Loading TOC...

POST /manage/v2/users

Summary

This resource address creates a new user in the security database.

URL Parameters
format The format of the posted data. Can be either html, json, or xml (default). This value overrides the Accept header if both are present.
Request Headers
Accept The expected MIME type of the request body. If the format? parameter is present, it takes precedence over the Accept header.
Content-type The MIME type of the data in the request body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or text/html.
Response Headers
Content-type The MIME type of the data in the response body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or text/html.
Location If the request causes a restart, a Location header is included in the reponse. The header contains a path with which to construct a URL to usable to test when the restart has completed.

Response

Upon success, MarkLogic Server returns status code 201 (Created). If the user already exists or if the payload is malformed, a status code of 400 (Bad Request) is returned. A status code of 401 (Unauthorized) is returned if the user does not have the necessary privileges.

Required Privileges

This operation requires the security and manage-admin roles.

Usage Notes

The structure of the data in the request body is shown below. The user-name and password properties are required.

Note: The properties described here are for XML payloads. In general they are the same for JSON, with the exception that, in JSON, roles, external-names, permissions, and collections are expressed in singular form. For example, in JSON, permissions is instead permission and the format is: "permission":[{"role-name":"name", "capability":"cap"}].

user-name

User/login name (unique)

description

An object's description.

password

Encrypted Password.

external-names

The external names specifications.

This is a complex structure with the following children:

external-name

The name used to match external group name.

roles

The roles assigned. The roles assigned to the user.

This is a complex structure with the following children:

role

A role identifier (unique key).

permissions

The default set of permissions used in document creation.

This is a complex structure with the following children:

permission

Permission representation.

This is a complex structure with the following children:

role-name

A role name.

capability

The action/task permitted by a permission

collections

The default set of collections used in document creation.

This is a complex structure with the following children:

collection

The collection uri.

Example


  curl -X POST  --anyauth -u admin:admin --header "Content-Type:application/json" \
  -d '{"user-name":"joe", 
       "password": "cool",
       "role": [ "rest-reader", "rest-writer" ] 
      }' \
  http://localhost:8002/manage/v2/users

  ==>  Creates a user, named '"joe" with the "rest-reader" and "rest-writer" 
       roles, in the Security database. 
    

Comments

  • First, the best place to ask questions is StackOverflow as you'll reach a wider audience that way. Tag your questions with "marklogic". Second, I find the best way to figure out the proper format of input to the Management REST API is to do a GET that returns a payload similar payload. For example, if I do a <code>GET http://lcoalhost:8002/manage/v2/users/someusername/properties?format=json</code> then I get back a structure like the following: <code><pre> { "user-name": "someusername", "description": "this is a test", "role": [ "rest-reader", "qconsole-user", "rest-writer" ], "permission": [ { "role-name": "redaction-user", "capability": "read" } ] } </pre></code> Try a similar construct (with the addition of "password, of course). As the Usage Notes above mention, multi-value fields like "permissions" and "roles" are singular in JSON, so they become "permission" and "role". That might be the root of the problem you're having.
    • Good call on using stack overflow. I wondered why these forums were so sparse. Thanks for the heads up.
      • Mike, I invite your thoughts on deactivating comments: https://github.com/marklogic/RunDMC/issues/622.
  • I'm trying to create a user from the command line using a predefined role based on an LDAP group. I've tried many iterations the JSON with the curl command and cannot figure out what the complex structure of the JSON would be. curl -X POST --anyauth -u admin:$(cat pass) --header "Content-Type:application/json" -d '{"user-name":"joe", "password": "cool", "permissions": { "permission": { "role-name": [ "my-ldap-dept-role":"read" ] }}}' http://localhost:8002/manage/v2/users
    • Please see my post above. I fail at replying on Disqus, apparently. Sorry about that.
    • Found it by looking at the JSON format located: http://localhost:8002/manage/v2/users/joe/properties?format=json curl -X POST --anyauth -u admin:$(cat pass) --header "Content-Type:application/json" -d '{"user-name":"joe","description":"test account", "password": "cool", "permission":[{"role-name":"my-ldap-dept-role", "capability":"read"}]} ' http://localhost:8002/manage/v2/users
Powered by MarkLogic Server 7.0-4.1 and rundmc | Terms of Use | Privacy Policy