User management (REST)

Goal of this tutorial

To guide you through the user management via REST interface.

Scenario

In this tutorial, you will create a new user role and user group, and assign permissions to them. Then you'll create a new user account and add it to the new group.

You can use any REST Client of your choice, or you can use built-in web service at https://<your_appmon_server>:8021/api-docs/current. This tutorial uses localhost as the AppMon server name. If you have the AppMon installed on a different host, replace it accordingly.

This tutorial uses the demo easyTravel System Profile. However, you can use any System Profile from your AppMon installation. In that case, replace easyTravel with the name of your System Profile.

Requirements

As a prerequisite, you should be familiar with the user permission management.

Detailed steps

1. Query available permissions

Permissions need to be referred to by their respective ID. Use this call to get them.

  1. Go to https://localhost:8021/api-docs/current.
  2. Expand the User Managements > GET /usermanagement/permissions section.
  3. Click Execute!
  4. Copy the response and store it someplace to use later.

2. Create a new role

Now we will create a new user role with the sampleRole name.

  1. Go to https://localhost:8021/api-docs/current.
  2. Expand the User Managements > PUT /usermanagement/roles/{roleid} section.
  3. In the roleid field, type sampleRole.
  4. Optional You can add some description to the role. To do so, in the body field, put the following JSON:
    {
      "description": "Sample user role for tutorial"
    }
    
  5. Click Execute!

3. Assign permissions to role

Now we'll assign ShowInfrastructure and WriteInfrastructureConfig permissions to the newly created role.

  1. Go to https://localhost:8021/api-docs/current.
  2. Expand the User Managements > POST /usermanagement/roles/{roleid}/permissions section.
  3. In the roleid field, type sampleRole.
  4. In the body field, put the following JSON:
    {
      "permissions": [
        "ShowInfrastructure",
        "WriteInfrastructureConfig"
      ]
    }
    
  5. Click Execute!

4. Create a new user group

Now we can create a tutorialGroup user group, and set its role as sampleRole. We can do it upon creation.

  1. Go to https://localhost:8021/api-docs/current.
  2. Expand the User Managements > PUT /usermanagement/groups/{groupid} section.
  3. In the groupid field, type tutorialGroup.
  4. In the body field, put the following JSON:
    {
      "description": "User role for turorial",
      "managementrole": "sampleRole",
      "ldapgroup": false
    }
    
  5. Click Execute!

5. Add System Profile permissions to user group

By default, a wildcard entry lets a newly created user group grant guest role permissions to all System Profiles. We will grant administrator access to the easyTravel System Profile for the new tutorialGroup.

  1. Go to https://localhost:8021/api-docs/current.
  2. Expand the User Managements > POST /usermanagement/groups/{groupid}/profilemappings section.
  3. In the groupid field, type tutorialGroup.
  4. In the body field, put the following JSON:
    {
      "systemprofile": "easyTravel",
      "role": "Administrator"
    }
    
  5. Click Execute!

6. Add dashboard permissions to user group

By default, a wildcard entry lets a newly created user group grants reading permissions to all dashboards. We will grant writing permission to the Incident Dashboard for the new tutorialGroup.

  1. Go to https://localhost:8021/api-docs/current.
  2. Expand the User Managements > POST /usermanagement/groups/{groupid}/dashboardmappings section.
  3. In the groupid field, type tutorialGroup.
  4. In the body field, put the following JSON:
    {
      "dashboard": "Incident Dashboard",
      "writepermission": true
    }
    
  5. Click Execute!

7. Add user

Now we will create a new myUser user account. Initially we will set password same with the username. It could be changed later by a user.

  1. Go to https://localhost:8021/api-docs/current.
  2. Expand the User Managements > PUT /usermanagement/users/{userid} section.
  3. In the groupid field, type myUser.
  4. In the body field, put the following JSON:
    {
      "fullname": "Sample T. User",
      "email": "sample.user@something.com",
      "password": "myUser"
    }
    
  5. Click Execute!

8. Add user to user groups

Finally, we will add the myUser user account to the tutorialGroup user group. Therefore, it will have all the permissions, assigned to the role.

A user can be added to existing user groups by referring to their respective IDs in the call shown in the following image:

  1. Go to https://localhost:8021/api-docs/current.
  2. Expand the User Managements > POST /usermanagement/users/{userid}/groups section.
  3. In the userid field, type myUser.
  4. In the body field, put the following JSON:
    {
      "groups": [
        "tutorialGroup"
      ]
    }
    
  5. Click Execute!