-
Notifications
You must be signed in to change notification settings - Fork 0
Boss User Management Tutorial
ndio allows programmatic user management. Only users with either the admin
role or the user-manager role may access the user management functions of
the Boss API.
user_add()user_get()user_delete()user_add_role()user_get_roles()user_delete_role()
To list the groups a user belongs to requires either the admin role or the resource-manager role.
user_get_groups()
First, let's create a new user. We'll also retrieve the user's data after creation to demonstrate how and to show what the returned data looks like.
from ndio.remote.boss.remote import Remote
from ndio.ndresource.boss.resource import *
rmt = Remote()
user = 'jdoe'
rmt.user_add(user, 'John', 'Doe', '[email protected]', 'secure_password')
user_data = rmt.user_get(user)
print(user_data)Notice that the Boss does not return the user's password, as you would expect.
Next, let's demonstrate how to add a role to a user. See the Boss
documentation for more about user roles. We'll make John a resource-manager. The resource-manager role lets
a user manage the data model. This includes creation and deletion as well as
assigning permissions to various objects in the data model.
rmt.user_add_role(user, 'resource-manager')
print(rmt.user_get_roles(user))Notice that we also retrieved the roles assigned to John. Besides the
resource-manager role we assigned, John also has role called default. All
users have this role assigned to them. This role is called 'User' in the Boss
documentation.
Now let's pretend that we didn't want to make John a resource-manager, so
let's remove that role.
rmt.user_delete_role(user, 'resource-manager')
print(rmt.user_get_roles(user))Access to resources is based on group membership. Access control is covered
in detail in the
[Boss Project Auth](https://github.com/jhuapl-boss/ndio/wiki/Boss Project Auth Tutorial) tutorial.
ndio provides a method to list the user's groups. As mentioned at the
beginning of the tutorial, this method requires either the admin role or the
resource-manager role.
print(rmt.user_get_groups(user))Note that John is already a member of the boss-public group. All users are
added to this group by default.
Finally, let's remove John from the Boss.
rmt.user_delete(user)