Support Questions
Find answers, ask questions, and share your expertise

REST API URL to change the user role in Ranger?

Super Collaborator

Right now, Ranger provides two roles - "Admin" and "User". When I added a new user in OS, Ranger usersync created its login credentials for Ranger UI but the role appointed is User. I am trying the following REST API to change the role to Admin so that it can create new policies:

curl -X POST -H "Content-Type: application/json" -H "Accept: application/json" -u admin:admin http://sandbox.hortonworks.com:6080/service/xusers/users -d '{"name":"tom","role":["ROLE_SYS_ADMIN"]}'

There is no output or any error. Please help

1 ACCEPTED SOLUTION

Cloudera Employee

There is a great article already on this site describing how to do this.

https://community.hortonworks.com/articles/49439/how-to-use-api-curl-commands-to-create-internal-ra....

Here is how I was able to do this:

First capture the current users information:

curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://127.0.0.1:6080/service/xusers/users/8 > /tmp/curl.out 

File contents:

{"id":8,"createDate":"2016-03-14T14:41:05Z","updateDate":"2016-09-02T23:07:10Z","owner":"rangerusersync","updatedBy":"Admin","name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com", "password":"*****","description":"HDP - add from Unix box","groupIdList":[6],"groupNameList":["root"],"status":0,"isVisible":1,"userSource":0,"userRoleList":["ROLE_USER"]}

Modified to include mandatory fields and values to update:

{"id":8,"name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com","description":"HDP - add from Unix box","userRoleList":["ROLE_SYS_ADM"]}

Update the users information and read it back:

curl -u admin:admin -v -i -s -X PUT -H "Accept: application/json" -H "Content-Type: application/json" http://127.0.0.1:6080/service/xusers/secure/users/8 -d @/tmp/curl.out
curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://127.0.0.1:6080/service/xusers/users/8

{"id":8,"createDate":"2016-03-14T14:41:05Z","updateDate":"2016-09-02T23:08:49Z","owner":"rangerusersync","updatedBy":"Admin","name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com","password":"*****","description":"HDP - add from Unix box","groupIdList":[6],"groupNameList":["root"],"status":0,"isVisible":1,"userSource":0,"userRoleList":["ROLE_SYS_ADM"]}

View solution in original post

4 REPLIES 4

Expert Contributor
@mrizvi

Please use /service/users end point and for update use PUT.

curl -u admin:admin -X PUT -H "Accept: application/json" -H "Content-Type: application/json" http://`hostname -f`:6080/service/users -d @test.json

where test.json is your json pay-load.

Super Collaborator

Thanks @Ramesh Mani, Just tried this, still nothing happened. I guess there is a problem with json payload. I am using '{"name":"tom","userRoleList":"ROLE_SYS_ADMIN"}'

Cloudera Employee

There is a great article already on this site describing how to do this.

https://community.hortonworks.com/articles/49439/how-to-use-api-curl-commands-to-create-internal-ra....

Here is how I was able to do this:

First capture the current users information:

curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://127.0.0.1:6080/service/xusers/users/8 > /tmp/curl.out 

File contents:

{"id":8,"createDate":"2016-03-14T14:41:05Z","updateDate":"2016-09-02T23:07:10Z","owner":"rangerusersync","updatedBy":"Admin","name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com", "password":"*****","description":"HDP - add from Unix box","groupIdList":[6],"groupNameList":["root"],"status":0,"isVisible":1,"userSource":0,"userRoleList":["ROLE_USER"]}

Modified to include mandatory fields and values to update:

{"id":8,"name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com","description":"HDP - add from Unix box","userRoleList":["ROLE_SYS_ADM"]}

Update the users information and read it back:

curl -u admin:admin -v -i -s -X PUT -H "Accept: application/json" -H "Content-Type: application/json" http://127.0.0.1:6080/service/xusers/secure/users/8 -d @/tmp/curl.out
curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://127.0.0.1:6080/service/xusers/users/8

{"id":8,"createDate":"2016-03-14T14:41:05Z","updateDate":"2016-09-02T23:08:49Z","owner":"rangerusersync","updatedBy":"Admin","name":"HDP","firstName":"HDP","lastName":"HDP","emailAddress":"HDP@sandbox.hortonworks.com","password":"*****","description":"HDP - add from Unix box","groupIdList":[6],"groupNameList":["root"],"status":0,"isVisible":1,"userSource":0,"userRoleList":["ROLE_SYS_ADM"]}

Super Collaborator

It worked, thanks a lot @jhorsch. I was missing some mandatory fields in json payload, that should be the reason for the error.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.