User Management

A user is a known identity with a associated set of data and/or administrative access permissions. It can be a person or a software/hardware agent.

Users are managed using the web-based interface of the Connectware. You can add or delete users, edit their permissions and change their the password.

You can also create or modify roles which help you organize and share a set of permissions with multiple users.

Note

Any user who desires to modify roles or users needs the admin role or corresponding permissions.

Create a user with permissions

  1. Press the + button in the toolbar to add a user.

    ../_images/users_add.png
  2. Enter the user name (5 characters minimium) and password in the Create User dialog and click CREATE.

    ../_images/users_create.png
  3. Click on the table row for the newly created user.

../_images/users_select.png
  1. In the Additional Permissions section select the type of permission you want to add. This can be either data (MQTT broker) or api (HTTP Routes) and press the + button. (data access)

../_images/users_select_type.png
  1. In the Add Permission dialog select the access type (read, write or readWrite) and enter in the resource path (both data and api follow MQTT topic structures) the permission should be valid for. The specified topic can be either a single topic or a wildcard.

../_images/users_add_permission.png

Important

The resource path on api permission follow an MQTT topic structure. This means both wildcards ( “#” and “+”) are valid expressions and paths should start with a leading “slash”.

  1. Press the SAVE button to persist the changes to the user.

../_images/users_save.png

Delete a user

  1. Go to the Users menu.

../_images/sidebar_2.png
  1. Click on the table row of the user you would like to delete.

../_images/users_select.png
  1. Click the delete action in the user detail view.

../_images/users_delete_button.png
  1. Click the confirm button in the dialog.

../_images/users_delete_dialog.png

Change user password

  1. Go to the Users menu.

../_images/sidebar_2.png
  1. Click on the table row of the user you would like to update.

../_images/users_select.png
  1. Click the update password action in the user detail view.

../_images/users_update_password_button.png
  1. Type in the new password twice and click the confirm button in the dialog.

../_images/users_update_password_dialog.png
  1. Press the SAVE button to persist the changes to the user.

../_images/users_save.png

Add role to user

  1. Go to the Users menu.

../_images/sidebar_2.png
  1. Click on the table row of the user you would like update.

../_images/users_select.png
  1. Click on the ROLES field. A list of available Roles should be displayed.

../_images/user_roles.png
  1. Click on the desired role.

../_images/users_roles_add.png
  1. Press the SAVE button to persist the changes for the user.

../_images/users_roles_save.png

Remove role from user

  1. Go to the Users menu.

../_images/sidebar_2.png
  1. Click on the table row of the user you would like update.

../_images/users_select.png
  1. Click on the X on the role you would like to remove.

../_images/users_roles_remove.png
  1. Press the SAVE button to persist the changes for the user.

../_images/users_roles_save.png

Create a role with permissions

  1. On the navigation panel click on User Management to expand the menu.

../_images/sidebar_1.png
  1. Go to the Roles menu.

../_images/roles_menu.png
  1. Press the + button in the toolbar to add a role.

    ../_images/roles_add.png
  2. Enter the role name in the Create Role dialog and click CREATE.

    ../_images/roles_add_dialog.png
  3. Click on the newly created role.

../_images/roles_select.png
  1. In the Permissions section select the type of permission you want to add. This can be either data (MQTT broker) or api (HTTP Routes) and press the + button. (data access)

../_images/roles_add_permission.png
  1. In the Add Permission dialog select the access type (read, write or readWrite) and enter in the resource path (both data and api follow mqtt topic structures) the permission should be valid for. The specified topic can be either a single topic or a wildcard.

../_images/roles_add_permission_dialog.png
  1. Press the SAVE button to persist the changes for the role.

../_images/roles_save.png

Delete role

  1. Go to the Roles menu.

../_images/roles_menu.png
  1. Click on the table row of the user you would like to delete.

../_images/roles_select_new.png
  1. Click the delete action in the role detail view.

../_images/roles_delete_button.png
  1. Click the confirm button in the dialog.

../_images/roles_delete_dialog.png

MQTT users

The credentials of a User with grant type password can be used with an MQTT client to connect, subscribe and/or publish. . Subscriptions are possible on the associated readable topics (marked as read), whereas the associated data write permissions define the topics available for publishing (marked as write).

