Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

REST API URL to change the user role in Ranger?

avatar
Super Collaborator

Right now, Ranger provides two roles - "Admin" and "User". When I added a new user in OS, Ranger usersync created its login credentials for Ranger UI but the role appointed is User. I am trying the following REST API to change the role to Admin so that it can create new policies:

curl -X POST -H "Content-Type: application/json" -H "Accept: application/json" -u admin:admin http://sandbox.hortonworks.com:6080/service/xusers/users -d '{"name":"tom","role":["ROLE_SYS_ADMIN"]}'

There is no output or any error. Please help

1 ACCEPTED SOLUTION

avatar
Cloudera Employee

There is a great article already on this site describing how to do this.

https://community.hortonworks.com/articles/49439/how-to-use-api-curl-commands-to-create-internal-ra....

Here is how I was able to do this:

First capture the current users information:

curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://127.0.0.1:6080/service/xusers/users/8 > /tmp/curl.out 

File contents:

{"id":8,"createDate":"2016-03-14T14:41:05Z","updateDate":"2016-09-02T23:07:10Z","owner":"rangerusersync","updatedBy":"Admin","name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com", "password":"*****","description":"HDP - add from Unix box","groupIdList":[6],"groupNameList":["root"],"status":0,"isVisible":1,"userSource":0,"userRoleList":["ROLE_USER"]}

Modified to include mandatory fields and values to update:

{"id":8,"name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com","description":"HDP - add from Unix box","userRoleList":["ROLE_SYS_ADM"]}

Update the users information and read it back:

curl -u admin:admin -v -i -s -X PUT -H "Accept: application/json" -H "Content-Type: application/json" http://127.0.0.1:6080/service/xusers/secure/users/8 -d @/tmp/curl.out
curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://127.0.0.1:6080/service/xusers/users/8

{"id":8,"createDate":"2016-03-14T14:41:05Z","updateDate":"2016-09-02T23:08:49Z","owner":"rangerusersync","updatedBy":"Admin","name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com","password":"*****","description":"HDP - add from Unix box","groupIdList":[6],"groupNameList":["root"],"status":0,"isVisible":1,"userSource":0,"userRoleList":["ROLE_SYS_ADM"]}

View solution in original post

4 REPLIES 4

avatar
Super Collaborator
@mrizvi

Please use /service/users end point and for update use PUT.

curl -u admin:admin -X PUT -H "Accept: application/json" -H "Content-Type: application/json" http://`hostname -f`:6080/service/users -d @test.json

where test.json is your json pay-load.

avatar
Super Collaborator

Thanks @Ramesh Mani, Just tried this, still nothing happened. I guess there is a problem with json payload. I am using '{"name":"tom","userRoleList":"ROLE_SYS_ADMIN"}'

avatar
Cloudera Employee

There is a great article already on this site describing how to do this.

https://community.hortonworks.com/articles/49439/how-to-use-api-curl-commands-to-create-internal-ra....

Here is how I was able to do this:

First capture the current users information:

curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://127.0.0.1:6080/service/xusers/users/8 > /tmp/curl.out 

File contents:

{"id":8,"createDate":"2016-03-14T14:41:05Z","updateDate":"2016-09-02T23:07:10Z","owner":"rangerusersync","updatedBy":"Admin","name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com", "password":"*****","description":"HDP - add from Unix box","groupIdList":[6],"groupNameList":["root"],"status":0,"isVisible":1,"userSource":0,"userRoleList":["ROLE_USER"]}

Modified to include mandatory fields and values to update:

{"id":8,"name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com","description":"HDP - add from Unix box","userRoleList":["ROLE_SYS_ADM"]}

Update the users information and read it back:

curl -u admin:admin -v -i -s -X PUT -H "Accept: application/json" -H "Content-Type: application/json" http://127.0.0.1:6080/service/xusers/secure/users/8 -d @/tmp/curl.out
curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://127.0.0.1:6080/service/xusers/users/8

{"id":8,"createDate":"2016-03-14T14:41:05Z","updateDate":"2016-09-02T23:08:49Z","owner":"rangerusersync","updatedBy":"Admin","name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com","password":"*****","description":"HDP - add from Unix box","groupIdList":[6],"groupNameList":["root"],"status":0,"isVisible":1,"userSource":0,"userRoleList":["ROLE_SYS_ADM"]}

avatar
Super Collaborator

It worked, thanks a lot @jhorsch. I was missing some mandatory fields in json payload, that should be the reason for the error.