Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

User management and access control

You can manage users and control access to storage system resources. To perform operations on storage system resources, users must have the appropriate roles (execution permissions) and access permissions for the resources on which the operations are to be performed. Before using the REST API, users with the required roles and access permissions must be created. You must create resource and user groups, assign permissions, and create users before users can perform storage system operations.

Overview of user management and access control

To perform operations on storage system resources, users must have the appropriate roles (execution permissions) and access permissions for the resources on which the operations are to be performed. Before using the REST API, users with the required roles and access permissions must be created.

For storage systems, resource groups and user groups are used to manage the roles and access permissions of users.

  • Resource group

    Resource groups are used to classify and manage resources in the storage system. Only users who have access permissions for a resource group can perform operations on the resources (such as parity groups, LDEVs, and ports) that are added to that resource group.

  • User group

    User groups are used to group users who have the same roles and access permissions for the resources in the storage system. To specify the operations that users in a user group can perform, assign a role to the user group. To specify the resources that the users in a user group can access, assign a resource group to the user group.

  • Role

    Roles are execution permissions for resources. Roles are already set up, and the operations that users of each role can perform on resources are already defined. For details on the roles required to run a particular API request, see the description on that API request.

Users whose accounts were created by using the maintenance utility or Hitachi Device Manager - Storage Navigator can also execute REST API requests. If you want to use other storage management software to create user accounts that can execute REST API requests, specify the user IDs and passwords in accordance with the rules for the REST API.

If you are using Hitachi Device Manager - Storage Navigator, any users, user groups, and resource groups that were created by using the REST API can also be used from Hitachi Device Manager - Storage Navigator.

For details about user management and access control for storage systems, see the System Administrator Guide.

Note
  • If a user uses the REST API to lock the resources of a storage system, operations on the users, user groups, or resource groups will no longer be able to be performed. In such a case, unlock the resources before performing these operations.
  • For the VSP 5000 series, it takes several minutes for the latest information to be applied to the cache after you create or delete a resource group or add or delete resources belonging to a resource group. For this reason, if you attempt to perform operations on user groups or users after performing any of these operations related to resource groups, the request might fail. If the request fails, wait for a while, and then run the request again.

Workflow for user management and access control

This section describes the workflow for creating users who will perform operations on storage systems and for setting access permissions for the resources necessary for those operations.

When using the REST API to create a user, specify a user group to which the user will belong. Assign, in advance, resource groups and roles to the user group based on the types of resources on which the users in that user group can operate and the operation permissions of users in that user group.

The following figure shows the workflow for specifying user and access control settings. If you are using the meta_resource group or built-in user group, you do not need to configure the resource group or the user group.

GUID-90A9C5EC-28A5-4191-A95E-33FA8F35D208-low.gif

  • Set resource groups

    Create a resource group, and then add resources such as parity groups, LDEVs, and ports. Group resources by business or organization into units for controlling access.

  • Set user groups

    Create a user group. Assign resource groups and roles based on the types of resources on which the users in that user group can operate and the operation permissions of users in that user group.

  • Set users

    Create a user. Specify the user group to which the user will belong, and then add the user to that user group. The user then can use the resources in the resource groups assigned to the user group according to the assigned roles.

Input rules for user IDs and passwords

When creating users who will perform operations on storage systems from the REST API, specify user IDs and passwords consisting of the characters described in the following table.

If you want to include symbols in a request body, be sure to escape the symbols as required for JSON format.

Item

Number of characters

Specifiable characters

User ID

1 to 63 characters

You can use the following characters.
  • Alphanumeric characters
  • The following symbols:

    ! # $ % & ' * + - . / = ? @ ^ _ ` { | } ~

    • User IDs that contain forward slashes (/) cannot be used as object IDs.
    • User IDs that contain percent signs (%) or plus signs (+) cannot be used as object IDs for the following API requests:

      API request for adding users to user groups

      API request for removing users from user groups

Password

6 to 63 characters

You can use the following characters.
  • Alphanumeric characters
  • ASCII symbols which can be keyed in except space:

    ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

Note
  • When creating a user account that will not be used for the REST API but will be used for other products such as Storage Navigator, you can use the number of characters in the userId and userPassword attributes of the API function for creating a user account, and in the userPassword attribute of the API function for changing the password of the user.
    • The userId attribute: 1 to 256 characters
    • The userPassword attribute: 6 to 256 characters
    Specify the user ID and password according to input restrictions (specifiable characters and the required number of characters) of the software for which the user account will be used. Note that, if you create an account for which the user ID or password does not adhere to the input restrictions in the preceding table, you will not be able to use the account to run the REST API.
  • If you use Storage Navigator or another product to create a user account whose password includes a double quotation mark ("), you can use that user account to run the REST API. However, you cannot use the REST API to create a user account whose password includes a double quotation mark or to change a password to one that includes a double quotation mark.

