the number of characters that can be specified for passwords and the characters that can be used, see the description about input rules for user IDs and passwords.
userGroupNames
string[]
(Required) User group name
Specify a name consisting of 1 to 64 characters. You can specify up to 8 group names.
authentication
string
(Required) Set authentication
-
local: Authorized by the storage system
-
external: Authorized by the external authentication server
-
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the created user
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X POST --data-binary @./InputParameters.json https://192.0.2.100/ConfigurationManager/v1/objects/users/
Changing the password of the user
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
PATCH base-URL/v1/objects/users/object-ID
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
{ "userPassword":"userPass" }
Attribute
Type
Description
userPassword
string
(Required) New password
For details about the number of characters that can be specified for passwords and the characters that can be used, see the description about input rules for user IDs and passwords.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user whose password was changed
None.
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X PATCH https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser
Adding users to user groups
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/users/object-ID/actions/add-user-group/invoke
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
{ "parameters": { "userGroupNames": [ "System User Group" ] } }
Attribute
Type
Description
userGroupNames
string[]
(Required) User group name
Specify a name consisting of 1 to 64 characters.
One user can belong to a maximum of You can specify up to 8 user groups.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user who was added to the user group
GET base-URL/v1/objects/users/object-ID/actions/add-user-group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser/actions/add-user-group
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser/actions/add-user-group/invoke
Removing users from user groups
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
POST base-URL/v1/objects/users/object-ID/actions/remove-user-group/invoke
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
{ "parameters": { "userGroupNames": [ "System User Group" ] } }
Attribute
Type
Description
userGroupNames
string[]
(Required) User group name
Specify a name consisting of 1 to 64 characters.
One user can belong to a maximum of You can specify up to 8 user groups.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the user who was removed from the user group
GET base-URL/v1/objects/users/object-ID/actions/remove-user-group
For details on the status codes of the request for this operation, see the description on HTTP status codes.
To get an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser/actions/remove-user-group
To run the request after getting an action template:
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser/actions/remove-user-group/invoke
Deleting a user account
If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.
Security Administrator (View & Modify)
DELETE base-URL/v1/objects/users/object-ID
Object ID
Specify the
userObjectId
value obtained by getting information about the user.Attribute
Type
Description
userObjectId
string
(Required) Object ID of the user ID
The name is case sensitive.
Query parameters
None.
Body
None.
Body
A job object is returned. For details on attributes other than
affectedResources
, see the section explaining job objects.Attribute
Description
affectedResources
URL of the deleted user account
For details on the status codes of the request for this operation, see the description on HTTP status codes.
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X DELETE https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser