User Operations¶
Creating a User¶
It might be necessary to create a user. By default, the user will be created without a valid password. The user will only be able to access the system through granted tokens.
To create a user, do the following:
Note
This user will NOT be able to access the system without additional admin action.
Granting a User Token¶
Sometimes as an administrator, it may be necessary to grant a limited use and scope access token to a user. To grant a token, do the following:
This will create a token that is valid for 1 hour and can do anything. Additionally, the CLI can take additional parameters that alter the token's scope (model), actions, and key.
This will create a token that is valid for 10 minutes and can only execute the password API call on the user object named fred.
To use the token in with the CLI, use the -T option.
Deleting a User¶
It might be necessary to remove a reset from the system. To remove a user, do the following:
Revoking a User's Password¶
To clear the password from a user, do the following:
This basically creates an invalid hash which matches no passwords. Issued tokens will still continue to function until their times expire.
Secure User Creation Pattern¶
A secure pattern would be the following:
- Admin creates a new account
- Admin creates a token for that account that only can set the password and sends that token to new user.
- New user uses token to set their password