Getting a list of resource groups

The following request gets information about resource groups registered in the storage system. You can also use a query parameter to get information about only certain resources of interest.
Important

For a VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system, pay attention to the number of concurrent executions of this API request. For details, see "Implementing retry processing".

Execution permission

Storage Administrator (View Only)

Request line
GET base-URL/v1/objects/resource-groups
Request message
  • Object ID

    None.

  • Query parameters

    To filter execution results:

    Parameter

    Type

    Filter condition

    lockStatus

    string

    (Optional) Lock status of the resource group

    • Locked: Gets information about the locked resource groups

    • Unlocked: Gets information about the unlocked resource groups

    To get information about only certain types of resources in resource groups:

    If you try to get information for a large number of resource groups, processing might take a long time. You can reduce the request processing time by using the following query parameter to get information about only certain resources of interest.

    Parameter

    Type

    Filter condition

    attributes

    string

    (Optional) Type of resource for which information is to be obtained

    Information will be obtained about only resources corresponding to the specified attributes.

    To specify multiple attributes, separate the attributes by using commas.

    You can use this parameter in combination with the lockStatus parameter.

    • ldevIds: LDEV numbers

    • parityGroupIds: Parity group numbers

    • externalParityGroupIds: External parity group numbers

    • portIds: Port numbers

    • hostGroupIds: Object IDs of host groups or iSCSI targets

    If this parameter is omitted, information will be obtained about all of the attributes listed above.

    Information about attributes other than those listed above will be obtained regardless of the specification of this parameter.

    The following are examples of how to specify these query parameters in various situations.

    • To get the LDEV numbers of locked resource groups:

      ?lockStatus=Locked&attributes=ldevIds
    • To get the port numbers, and the object IDs of host groups or iSCSI targets for all resource groups:

      ?attributes=portIds,hostGroupIds
  • Body

    None.

Response message
  • Body

    The following is an example of output when a request is run to get information about all types of resource groups:

    {
      "data": [
        {
          "resourceGroupId": 4,
          "resourceGroupName": "devResourceGroup",
          "lockStatus": "Locked",
          "lockOwner": "devUser",
          "lockHost": "host01",
          "virtualStorageId": 0,
          "ldevIds": [
            12,
            13
          ],
          "parityGroupIds": [
            "1-1",
            "1-2"
          ],
          "externalParityGroupIds": [
            "1-5",
            "1-6"
          ],
          "portIds": [
            "CL1-A",
            "CL1-B"
          ],
          "hostGroupIds": [
            "CL1-A,4",
            "CL1-A,5",
            "CL1-A,6"
          ]
        },
        {
          "resourceGroupId": 5,
          "resourceGroupName": "sales_group_resource",
          "lockStatus": "Unlocked",
          "virtualStorageId": 0,
          "ldevIds": [
            32,
            33
          ],
          "parityGroupIds": [
            "2-1",
            "2-2"
          ],
          "externalParityGroupIds": [
            "1-7",
            "1-8"
          ],
          "portIds": [
            "CL3-A"
          ],
          "hostGroupIds": [
            "CL3-A,1",
            "CL3-A,2"
          ]
        }
      ]
    }

    The following is an example of output when a request is run with the attributes query parameter specified, to get only information about port numbers and the object IDs of host groups or iSCSI targets:

    {
      "data": [
        {
          "resourceGroupId": 4,
          "resourceGroupName": "devResourceGroup",
          "lockStatus": "Locked",
          "lockOwner": "devUser",
          "lockHost": "host01",
          "virtualStorageId": 0,
          "portIds": [
            "CL1-A",
            "CL1-B"
          ],
          "hostGroupIds": [
            "CL1-A,4",
            "CL1-A,5",
            "CL1-A,6"
          ]
        },
        {
          "resourceGroupId": 5,
          "resourceGroupName": "sales_group_resource",
          "lockStatus": "Unlocked",
          "virtualStorageId": 0,
          "portIds": [
            "CL3-A"
          ],
          "hostGroupIds": [
            "CL3-A,1",
            "CL3-A,2"
          ]
        }
      ]
    }

