X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a7631a1ccb6e2a6925d00a06562e171c4ce4ea2f..950e76c1dc342ffe79080c9ef911e841675b7b0b:/doc/admin/user-management-cli.html.textile.liquid diff --git a/doc/admin/user-management-cli.html.textile.liquid b/doc/admin/user-management-cli.html.textile.liquid index 6892176604..a495d5ecf6 100644 --- a/doc/admin/user-management-cli.html.textile.liquid +++ b/doc/admin/user-management-cli.html.textile.liquid @@ -18,7 +18,7 @@ ARVADOS_API_TOKEN=1234567890qwertyuiopasdfghjklzxcvbnm1234567890zzzz In these examples, @zzzzz-tpzed-3kz0nwtjehhl0u4@ is the sample user account. Replace with the uuid of the user you wish to manipulate. -See "user management":{{site.baseurl}}/admin/activation.html for an overview of how to use these commands. +See "user management":{{site.baseurl}}/admin/user-management.html for an overview of how to use these commands. h3. Setup a user @@ -40,7 +40,7 @@ h3. Deactivate user When deactivating a user, you may also want to "reassign ownership of their data":{{site.baseurl}}/admin/reassign-ownership.html . -h3. Directly activate user +h3(#activate-user). Directly activate user 
$ arv user update --uuid "zzzzz-tpzed-3kz0nwtjehhl0u4" --user '{"is_active":true}'
@@ -65,11 +65,9 @@ As an admin, you can create tokens for other users.
  "modified_by_client_uuid":null,
  "modified_by_user_uuid":null,
  "modified_at":null,
- "user_id":3,
  "api_client_id":7,
  "api_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "created_by_ip_address":null,
- "default_owner_uuid":null,
  "expires_at":null,
  "last_used_at":null,
  "last_used_by_ip_address":null,
@@ -85,44 +83,62 @@ To get the token string, combine the values of @uuid@ and @api_token@ in the for
 ARVADOS_API_TOKEN=v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-h2. Adding Permissions +h3(#delete-token). Delete a single token -h3. VM login +As a user or admin, if you need to revoke a specific, known token, for example a token that may have been leaked to an unauthorized party, you can delete it at the command line. -Give @$user_uuid@ permission to log in to @$vm_uuid@ as @$target_username@ +First, determine the token UUID. If it is a "v2" format token (starts with "v2/") then the token UUID is middle section between the two slashes. For example: 
-user_uuid=xxxxxxxchangeme
-vm_uuid=xxxxxxxchangeme
-target_username=xxxxxxxchangeme
+v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
-read -rd $'\000' newlink < +$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv --format=uuid api_client_authorization current +zzzzz-gj3su-yyyyyyyyyyyyyyy -h3. Git repository +Now you can delete the token: -Give @$user_uuid@ permission to commit to @$repo_uuid@ as @$repo_username@ +
+$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv api_client_authorization delete --uuid zzzzz-gj3su-yyyyyyyyyyyyyyy
+
+ +h3(#delete-all-tokens). Delete all tokens belonging to a user + +First, "obtain a valid token for the user.":#create-token + +Then, use that token to get all the user's tokens, and delete each one: + +
+$ ARVADOS_API_TOKEN=xxxxtoken-belonging-to-user-whose-tokens-will-be-deletedxxxxxxxx ; \
+for uuid in $(arv --format=uuid api_client_authorization list) ; do \
+arv api_client_authorization delete --uuid $uuid ; \
+done
+
+ +h2. Adding Permissions + +h3(#vm-login). VM login + +Give @$user_uuid@ permission to log in to @$vm_uuid@ as @$target_username@ and make sure that @$target_username@ is a member of the @docker@ group 
 user_uuid=xxxxxxxchangeme
-repo_uuid=xxxxxxxchangeme
-repo_username=xxxxxxxchangeme
+vm_uuid=xxxxxxxchangeme
+target_username=xxxxxxxchangeme
 
 read -rd $'\000' newlink <