Add a user to a Role
{ addUserToRole }
Add a user to an existing role.
Method
/API2/access/addUserToRole
Input Parameters
Name
addUserRoleData
Object Type
AddUserRoleDataDescription
Output Response
Successful Result Code
200
Response Type
Description of Response Type
Generic API response object with success or failure flag and related messages.
Notes
New roles are empty until users are added to it (see 'createRole'). When using Active Directory as the authentication provider, roles can be comprised of either users or AD groups.
Examples
Create new database user (JavaScript):
This example demonstrates how to create a new tenant, user and roles in Pyramid, when using database authentication.
The example uses API authentication driven from JavaScript. See Authentication APIs for alternatives.
// URL of the Pyramid installation and the path to the API 2.0 REST methods
var pyramidURL = "http://mysite.com/api2/";
// step 1: authenticate admin account and get token
// NOTE: callApi method is a generic REST method shown below.
let token = callApi("auth/authenticateUser",{
"data":{
"userName":"adminUser1",
"password":"abc123!"
}
},false);
log("got token "+token);
// step 2: create a new tenant to house new users
let createTenantResult = callApi("access/createTenant",{
"tenant": {
"name": "Test Tenant 1", //tenant caption
"viewerSeats": 1, //number of allocated seats
"proSeats": 1 //number of allocated seats
},
"auth": token // admin token generated above
});
// step 3: get auto generated tenant ID from step 2 result.
let tenantId = createTenantResult.data.modifiedList[0].id;
log("created tenant, id= "+tenantId);
// step 4: create new user in new tenant. using DB method, because using local db authentication
let createUser = callApi("access/createUserDb",{
"user": {
"userName": "user1",
"password": "1234",
"firstName": "first",
"lastName": "last",
"email": "email@pyramidanalytics.com",
"adminType": 0, //admin type enumeration: normal user
"clientLicenseType": 100, //license type enumeration: viewer
"statusID": 1, //status "enabled"
"tenantId": tenantId //tenant Id from previous step
},
"auth": token // admin token generated above
});
// step 5: get auto generated user ID from step 4 result.
let userId = createUser.data.modifiedList[0].id;
log("created user "+userId);
//step 6: optional step to update user's first name
let updateUser=callApi("access/updateDbUsers",{
"user":[{
"id":userId,
"firstName":"new first name"
}],
"auth": token
});
//step 7: create new role in tenant
let createRole=callApi("access/createRole",{
"data": {
"roleName": "new role",
"isPrivate": false, // private roles are only for individual users. this should always be FALSE.
"isHidden": false, // hidden roles appear only in the admin - not for end users.
"tenantId": tenantId,
"isGroupRole": false //?????????????
},
"auth": token
});
// step 8: get auto generated role ID from step 7 result.
let roleId = createRole.data.modifiedList[0].id;
log("created role "+roleId);
// step 9: associate user with role
let addUserToRole = callApi("access/addUserToRole",{
"data": {
"userId": userId,
"roleId": roleId
},
"auth": token
});
log("addUserToRole was sucsseful since errorMessage is empty "+addUserToRole.data.errorMessage.length==0);
// ##### optional generic logging method for debugging ##############
function log(msg){
document.write(msg);
console.log(msg);
}
// ##### generic REST API calling method ##############
function callApi(path,data,parseResult=true){
var xhttp = new XMLHttpRequest();
xhttp.open("POST", pyramidURL+path, false);
xhttp.send(JSON.stringify(data));
if(parseResult){
return JSON.parse(xhttp.responseText);
}else{
return xhttp.responseText;
}
}
Create new Active Directory user (JavaScript):
This example demonstrates how to find and add a new user and roles in Pyramid, when using Active Directory authentication.
The example uses API authentication driven from JavaScript. See Authentication APIs for alternatives.
// URL of the Pyramid installation and the path to the API 2.0 REST methods
var pyramidURL = "http://mysite.com/api2/";
// step 1: authenticate admin account and get token.