    Attribute

    Type

    Description

    resourceGroupName

    string

    Resource group name

    resourceGroupId

    int

    Resource group ID

    lockStatus

    string

    Lock status of the resource group

    • Locked: The resource group is locked.
    • Unlocked: The resource group is unlocked.

    selfLock

    boolean

    Whether the session specified in the Authorization header locked the resource group

    • true: The specified session locked the resource group
    • false: Another session locked the resource group

    This attribute is output if the resource group is locked by a session that was generated by the same user who runs the API.

    lockOwner

    string

    User ID that locked the resource group

    This attribute is not output if the resource group is unlocked.

    lockHost

    string

    IP address or name of the host that locked the resource group

    If the resource group has been locked by the REST API, IP address or the host name of the SVP or GUM is output.

    This attribute is output only when the resource group is locked.

    lockSessionId

    int

    Session ID that locked the resource group

    This attribute is output only when the resource group is locked and when a user who belongs to the Administrator user group (built-in user group) runs the API.

    virtualStorageId

    int

    ID of the virtual storage machine that corresponds to the resource group

    ldevIds

    int[]

    LDEV number

    parityGroupIds

    string[]

    Parity group number

    externalParityGroupIds

    string[]

    External parity group number

    portIds

    string[]

    Port number

    hostGroupIds

    string[]

    Object ID of the host group or iSCSI target

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups

Getting information about a specific resource group

The following request gets information about the specified resource group. The obtained information can be used to check the lock status of a resource group, the user ID of the user who locked the resource group, or the name of the host that locked the resource group.
Execution permission

Storage Administrator (View Only)

Request line

GET base-URL/v1/objects/resource-groups/object-ID
Request message
  • Object ID

    Specify the value of resourceGroupId that was obtained by the processing to get information about resource groups.

    Attribute

    Type

    Description

    resourceGroupId

    int

    (Required) Resource group ID

    Specify a decimal (base 10) number in the range from 0 to 1023.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "resourceGroupId": 4,
      "resourceGroupName": "devResourceGroup",
      "lockStatus": "Locked",
      "lockOwner": "devUser",
      "lockHost": "host01",
      "virtualStorageId": 0,
      "ldevIds": [
        12,
        13
      ],
      "parityGroupIds": [
        "1-1",
        "1-2"
      ],
      "externalParityGroupIds": [
        "1-5",
        "1-6"
      ],
      "portIds": [
        "CL1-A",
        "CL1-B"
      ],
      "hostGroupIds": [
        "CL1-A,4",
        "CL1-A,5",
        "CL1-A,6"
      ]
    }

    Attribute

    Type

    Description

    resourceGroupName

    string

    Resource group name

    resourceGroupId

    int

    Resource group ID

    lockStatus

    string

    Lock status of the resource group

    • Locked: The resource group is locked.
    • Unlocked: The resource group is unlocked.

    selfLock

    boolean

    Whether the resource group was locked by the session specified in the Authorization header

    • true: The specified session locked the resource group.
    • false: Another session locked the resource group.

    This attribute is output when the resource group is locked by a session that was generated by the same user who runs the API.

    lockOwner

    string

    User ID of the user who locked the resource group

    This attribute is output only when the resource group is locked.

    lockHost

    string

    IP address or name of the host that locked the resource group

    If the resource group has been locked by the REST API, IP address or the host name of the SVP or GUM is output.

    This attribute is output only when the resource group is locked.

    lockSessionId

    int

    Session ID of the session that locked the resource group

    This attribute is output only when the resource group is locked and the API was run by one of the following users: the user who belongs to the Administrator user group (built-in user group).

    virtualStorageId

    int

    ID of the virtual storage machine that corresponds to the resource group

    ldevIds

    int[]

    LDEV number

    parityGroupIds

    string[]

    Parity group number

    externalParityGroupIds

    string[]

    External parity group number

    portIds

    string[]

    Port number

    hostGroupIds

    string[]

    Object ID of the host group or iSCSI target

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4

Creating a resource group

The following request creates resource groups. To add a resource group to a virtual storage machine, you must also specify the virtualStorageDeviceId attribute.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

POST base-URL/v1/objects/resource-groups
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    {
      "resourceGroupName":"devResourceGroup",
      "virtualStorageDeviceId":"900000050001"
    }

    Attribute

    Type

    Description

    resourceGroupName

    string

    (Required) Resource group name

    Specify a name consisting of 1 to 32 characters.

    virtualStorageDeviceId

    string

    (Optional) Storage device ID of the virtual storage machine

    This attribute cannot be specified at the same time as the virtualStorageId attribute.

