User management
Reference
Find users
Find users by default only returns an array of object with the least possible data (id, surname, firstname, an optional image and some important settings) for privacy reasons. If you want a detailed list, the requesting user must have IAM permission “user.extendedList” and you have to send the parameter “extended” as true in your request payload.
Create a new user
Update an existing user
Updates existing user data. This includes changes in regard to user-app-relations (e.g. adminLevel for a certain app or adding a new app for the user).
Example
Make a self-registered or IDP created mediahub user a regular (paid) one
PUT IAM/v1/user/:id
{
"userappauthorization": {
"clientId": "CLIENT-ID-OF-APP-TO_ADD",
"reason": "Support request AC-123456",
"flag": 0,
"adminLevel": 0
},
// "securityGroupIds": [1] // optional, depending on app
}Delete an existing user
Depending on several factors, the user will be marked as deleted, anonymized or finally deleted.
Generally, if you send a clientId with the delete request, only the relation between user and app (clientId) will be removed.
Bound to customer account
If a user is bound to a customer account (released is not set or 0), the customer account has all permissions to mange the user. If the user to be destroyed has contributed data to AdmiralCloud it will never be deleted but only anonymized (default setting) or just marked as deleted. Otherwise the user will be finally deleted. The same is true for user-app-relations: They will be marked as deleted (flag 99) if the user has contributed data to this app, otherwise the relation will be deleted from our database.
User without a customer account
If a user has no customer account or has been released destroying the user only has an affect on apps related to the customer account trying to destroy it. The user itself will never be changed or deleted. This kind of user can only delete themselves.
Anonymizing
If a user has contributed data, it is no longer possible to delete that user from the database. Instead, the default setting is to anonymize that user. The user will get a random name and firstname, as well as a random e-mail-address from domain “deactivatedusers.admiralcloud.com”. All settings of the user that can identify the user will be removed from the user model (e.g. individual configuration, location info).
ClientId is set
- only the relation between clientId and userId is deleted (no contribution) or marked deleted (user has made contribution)
- the user data is left intact
User belongs to customer
- relations between userId and all clientIds/apps are either deleted (no contribution) or marked deleted (contribution)
- user is anonymized (default) if the user has contributed to any application, if not the user will be completely deleted
User has no customerId
- user has usually registered himself
- user can also be released from a customer account by a customer admin
- only relations between userId and all clientIds/apps are either deleted (no contribution) or marked deleted (contribution)
- user data is left intact
Invite User
Data Model
t
Legacy documentation
Flags
Every user has a flag which is an indicator of the origin of the user. The origin of a user is stored in field “origin”. As a user can be authorized for many apps, the flag is now on user-app-relation level (see introduction at the top of this article)
| Flag | Meaning | Count* | Notes |
|---|---|---|---|
| 0 | Manually created user/created in AC web app | yes | This is the default flag for users |
| 1 | Users is in trash | yes | User is in trash but can be re-activated |
| 2 | Pending approval? | ||
| 9 | Users from AC-Team | no | This is usually a support user from AC Team |
| 10 | User created by IdP | pending | |
| 11 | External users with no login to AC client, they can be allowed to certain rules via app configuration | pending | |
| 12 | Self registered users | pending | |
| 13 | Users created by Dropsite | no |