API Definition

POST /api/users

Create a new user

Status Codes
GET /api/users

List users

Query Parameters
  • username[eq] (string) – Filter by equal to username

Status Codes
GET /api/users/{id}

Get a specific user

Parameters
  • id (string) – Id of user

Status Codes
PUT /api/users/{id}

Update an existing user

Parameters
  • id (string) – Id of user

Status Codes
DELETE /api/users/{id}

Delete an existing user

Parameters
  • id (string) – Id of user

Status Codes
POST /api/users/{id}/certificates

Add a new certificate to a user

Parameters
  • id (string) – Id of user

Status Codes
PUT /api/users/{id}/certificates

Update an existing certificate

Parameters
  • id (string) – Id of user

Status Codes
DELETE /api/users/{id}/certificates

Delete an existing certificate

Parameters
  • id (string) – Id of user

Status Codes
POST /api/users/{id}/roles

Add a new role to a user

Parameters
  • id (string) – Id of user

Status Codes
DELETE /api/users/{id}/roles

Remove a role from a user

Parameters
  • id (string) – Id of user

Status Codes
POST /api/roles

Create a new role

Status Codes
GET /api/roles

List roles

Query Parameters
  • name[eq] (string) – Filter by equal to name

Status Codes
GET /api/roles/{id}

Get a specific role

Parameters
  • id (string) – Id of role

Status Codes
PUT /api/roles/{id}

Update an existing role

Parameters
  • id (string) – Id of role

Status Codes
DELETE /api/roles/{id}

Delete an existing role

Parameters
  • id (string) – Id of role

Status Codes
GET /api/roles/{id}/permissions

List permissions

Parameters
  • id (string) – Id of role

Status Codes
POST /api/roles/{id}/permissions

Add a new permission to a role

Parameters
  • id (string) – Id of role

Status Codes
GET /api/roles/{id}/permissions/{pemId}

Update an existing permission

Parameters
  • id (string) – Id of role

  • pemId (string) – Id of permission

Status Codes
PUT /api/roles/{id}/permissions/{pemId}

Update an existing permission

Parameters
  • id (string) – Id of role

  • pemId (string) – Id of permission

Status Codes
DELETE /api/roles/{id}/permissions/{pemId}

Delete an existing permission

Parameters
  • id (string) – Id of role

  • pemId (string) – Id of permission

Status Codes
POST /api/authenticate

Validate authentication claim

Status Codes
POST /api/authorize

Validate authorization claim

Status Codes
POST /api/login

Login into the cybus connectware

Status Codes
POST /api/logout

Logout of the cybus connectware

Status Codes
POST /api/client-registry/register

Endpoint for self-registration of clients

Status Codes
  • 201 Created – Granted. The registration request has been confirmed, proceed to login

  • 202 Accepted – Pending. The registration request has been accepted but needs to be confirmed. Try again later.

  • 400 Bad Request – Invalid Request.

  • 409 Conflict – Conflict. Might indicate that a conflicting registration is pending or a conflicting user is already existing.

  • 423 Locked – Locked. The registration endpoint is currently not open. Try again later.

GET /api/client-registry

Receive a list of all pending registration requests

Status Codes
GET /api/client-registry/status

Return the current lock status of the registration endpoint

Status Codes
POST /api/client-registry/open

Open the registration endpoint temporarily

Status Codes
POST /api/client-registry/lock

Lock the registration endpoint now. This will flush the internal request cache.

Status Codes
POST /api/client-registry/confirm

Confirm a single authentication request

Status Codes
GET /api/v1/certs/list/approved

Current list of approved certificates/principals

Status Codes
GET /api/auth/healthz

Meta endpoint that returns 200 if server is ready

Status Codes
GET /api/compat/v1/grantees

List all grantees

Status Codes
POST /api/compat/v1/grantees

Create a new grantee

Status Codes
GET /api/compat/v1/grantees/{idOrName}

Get a grantee

Parameters
  • idOrName (string) – Grantee ID

Status Codes
PUT /api/compat/v1/grantees/{idOrName}

Update a grantee by ID

Parameters
  • idOrName (string) – Grantee ID

Status Codes
DELETE /api/compat/v1/grantees/{idOrName}

Delete a grantee by ID

Parameters
  • idOrName (string) – Grantee ID

Status Codes
GET /api/compat/v1/acls

List all permissions granted

List all permissions with their current configuration and associated services

Status Codes
POST /api/compat/v1/acls

Create a new ACL

Status Codes
GET /api/compat/v1/acls/{id}

Get an ACL

Parameters
  • id (string) – ACL ID

Status Codes
DELETE /api/compat/v1/acls/{id}

Delete a permission by ID

Parameters
  • id (string) – ACL ID

Status Codes