    If this attribute is omitted, the default storage device ID (the same storage device ID as that of the target physical storage system) will be set.

    virtualStorageId

    int

    (Optional) ID of the virtual storage machine that corresponds to the resource group

    This attribute cannot be specified at the same time as the virtualStorageDeviceId attribute.

    If this attribute is omitted, 0 will be set.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the description on job objects.

    Attribute

    Description

    affectedResources

    URL of the created resource group

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X POST --data-binary @./InputParameters.json https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups

Adding a resource to a resource group

The following request adding resources to resource groups.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
POST base-URL/v1/objects/resource-groups/object-ID/actions/add-resource/invoke
Request message
  • Object ID

    Specify the value of resourceGroupId that was obtained by the processing to get information about resource groups.

    Attribute

    Type

    Description

    resourceGroupId

    int

    (Required) Resource group ID

    Specify a decimal (base 10) number in the range from 1 to 1023.

  • Query parameters

    None.

  • Body

    The following coding example shows how to specify an LDEV number:

    {
      "parameters": {
        "ldevIds": [
          2,
          3
        ],
        "parityGroupIds": [
          "1-1",
          "1-2"
        ],
        "externalParityGroupIds": [
          "1-5",
          "1-6"
        ],
        "portIds": [
          "CL1-A",
          "CL1-B"
        ],
        "hostGroupIds": [
          "CL1-A,4",
          "CL1-A,5",
          "CL1-A,6"
        ]
      }
    }

    The following coding example shows how to specify a range of LDEV numbers:

    {
      "parameters": {
        "startLdevId": 2,
        "endLdevId": 5,
        "parityGroupIds": [
          "1-1",
          "1-2"
        ],
        "externalParityGroupIds": [
          "1-5",
          "1-6"
        ],
        "portIds": [
          "CL1-A",
          "CL1-B"
        ],
        "hostGroupIds": [
          "CL1-A,4",
          "CL1-A,5",
          "CL1-A,6"
        ]
      }
    }

    Attribute

    Type

    Description

    parityGroupIds

    string[]

    (Optional) Parity group number

    externalParityGroupIds

    string[]

    (Optional) External parity group number

    portIds

    string[]

    (Optional) Port number

    hostGroupIds

    string[]

    (Optional) Object ID of the host group or iSCSI target

    Specify the value of hostGroupId that was obtained by the processing to get information about host groups or iSCSI targets.

    ldevIds

    int[]

    (Optional) LDEV number

    Specify a value in the range from 0 to 65279. If you specify this attribute, you cannot specify the startLdevId attribute or the endLdevId attribute.

    startLdevId

    int

    (Optional) First LDEV number

    When specifying a range of LDEVs, specify a value in the range from 0 to 65278. If you specify this attribute, you must also specify the endLdevId attribute. If you specify the ldevId attribute, you cannot specify this attribute.

    endLdevId

    int

    (Optional) Last LDEV number

    When specifying a range of LDEVs, specify a value in the range from 1 to 65279. If you specify this attribute, you must also specify the startLdevId attribute. If you specify the ldevId attribute, you cannot specify this attribute.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the description on job objects.

    Attribute

    Description

    affectedResources

    URL of the resource group to which resources are added

Action template
GET base-URL/v1/objects/resource-groups/object-ID/actions/add-resource
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4/actions/add-resource

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4/actions/add-resource/invoke

Removing a resource from a resource group

The following request removes resources that are no longer necessary from resource groups.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
POST base-URL/v1/objects/resource-groups/object-ID/actions/remove-resource/invoke
Request message
  • Object ID

    Specify the value of resourceGroupId that was obtained by the processing to get information about resource groups.

    Attribute

    Type

    Description

    resourceGroupId

    int

    (Required) Resource group ID

    Specify a decimal (base 10) number in the range from 1 to 1023.