//This assumes authentication with Windows Authentication SSO. Therefore the account logging on is an admin account.
// NOTE: callApi method is a generic REST method shown below. And inside it, xhttp.withCredentials = true;
let token = callApi("auth/authenticateUserWindows",{},false);
log("got token "+token);
//step 2: Get the defult tenant.
let defaultTenantResult = callApi("access/getDefaultTenant",{
"auth": token // admin token generated above
});
let tenantId = defaultTenantResult.data;
log("default tenant, id= "+tenantId);
//step 3: search for an active directory user in the AD itself
let searchUsers=callApi("access/searchAdUsers",{
"ldapUsersSearch":{
"domainNetBios":"myAdDomain",
"searchValue":"Smith",
"ldapSearchType": 0, //search type enumeriation. 0 = exact
},
"auth": token // admin token generated above
});
let adUser = searchUsers.data[0];
log("adUser = "+adUser.firstName);
//step 4: creating a user using the results from the search in step 3
let createUser = callApi("access/createAdUser",{
"newLdapUser": {
"userName": adUser.userName, //using the search result from step 3 above
"adminType": 0, //admin type
"clientLicenseType": 100,//ClientLicenseType.Viewer
"statusID": 1,
"tenantId": tenantId, //tenant Id from above
"adDomainName":"myAdDomain"
},
"auth": token // admin token generated above
});
let userId = createUser.data.modifiedList[0].id;
log("created user "+userId);
//step 5: optional, changing the user from Viewer to Professional
let updateUser=callApi("access/updateAdUsers",{
"updateLdapUser":[{
"userName": adUser.userName,
"adDomainName":"myAdDomain",
"clientLicenseType": 200,//ClientLicenseType.Professional
}],
"auth": token
});
//step 6: creating 2 roles
let createRole=callApi("access/createRoles",{
"data": [{
"roleName": "role1",
"tenantId": tenantId,
"isGroupRole": false
},{
"roleName": "role2",
"tenantId": tenantId,
"isGroupRole": false
}],
"auth": token
});
let role1 = createRole.data.modifiedList[0].id;
let role2 = createRole.data.modifiedList[1].id;
log("created roles "+role1+","+role2);
//step 7: binding user to role1 from step 6
let addUserToRole=callApi("access/addUserToRole",{
"addUserRoleData": {
"userId":userId,
"roleId":role1
},
"auth": token
});
//step 8: searchAdGroupsForUser, searching for AD groups of the given user in the given domain
let groups=callApi("access/searchAdGroupsForUser",{
"searchData": {
"domainNetBios":"myAdDomain",
"userName":adUser.userName
},
"auth": token
});
log("groups of " + adUser.userName" + "+JSON.stringify(groups.data));
let selectedGroup=groups.data[0];
//step 9: add role2 to the AD security group from step 8
let addRoleToAdGroup=callApi("access/changeRoleAdGroupMembership",{
"roleAdGroups": {
"roleId":role2,
"groupsToAdd":[{
"domainNetBios":selectedGroup.domainAddress,
"groupName":selectedGroup.name
}]
},
"auth": token
});
log("addRoleToAdGroup "+JSON.stringify(addRoleToAdGroup));
//step 10: optional get all groups by role - this will find the selected Group from step 9
let groupsFound=callApi("access/getGroupsByRole",{
"roleId":role2,
"auth": token
});
log("found group "+groupsFound.data[0].name);
// ##### optional generic logging method for debugging ##############
function log(msg){
document.write(msg);
console.log(msg);
}
// ##### generic REST API calling method ##############
function callApi(path,data,parseResult=true){
var xhttp = new XMLHttpRequest();
//notice we changed callApi and added xhttp.withCredentials = true; to pass the windows credentials
xhttp.withCredentials = true;
xhttp.open("POST", pyramidURL+path, false);
xhttp.send(JSON.stringify(data));
if(parseResult){
return JSON.parse(xhttp.responseText);
}else{
return xhttp.responseText;
}
}