Show Table of Contents
22.3.1. Adding a User
The API adds an existing directory service user to the Red Hat Virtualization Manager database with a
POSTrequest to the
userscollection. The client-provided new user representation includes an embedded
roleslist with at least one initial
roleto assign to the user. For example, the following request assigns two initial roles to the user
Example 22.2. Adding a user from directory service and assigning two roles
POST /ovirt-engine/api/users HTTP/1.1 Content-Type: application/xml Accept: application/xml <user> <user_name>email@example.com</user_name> <roles> <role> <name>RHEVMPowerUser</name> </role> <role id="00000000-0000-0000-0001-000000000003"/> </roles> </user>
The new user is identified either by Red Hat Virtualization Manager user ID or via the directory service user principal name (UPN). The user ID format reported from the directory service domain might be different to the expected Red Hat Virtualization Manager format, such as in LDIF  , the ID has the opposite byte order and is base-64 encoded. Hence it is usually more convenient to refer to the new user by UPN.
The user exists in the directory service domain before it is added to the Red Hat Virtualization Manager database. An API user has the option to query this domain through the
domainscollection prior to creation of the user.
Roles are identified either by name or ID. The example above shows both approaches.
22.3.2. Adding Roles to a User
Further roles are attached or detached with
DELETErequests to the roles sub-collection of an individual user. The example below illustrates how the API adds the
RHEVMVDIUserrole to the role assignments for a particular user.
The embedded user roles list of the
userelement is only used for the initial creation. All interactions post-creation with the user's role assignments go through the
Example 22.3. Adding roles to a user
POST /ovirt-engine/api/users/225f15cd-e891-434d-8262-a66808fcb9b1/roles HTTP/1.1 Content-Type: application/xml Accept: application/xml <role> <name>RHEVMVDIUser</name> </role>