  • Query parameters

    None.

  • Body

    The following coding example shows how to specify an LDEV number:

    {
      "parameters": {
        "ldevIds": [
          2,
          3
        ],
        "parityGroupIds": [
          "1-1",
          "1-2"
        ],
        "externalParityGroupIds": [
          "1-5",
          "1-6"
        ],
        "portIds": [
          "CL1-A",
          "CL1-B"
        ],
        "hostGroupIds": [
          "CL1-A,4",
          "CL1-A,5",
          "CL1-A,6"
        ]
      }
    }

    The following coding example shows how to specify a range of LDEV numbers:

    {
      "parameters": {
        "startLdevId": 2,
        "endLdevId": 5,
        "parityGroupIds": [
          "1-1",
          "1-2"
        ],
        "externalParityGroupIds": [
          "1-7",
          "1-8"
        ],
        "portIds": [
          "CL1-A",
          "CL1-B"
        ],
        "hostGroupIds": [
          "CL1-A,4",
          "CL1-A,5",
          "CL1-A,6"
        ]
      }
    }

    Attribute

    Type

    Description

    parityGroupIds

    string[]

    (Optional) Parity group number

    externalParityGroupIds

    string[]

    (Optional) External parity group number

    portIds

    string[]

    (Optional) Port number

    hostGroupIds

    string[]

    (Optional) Object ID of the host group or iSCSI target

    Specify the value of hostGroupId that was obtained by the processing to get information about host groups or iSCSI targets.

    ldevIds

    int[]

    (Optional) LDEV number

    Specify a value in the range from 0 to 65279. If you specify this attribute, you cannot specify the startLdevId attribute or the endLdevId attribute.

    startLdevId

    int

    (Optional) First LDEV number

    When specifying a range of LDEVs, specify a value in the range from 0 to 65278. If you specify this attribute, you must also specify the endLdevId attribute. If you specify the ldevId attribute, you cannot specify this attribute.

    endLdevId

    int

    (Optional) Last LDEV number

    When specifying a range of LDEVs, specify a value in the range from 1 to 65279. If you specify this attribute, you must also specify the startLdevId attribute. If you specify the ldevId attribute, you cannot specify this attribute.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the description on job objects.

    Attribute

    Description

    affectedResources

    URL of the resource group from which resources were removed

Action template
GET base-URL/v1/objects/resource-groups/object-ID/actions/remove-resource
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4/actions/remove-resource

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4/actions/remove-resource/invoke

Deleting a resource group

The following request deletes unnecessary resource groups.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

DELETE base-URL/v1/objects/resource-groups/object-ID
Request message
  • Object ID

    Specify the value of resourceGroupId that was obtained by the processing to get information about resource groups.

    Attribute

    Type

    Description

    resourceGroupId

    int

    (Required) Resource group ID

    Specify a decimal (base 10) number in the range from 1 to 1023.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the description on job objects.

    Attribute

    Description

    affectedResources

    URL of the deleted resource group

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X DELETE https://192.0.2.100/ConfigurationManager/v1/objects/resource-groups/4

Getting a list of user groups

The following request gets a list of user groups registered in the target storage system.
Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/user-groups
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "data": [
        {
          "userGroupObjectId": "devGroup",
          "userGroupId": "devGroup",
          "roleNames": [
            "Audit Log Administrator (View & Modify)"
          ],
          "resourceGroupIds": [
            1,
            2,
            3
          ],
          "isBuiltIn": false,
          "hasAllResourceGroup": false
        },
        {
          "userGroupObjectId": "adminGroup",
          "userGroupId": "adminGroup",
          "roleNames": [
            "Audit Log Administrator (View & Modify)",
            "Security Administrator (View & Modify)",
            "Storage Administrator (Initial Configuration)",
            "Storage Administrator (Local Copy)",
            "Storage Administrator (Performance Management)",
            "Storage Administrator (Provisioning)",
            "Storage Administrator (Remote Copy)",
            "Storage Administrator (System Resource Management)"
          ],
          "isBuiltIn": false,
          "hasAllResourceGroup": true
        }
      ]
    }
    

    Attribute

    Type

    Description

    userGroupObjectId

    string

    The object ID for a user group ID

    An encoded character string is output if the user group ID includes reserved characters defined in RFC3986.

    userGroupId

    string

    The user group ID

    roleNames

    string[]

    The role name assigned to the user group

    resourceGroupIds

    int[]

    The IDs of the resource groups assigned to the user group

    isBuiltIn

    boolean

    Information about whether the user group is a built-in user group.

