This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to maintain a global system admin user?

Posted on 03-31-2015 08:29 PM
asurajpai
New Member
Reply posted on --/--/---- --:-- AM

During the installation of a “global system Admin / global admin password” is created.

What is the correct approach to maintain this user. Can there be more than one admin user ?

What distinguishes the global admin user from other users.

In case there can be only 1 admin user, how can I replace the user by a different one ( = different email address) ?

Solved Solved
0 3 1,002
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
paulmibus
Staff
Reply posted on --/--/---- --:-- AM

Only one user is used for administrative tasks by the built in scripts. That user is defined in the ADMIN_EMAIL variable, found in your apigee-env.sh file located in the apigee4/bin subdirectory. If you want to change the user ID that your management scripts use, change that variable. While only a single user is used for administrative tasks, there can be more than one global sysadmin user. Any user who is a member of the "sysadmin" global user role will have full permissions to all resources. To create a new user, use the following example call (replace values between <> brackets): 

> curl -u <ADMIN_USER>:<ADMIN_PASS> http://<MSIP>:<PORT>/v1/users -X POST -H content-type:application/json -d '{"emailId": "testuser@yourdomain.com", "firstName": "test", "lastName": "test", "password": "SecretPassword123!"}'

Once you have created a new global user, add that user to the global sysadmin role with the following example call (replace values between <> brackets): 

> curl -u <ADMIN_USER>:<ADMIN_PASS> http://<MSIP>:<PORT>/v1/userroles/sysadmin/users -X POST -d "id=testuser@yourdomain.com"

The new user will have the same permissions as your existing global sysadmin user. If you would like to use that user for administrative scripts, simply update your apigee-env.sh file. To view users assigned to the global sysadmin role, use the following call: 

> curl -u <ADMIN_USER>:<ADMIN_PASS> http://<MSIP>:<PORT>/v1/userroles/sysadmin/users

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
paulmibus
Staff
Reply posted on --/--/---- --:-- AM

Only one user is used for administrative tasks by the built in scripts. That user is defined in the ADMIN_EMAIL variable, found in your apigee-env.sh file located in the apigee4/bin subdirectory. If you want to change the user ID that your management scripts use, change that variable. While only a single user is used for administrative tasks, there can be more than one global sysadmin user. Any user who is a member of the "sysadmin" global user role will have full permissions to all resources. To create a new user, use the following example call (replace values between <> brackets): 

> curl -u <ADMIN_USER>:<ADMIN_PASS> http://<MSIP>:<PORT>/v1/users -X POST -H content-type:application/json -d '{"emailId": "testuser@yourdomain.com", "firstName": "test", "lastName": "test", "password": "SecretPassword123!"}'

Once you have created a new global user, add that user to the global sysadmin role with the following example call (replace values between <> brackets): 

> curl -u <ADMIN_USER>:<ADMIN_PASS> http://<MSIP>:<PORT>/v1/userroles/sysadmin/users -X POST -d "id=testuser@yourdomain.com"

The new user will have the same permissions as your existing global sysadmin user. If you would like to use that user for administrative scripts, simply update your apigee-env.sh file. To view users assigned to the global sysadmin role, use the following call: 

> curl -u <ADMIN_USER>:<ADMIN_PASS> http://<MSIP>:<PORT>/v1/userroles/sysadmin/users
Jump to Solution

Posted on --/--/---- --:-- AM
sgilson
New Member
In response to paulmibus
Reply posted on --/--/---- --:-- AM

Thanks Paul, I'll add this info to the doc.

Stephen

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
paulmibus
Staff
Reply posted on --/--/---- --:-- AM

A couple additional points on this one:

1) If you switch to a different user as your global sysadmin account for scripting and administration, be sure to run apigee4/bin/chpasswd-system.sh after you update apigee-env.sh with the new admin email. The chpasswd-system.sh script will update the encrypted credentials that the Apigee Enterprise UI uses to communicate with the management API.

2) If you simply wish to update the email of the user, you can use the following curl command:

> curl -iu <current_admin_email> 'http://localhost:8080/v1/users/<current_admin_email>' -X PUT -d '{"emailId": "<new_admin_email>", "lastName": "admin", "firstName": "admin"}' -H content-type:application/json
Jump to Solution
0 Likes