| Page Properties | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
Resources & Remarks Modification History
|
...
| Section | ||||||
|---|---|---|---|---|---|---|
| ||||||
|
Introduction
The Tenant Management API provided by the TENANT-MANAGEMENT service offers endpoints for user management via Keycloak. In order to scale the identity management, the KEYCLOAK-PROXY service can be used for the connection of multiple Keycloak instances. The endpoints of the Tenant Management API are called by the MANAGEMENT-CONSOLE, MANAGEMENT-CONSOLE-CLIENT and ARCHITECT services.
This article describes the handling and representation formats of data for individual user accounts as retrieved and expected by the Tenant Management Endpoints.
Further functionality is provided by our USERSERVICE.
User Management Endpoints
All endpoints for user management via the Tenant Management API are available via the Swagger UI https://<host>/tenant-management/swagger-ui.html. Some of them require an administrative role.
| API Section | Required User Role | Available User Management Endpoints | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
operations on any tenant in the system | YUUVIS_SYSTEM_INTEGRATOR |
| |||||||||
| GET /tenant-management/api/system/tenants/{tenant}/users |
| ||||||||||
| POST /tenant-management/api/system/tenants/{tenant}/users |
| ||||||||||
| GET /tenant-management/api/system/tenants/{tenant}/users/{id} |
| ||||||||||
| PUT /tenant-management/api/system/tenants/{tenant}/users/{id} |
| ||||||||||
| DELETE /tenant-management/api/system/tenants/{tenant}/users/{id} |
| ||||||||||
operations on the own tenant | YUUVIS_TENANT_ADMIN | GET /tenant-management/api/admin/users/count |
| ||||||||
| GET /tenant-management/api/admin/users |
| ||||||||||
| POST /tenant-management/api/admin/users |
| ||||||||||
| GET /tenant-management/api/admin/users/{id} |
| ||||||||||
| PUT /tenant-management/api/admin/users/{id} |
| ||||||||||
| DELETE /tenant-management/api/admin/users/{id} |
| ||||||||||
operations on the own tenant | The endpoints are available for every logged-in user. | GET /tenant-management/api/idm/me |
| ||||||||
| GET /tenant-management/api/idm/roles/{role}/users |
| ||||||||||
| GET /tenant-management/api/idm/users |
| ||||||||||
| GET /tenant-management/api/idm/users/{id} |
|
User Account Properties
The following properties for user accounts can be managed via the Tenant Management API.
| Property | Type | in Creation RequestsRequest Bodies | in Update RequestsRequest Bodies | in Response Bodies | Description | ||
|---|---|---|---|---|---|---|---|
id | string | ignoredIgnored. | requiredIgnored. | includedIncluded. | The ID of the user for identification in the identity management system and in yuuvis® Momentum. | ||
email | string | required Required if invitation via email is desired | optional | included . | Optional, unchanged if not specified. | Included if available. | The e-mail address of the user. |
firstName | string | optional | optional | included Optional. | Optional, unchanged if not specified. | Included if available. | The first name of the user. |
lastName | string | optional | optional | included Optional. | Optional, unchanged if not specified. | Included if available. | The last name of the user. |
roles | list of string role names | optional | partly removed if not specified  | included if availableOptional. | Optional, unchanged if not specified. Note: Changes can be applied also by assigning/removing groups. | Included if available. Includes roles assigned via groups if available. | A list of roles defined in the identity management system that are assigned to the user. |
groups | list of string group names | optionalOptional. | Optional, removed from data set if not specified specified. | included Included if available. | A list of groups defined in the identity management system in which the assigned user is a member. | ||
username | string | required | optional | includedRequired. | Optional, unchanged if not specified. | Included. | The username of the user. |
enabled | boolean | optionalOptional, default: true | optional | included. | Optional, unchanged if not specified. | Included. | Specifies whether the user is allowed to log in (true) or not (false). |
createdTimestamp | ignored | Ignored. | ignoredIgnored. | includedIncluded. | |
User Account Data Sets
For each user account represented in a request or response body, its properties are specified in JSON format. The order of the individual properties within one data set is arbitrary.
...
| Code Block | ||
|---|---|---|
| ||
[
{
"id": "406b5a28-7a8b-4c36-a569-df7bff480375",
"firstName": "Heinrich",
"lastName": "Schuetzel",
"roles": [
"YUUVIS_SYSTEM_INTEGRATOR",
"YUUVIS_DEFAULT",
"YUUVIS_TENANT_ADMIN",
"HR_MANAGER",
"YUUVIS_CREATE_OBJECT",
"YUUVIS_MANAGE_SETTINGS"
],
"username": "newuser5",
"enabled": true,
"createdTimestamp": 1622122631393
},
{
"id": "320c67d0-b88b-4e99-852a-b938f4b38cd7",
"email": "kammer@segelreisen.de",
"firstName": "Hannes",
"lastName": "Kammer",
"roles": [
"YUUVIS_SYSTEM_INTEGRATOR",
"YUUVIS_DEFAULT",
"YUUVIS_TENANT_ADMIN",
"YUUVIS_CREATE_OBJECT",
"YUUVIS_MANAGE_SETTINGS",
"YUUVIS_AI_PIPELINE",
"COMPLIANCE_MANAGER",
"YUUVIS_AI_PREDICT"
],
"groups": [
"onlyoffice"
],
"username": "kammer",
"enabled": true,
"createdTimestamp": 1591957723730
},
{
"id": "a6f5e1aa-ff42-4140-b9ec-5de4cc61f1a9",
"email": "schwimmer@segelreisen.de",
"firstName": "Klaus",
"lastName": "Schwimmer",
"roles": [
"YUUVIS_SYSTEM_INTEGRATOR",
"YUUVIS_DEFAULT",
"INVOICE_MANAGER",
"YUUVIS_TENANT_ADMIN",
"HR_MANAGER",
"YUUVIS_AIINVOICE",
"EMAIL_WITHOUT_ACL",
"QA_MEMBER_AREA2",
"uma_authorization",
"YUUVIS_CREATE_OBJECT",
"TEAMS_MANAGER",
"PHOTOARCHIVE_MANAGER",
"YUUVIS_MANAGE_SETTINGS",
"QA_MANAGER",
"ACL_ALL_USERS",
"YUUVIS_AI_PIPELINE",
"QA_MEMBER_AREA1",
"COMPLIANCE_MANAGER",
"YUUVIS_AI_PREDICT",
"offline_access"
],
"username": "klaus",
"enabled": true,
"createdTimestamp": 1606820894094
}
] |
USERSERVICE
The USERSERVICE manages user-related data and provides CRUD (create, read, update, delete) operations on it. Its endpoints are provided in an own API.
>> User Settings Endpoints
Summary
For the user management of users via Tenant Management API, the data sets of individual user accounts are handled in JSON format with the above described properties and their corresponding values. For further functionality regarding account-specific content files and personal settings, we provide the USERSERVICE.
| Info | ||||||
|---|---|---|---|---|---|---|
| ||||||
Read on
|
...
Another Tutorial
...
|
...
Another Concept Article
...
|
...
Another interesting Tutorial
...
|