    • true: A built-in user group.

    • false: A user group created by a user.

    hasAllResourceGroup

    boolean

    Information about whether all the resource groups are assigned to the target.

    • true: All the resource groups are assigned.

    • false: The specified resource groups are assigned.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/user-groups

Getting information about a specific user group

The following request gets information about the specified user group.
Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/user-groups/object-ID
Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting the information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "userGroupObjectId": "devGroup",
      "userGroupId": "devGroup",
      "roleNames":[
        "Security Administrator (View Only)"
      ],
      "resourceGroupIds": [
        1,
        2,
        3
      ],
      "isBuiltIn":false,
      "hasAllResourceGroup":false
    }

    Attribute

    Type

    Description

    userGroupObjectId

    string

    The object ID for a user group ID

    An encoded character string is output if the user group ID includes reserved characters defined in RFC 3986.

    userGroupId

    string

    The user group ID

    roleNames

    string[]

    The role name assigned to the user group

    resourceGroupIds

    int[]

    The IDs of the resource groups assigned to the user group

    isBuiltIn

    boolean

    Information about whether the user group is a built-in user group.

    • true: A built-in user group.

    • false: A user group created by a user.

    hasAllResourceGroup

    boolean

    Information about whether all the resource groups are assigned to the target.

    • true: All the resource groups are assigned.

    • false: The specified resource groups are assigned.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup

Creating a user group

The following request creates a user group and assigns an appropriate role and resource groups.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

POST base-URL/v1/objects/user-groups
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    {
      "userGroupId":"devGroup",
      "roleNames":[
        "Storage Administrator (Provisioning)"
      ],
      "resourceGroupIds": [
        8,
        9
      ],
      "hasAllResourceGroup":false
    }

    Attribute

    Type

    Description

    userGroupId

    string

    (Required) The user group ID

    Specify an ID consisting of 1 to 64 characters.

    roleNames

    string[]

    (Required) The role name

    Specify one or more of the following role names. The role names are case sensitive. If you specify multiple role names, delimit the names by commas.

    You must specify Storage Administrator (View Only).

    • Audit Log Administrator (View & Modify)#

    • Audit Log Administrator (View Only)#

    • Security Administrator (View & Modify)#

    • Security Administrator (View Only)#

    • Storage Administrator (Initial Configuration)

    • Storage Administrator (Local Copy)

    • Storage Administrator (Performance Management)

    • Storage Administrator (Provisioning)

    • Storage Administrator (Remote Copy)

    • Storage Administrator (System Resource Management)

    • Storage Administrator (View Only)

    • Support Personnel#

    • User Maintenance#

    #: If you specify this role, be sure to specify true for hasAllResourceGroup.

    resourceGroupIds

    int[]

    (Optional) The resource group IDs

    Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas. This cannot be specified if the hasAllResourceGroup attribute is true.

    hasAllResourceGroup

    boolean

    (Required) Information about whether all the resource groups are assigned to the target.

    If the roles specified for roleNames include any of the following roles, be sure to specify true for this attribute.

    • Audit Log Administrator (View & Modify)

    • Audit Log Administrator (View Only)

    • Security Administrator (View & Modify)

    • Security Administrator (View Only)

    • Support Personnel

    • User Maintenance

    If the roles specified for roleNames does not include any of these roles, be sure to specify false for this attribute.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the created user group

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X POST --data-binary @./InputParameters.json https://192.0.2.100/ConfigurationManager/v1/objects/user-groups

Changing the user group settings

The following request sets a user group ID and a role of the specified user group.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PATCH base-URL/v1/objects/user-groups/object-ID
Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting the information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    The following coding example shows how to change the user group ID:

    {
      "userGroupId":"adminGroup"
    }
    

    The following coding example shows how to change a role:

    {
      "roleNames":[
        "Storage Administrator (Provisioning)",
        "Storage Administrator (Local Copy)"  
      ]
    }

    Only one attribute can be specified in one request.

    Attribute

    Type

    Description

    userGroupId

    string

    (Optional) The user group ID

    Specify an ID consisting of 1 to 64 characters.

    hasAllResourceGroup

    boolean

    (Optional) Information about whether all the resource groups are assigned to the target.

