This is the third part of the course focusing on Optimizing UI/UX with Usage Information. The first part can be found here Get Started, Authorization and Tenant Management: Acronis #CyberFit Developer Training Part I and the second here Management of Offering Items and Applications: Acronis #CyberFit Developer Training Part II.
The hands-on manuals, hands-on code, and presentations are for the full course.
Business Automation and account management training course is focused on the Acronis Cyber Platform Account Management API. It provides you the knowledge and hands-on experience you’ll need to successfully automate the provisioning of accounts, applications, offering items, quota management, user creation, and activation, as well as reports management and much more.
The training’s Hands-on Manuals
The training’s Hands-on Code
The training's presentation in PDF
Users Management
Types of accounts
Administrators: have access to Management Portal and administrator role in all configured services might be limited scope by assigning a specific role
Users: have no access to Management Portal, access to services and role in services defined by an Administrator
Accounts are created within a tenant
Each Customer tenant must have at least 1 Administrator account for service configuration and software installation purposes
Administrators can create and manage tenants and accounts at or below their level in the tenant hierarchy
Administrators at Customer and higher levels can limit access to their tenant by toggling off the Support access to manage this tenant setting. In this case, the API access disables as well.
All operations with user accounts in the cloud platform are located under the /users endpoint. User accounts represent users registered on the platform.
User accounts created in Customer tenant have a personal tenant. Personal tenant represents a tenant bound to a specific user account and is used only to control user account quotas and to collect user account real usage
All users are created inactivated. To activate a user, you need either to send an activation e-mail or set a password. We recommend using the activation e-mail method for better security reasons.
Create, Update, Delete a User
The Acronis Cyber Cloud requires that user login should be unique through all datacenters. Thus before creating a user with a specific login it's needed to check this login availability:
GET /users/check_login?username={login}
To create a user, you only need login and e-mail and tenant_id for which the user is creating. All other fields are to fill your business requirements.
POST /users
{
"tenant_id": "{tenant_id}",
"login": "{login}",
"contact": {
"email": "{e-mail}”
}
To update a user only a current version is required and you can specify only changed values.
POST /users/{user_id}
{
“enabled": false,
“version": "{current_version}"
}
When deleting a user account, all data associated with this user account will be deleted. This operation is not reversible!
Users Activation
After the user account has been successfully created on the platform, it is necessary to perform one of the account activation steps.
There are 2 ways to activate a user account
- Send an email with the account activation link using API. The user will have to open the activation link sent to his/her email address and set the password, in order to be able to log in
- Set a password for the user account using API. The user will be able to log in to the service console using his/her password. This can be useful when implementing custom user account provisioning methods. However, you need to establish a secure communication channel to communicate passwords un-compromised.
Clients can send activation emails only to user accounts located in sub-tenants. This also means that the client cannot perform this operation within its parent tenant
To send activation e-mail use:
POST /users/{user_id}/send-activation-email
The platform enforces the following rules for user account passwords
Password may contain any Unicode and special characters
Password may be empty. The user will not be able to log in using login/password authorization, but it still will be possible to log in using an external login URL
It's possible to only change the passwords of user accounts in sub-tenants. This also means that the client cannot perform this operation within its parent tenant
To activate a user by setting a password:
POST /users/{user_id}/password
{
"password": "newUserPassword312"
}
Enable Roles and Assigning Services
The roles are used to manage user account access to the services available in the same tenant. All operations with the user account roles are located under the /users/{user_id}/access_policies endpoint.
Setting a role with a higher access level, like partner_admin, will override all other roles related to the service(s).
Update request overwrites the current user roles with request content.
User Roles of a Partner Tenant
partner_admin, the "ultimate" administrator (full access to all services available within a tenant, no need to assign other roles)
accounts_admin, the administrator of the Management Portal
accounts_ro_admin, the read-only administrator of Management Portal
protection_admin, the administrator of the Cyber Protection services
protection_ro_admin, the read-only administrator of the Cyber Protection service
readonly_admin, obsolete The non-granular read-only administrator role.
sync_share_admin, the administrator of Cyber Files
User Roles for a Customer Tenant
company_admin, the "ultimate" administrator (full access to all services available within a tenant, no need to assign other roles)
accounts_admin, the administrator of Management Portal
accounts_ro_admin, the read-only administrator of Management Portal
protection_admin, the administrator of the Cyber Protection services
protection_ro_admin, the read-only administrator of the Cyber Protection service
backup_user, the user of the Cyber Protection service
sync_share_admin, the administrator of the Cyber Files services
sync_share_user, a user of the Cyber Files services
notary_admin, the administrator of the Cyber Notary services
notary_user, a user of the Cyber Notary services
readonly_admin, obsolete the non-granular read-only administrator role.
Search for a User
To search for tenants or users:
GET /search
With the following query parameters
- tenant – the root tenant for tenants hierarchy to search
- text – text to search
- limit – limit output (default 10).
The following property values are checked in user accounts:
- Account login – login
- First name – firstname in the contact object
- Last name – lastname in the contact object
- Email address (not displayed in search results) – email in the contact object.
Tenant Usage
Tenants and personal tenants provide metrics of service usage on the level of offering items.
The information about a service usage of the tenant, provided by the /tenants/usages endpoint. It is updated on average every 5-6 hours and intended for UX/UI usage purposes. For usage reports and billing automation, you need to use reports.
Summary
With the third part of Acronis #CyberFit Developer Training for Bussiness Automation, you now know how to manage users and retrieve usage information for UI/UX purposes.
The next part of Acronis #CyberFit Developer Training for Bussiness Automation will discuss usage reporting and working with locations and infrastructure information.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.