projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'master' into 16678-login-tokens-lifetime-config
[arvados.git] / doc / admin / user-management-cli.html.textile.liquid
1 ---
2 layout: default
3 navsection: admin
4 title: User management at the CLI
5 ...
6 {% comment %}
7 Copyright (C) The Arvados Authors. All rights reserved.
8
9 SPDX-License-Identifier: CC-BY-SA-3.0
10 {% endcomment %}
11
12 Initial setup
13
14 <pre>
15 ARVADOS_API_HOST={{ site.arvados_api_host }}
16 ARVADOS_API_TOKEN=1234567890qwertyuiopasdfghjklzxcvbnm1234567890zzzz
17 </pre>
18
19 In these examples, @x1u39-tpzed-3kz0nwtjehhl0u4@ is the sample user account.  Replace with the uuid of the user you wish to manipulate.
20
21 See "user management":{{site.baseurl}}/admin/activation.html for an overview of how to use these commands.
22
23 h3. Setup a user
24
25 This creates a default git repository and VM login.  Enables user to self-activate using Workbench.
26
27 <pre>
28 arv user setup --uuid x1u39-tpzed-3kz0nwtjehhl0u4
29 </pre>
30
31 h3. Deactivate user
32
33 <pre>
34 arv user unsetup --uuid x1u39-tpzed-3kz0nwtjehhl0u4
35 </pre>
36
37 When deactivating a user, you may also want to "reassign ownership of their data":{{site.baseurl}}/admin/reassign-ownership.html .
38
39 h3. Directly activate user
40
41 <pre>
42 arv user update --uuid "x1u39-tpzed-3kz0nwtjehhl0u4" --user '{"is_active":true}'
43 </pre>
44
45 Note this bypasses user agreements checks, and does not set up the user with a default git repository or VM login.
46
47
48 h2. Permissions
49
50 h3. VM login
51
52 Give @$user_uuid@ permission to log in to @$vm_uuid@ as @$target_username@
53
54 <pre>
55 user_uuid=xxxxxxxchangeme
56 vm_uuid=xxxxxxxchangeme
57 target_username=xxxxxxxchangeme
58
59 read -rd $'\000' newlink <<EOF; arv link create --link "$newlink"
60 {
61 "tail_uuid":"$user_uuid",
62 "head_uuid":"$vm_uuid",
63 "link_class":"permission",
64 "name":"can_login",
65 "properties":{"username":"$target_username"}
66 }
67 EOF
68 </pre>
69
70 h3. Git repository
71
72 Give @$user_uuid@ permission to commit to @$repo_uuid@ as @$repo_username@
73
74 <pre>
75 user_uuid=xxxxxxxchangeme
76 repo_uuid=xxxxxxxchangeme
77 repo_username=xxxxxxxchangeme
78
79 read -rd $'\000' newlink <<EOF; arv link create --link "$newlink"
80 {
81 "tail_uuid":"$user_uuid",
82 "head_uuid":"$repo_uuid",
83 "link_class":"permission",
84 "name":"can_write",
85 "properties":{"username":"$repo_username"}
86 }
87 EOF
88 </pre>