    If the roles specified for roleNames include any of the following roles, be sure to specify true for this attribute.

    • Audit Log Administrator (View & Modify)

    • Audit Log Administrator (View Only)

    • Security Administrator (View & Modify)

    • Security Administrator (View Only)

    • Support Personnel

    • User Maintenance

    If the roles specified for roleNames does not include any of these roles, be sure to specify false for this attribute.

    roleNames

    string[]

    (Optional) The role name

    Specify one or more of the following role names. The role names are case sensitive. If you specify multiple role names, delimit the names by commas.

    You must specify Storage Administrator (View Only).

    • Audit Log Administrator (View & Modify)#

    • Audit Log Administrator (View Only)#

    • Security Administrator (View & Modify)#

    • Security Administrator (View Only)#

    • Storage Administrator (Initial Configuration)

    • Storage Administrator (Local Copy)

    • Storage Administrator (Performance Management)

    • Storage Administrator (Provisioning)

    • Storage Administrator (Remote Copy)

    • Storage Administrator (System Resource Management)

    • Storage Administrator (View Only)

    • Support Personnel#

    • User Maintenance#

    #: If you specify this role, be sure to specify true for hasAllResourceGroup.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user group on which settings are changed

Action template

None.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X PATCH https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup

Assigning resource groups to a user group

The following request assigns resource groups to a created user group.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
POST base-URL/v1/objects/user-groups/object-ID/actions/add-resource-group/invoke
Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting the information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "parameters": {
        "resourceGroupIds": [
          1,
          2
        ]
      }
    }
    

    Attribute

    Type

    Description

    resourceGroupIds

    int[]

    (Required) The resource group IDs

    Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user group to which resource groups are assigned

Action template
GET base-URL/v1/objects/user-groups/object-ID/actions/add-resource-group
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup/actions/add-resource-group

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup/actions/add-resource-group/invoke

Releasing resource groups assigned to a user group

The following request releases resource groups assigned to a user group.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
POST base-URL/v1/objects/user-groups/object-ID/actions/remove-resource-group/invoke
Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "parameters": {
        "resourceGroupIds": [
          1,
          2
        ]
      }
    }

    Attribute

    Type

    Description

    resourceGroupIds

    int[]

    (Required) The resource group IDs

    Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user group where assignment of resource groups is released

Action template
GET base-URL/v1/objects/user-groups/object-ID/actions/remove-resource-group
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup/actions/remove-resource-group

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup/actions/remove-resource-group/invoke

Deleting a user group

The following request deletes an unneeded user group. The request cannot delete a user group if the user group is assigned to a user.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

DELETE base-URL/v1/objects/user-groups/object-ID
Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting the information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the deleted user group

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X DELETE https://192.0.2.100/ConfigurationManager/v1/objects/user-groups/devGroup

Getting a list of users

The following request gets a list of user information registered on the target storage system.
Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/users
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "data": [
        {
          "userObjectId": "devUser",
          "userId": "devUser",
          "authentication": "local",
          "userGroupNames": [
            "Audit Log Administrator (View Only) User Group",
            "Storage Administrator (View & Modify) User Group"
          ],
          "isBuiltIn": false,
          "isAccountStatus": true
        },
        {
          "userObjectId": "adminUser",
          "userId": "adminUser",
          "authentication": "local",
          "userGroupNames": [
            "Administrator User Group"
          ],
          "isBuiltIn": false,
          "isAccountStatus": true
        }
      ]
    }
    

    Attribute

    Type

    Description

    userObjectId

    string

    Object ID of the user ID

    If the user ID contains a reserved character defined in RFC 3986, the encoded character string is output.

    userId

    string

    User ID

    userGroupNames

    string[]

    User group name

    isBuiltIn

    boolean

    Whether the user account is built-in

    • true: Indicates a built-in user account

    • false: Indicates that the account is created by the user

    isAccountStatus

    boolean

    Status of the user account
    • true: The user account is valid

    • false: The user account is invalid

    authentication

    string

    Set authentication

    • local: Authorized by the storage system

    • external: Authorized by the external authentication server

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/users

Getting information about a specific user

The following request gets information about the specified user.
Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/users/object-ID
Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "userObjectId": "devUser",
      "userId": "devUser",
      "authentication": "local",
      "userGroupNames": [
        "Audit Log Administrator (View Only) User Group",
        "Storage Administrator (View & Modify) User Group"
      ],
      "isBuiltIn": false,
      "isAccountStatus": true
    }

    Attribute

    Type

    Description

    userObjectId

    string

    Object ID of the user ID

    If the user ID contains a reserved character defined in RFC 3986, the encoded character string is output.

    userId

    string

    User ID

    userGroupNames

    string[]

    User group name

    isBuiltIn

    boolean

    Whether the user account is built-in

    • true: Indicates a built-in user account

    • false: Indicates that the account is created by the user

    isAccountStatus

    boolean

    Status of the user account
    • true: The user account is valid

    • false: The user account is invalid

    authentication

    string

    Set authentication

    • local: Authorized by the storage system

    • external: Authorized by the external authentication server

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser

Creating a user account

The following request creates a user account and assigns the user to user groups where appropriate permissions are specified. User accounts created by using the REST API can be used in Hitachi Device Manager - Storage Navigator.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

POST base-URL/v1/objects/users
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    {
      "userId": "devUser",
      "authentication": "local",
      "userPassword":"devPassword",
      "userGroupNames": [
        "Audit Log Administrator (View Only) User Group",
        "Storage Administrator (View & Modify) User Group"
      ]
    }

    Attribute

    Type

    Description

    userId

    string

    (Required) User ID

    For details about the number of characters that can be specified for user IDs and the characters that can be used, see the description about input rules for user IDs and passwords.

    userPassword

    string

    (Optional) Password

    The password cannot be specified if the authentication attribute is external.

    For details about the number of characters that can be specified for passwords and the characters that can be used, see the description about input rules for user IDs and passwords.

    userGroupNames

    string[]

    (Required) User group name

    Specify a name consisting of 1 to 64 characters. You can specify up to 8 group names.

    authentication

    string

    (Required) Set authentication

    • local: Authorized by the storage system

    • external: Authorized by the external authentication server

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the created user

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X POST --data-binary @./InputParameters.json https://192.0.2.100/ConfigurationManager/v1/objects/users/

Changing the password of the user

The following request changes the password of a user account that performs operations on the storage system resources. The password cannot be changed for the user who is authorized by the external authentication server.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PATCH base-URL/v1/objects/users/object-ID
Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "userPassword":"userPass"
    }

    Attribute

    Type

    Description

    userPassword

    string

    (Required) New password

    For details about the number of characters that can be specified for passwords and the characters that can be used, see the description about input rules for user IDs and passwords.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user whose password was changed

Action template

None.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X PATCH https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser

Adding users to user groups

To add a user to a user group, assign the user group to the user object.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
POST base-URL/v1/objects/users/object-ID/actions/add-user-group/invoke
Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "parameters": {
        "userGroupNames": [
          "System User Group"
        ]
      }
    }
    

    Attribute

    Type

    Description

    userGroupNames

    string[]

    (Required) User group name

    Specify a name consisting of 1 to 64 characters.

    One user can belong to a maximum of You can specify up to 8 user groups.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user who was added to the user group

Action template
GET base-URL/v1/objects/users/object-ID/actions/add-user-group
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser/actions/add-user-group

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser/actions/add-user-group/invoke

Removing users from user groups

To remove a user from a user group, specify the user group that is associated with that user, and then release that user group from the user object. If only one user group is associated with a particular user, the user cannot be removed from that user group.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
POST base-URL/v1/objects/users/object-ID/actions/remove-user-group/invoke
Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "parameters": {
        "userGroupNames": [
          "System User Group"
        ]
      }
    }

    Attribute

    Type

    Description

    userGroupNames

    string[]

    (Required) User group name

    Specify a name consisting of 1 to 64 characters.

    One user can belong to a maximum of You can specify up to 8 user groups.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user who was removed from the user group

Action template
GET base-URL/v1/objects/users/object-ID/actions/remove-user-group
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser/actions/remove-user-group

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" --data-binary @./InputParameters.json -X POST https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser/actions/remove-user-group/invoke

Deleting a user account

The following request deletes unnecessary user accounts. Built-in user accounts of the storage system cannot be deleted.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

DELETE base-URL/v1/objects/users/object-ID
Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the deleted user account

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X DELETE https://192.0.2.100/ConfigurationManager/v1/objects/users/devUser