Topic
  • 3 replies
  • Latest Post - ‏2013-05-06T12:48:59Z by kenhygh
9EBU_CZ30001
9EBU_CZ30001
16 Posts

Pinned topic How to create user group and user with SOMA request

‏2013-05-04T17:48:47Z |
  • kenhygh
    kenhygh
    2039 Posts

    Re: How to create user group and user with SOMA request

    ‏2013-05-05T11:04:24Z  

     

    I marked variables you'll need to set with '$variable'

     

    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
        <env:Body>
            <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="$DomainName">
                <dp:set-config>
                    <UserGroup name="$NewGroupName">
                        <AccessPolicies>*/$DomainName/*?Access=r+w+a+d+x</AccessPolicies>
                        <CommandGroup>configuration</CommandGroup>
                        <CommandGroup>common</CommandGroup>
                    </UserGroup>
                </dp:set-config>
            </dp:request>
            <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="default">
                <dp:set-config>
                    <User name="$UserName">
                        <Password>$StartingPassword</Password>
                        <GroupName>$NewGroupName</GroupName>
                        <AccessLevel>group-defined</AccessLevel>
                    </User>
                </dp:set-config>
            </dp:request>
            <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="default">
                <dp:modify-config>
                    <Domain name="$Domain">
                        <DomainUser class="User">$UserName</DomainUser>
                    </Domain>
                </dp:modify-config>
            </dp:request>
            <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="default">
                <dp:do-action>
                    <SaveConfig/>
                </dp:do-action>
            </dp:request>
        </env:Body>
    </env:Envelope>
  • 9EBU_CZ30001
    9EBU_CZ30001
    16 Posts

    Re: How to create user group and user with SOMA request

    ‏2013-05-05T21:53:40Z  
    • kenhygh
    • ‏2013-05-05T11:04:24Z

     

    I marked variables you'll need to set with '$variable'

     

    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
        <env:Body>
            <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="$DomainName">
                <dp:set-config>
                    <UserGroup name="$NewGroupName">
                        <AccessPolicies>*/$DomainName/*?Access=r+w+a+d+x</AccessPolicies>
                        <CommandGroup>configuration</CommandGroup>
                        <CommandGroup>common</CommandGroup>
                    </UserGroup>
                </dp:set-config>
            </dp:request>
            <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="default">
                <dp:set-config>
                    <User name="$UserName">
                        <Password>$StartingPassword</Password>
                        <GroupName>$NewGroupName</GroupName>
                        <AccessLevel>group-defined</AccessLevel>
                    </User>
                </dp:set-config>
            </dp:request>
            <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="default">
                <dp:modify-config>
                    <Domain name="$Domain">
                        <DomainUser class="User">$UserName</DomainUser>
                    </Domain>
                </dp:modify-config>
            </dp:request>
            <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="default">
                <dp:do-action>
                    <SaveConfig/>
                </dp:do-action>
            </dp:request>
        </env:Body>
    </env:Envelope>

    I got "Access Denied" error for the request

    <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="MyDomain">
                <dp:set-config>
                    <UserGroup name="MyDomainGrp">
                        <AccessPolicies>*/MyDomain/*?Access=r+w+a+d+x</AccessPolicies>
                        <CommandGroup>configuration</CommandGroup>
                        <CommandGroup>common</CommandGroup>
                    </UserGroup>
                </dp:set-config>
            </dp:request>
     

    I can make it work if change domain to "default"

    <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="default">
                 <dp:set-config>
                    <UserGroup name="MyDomainGrp">
                        <AccessPolicies>*/MyDomain/*?Access=r+w+a+d+x</AccessPolicies>
                        <CommandGroup>configuration</CommandGroup>
                        <CommandGroup>common</CommandGroup>
                    </UserGroup>
                </dp:set-config>
            </dp:request>
     

    Do User and User Group managment have to be under "default" domain?

  • kenhygh
    kenhygh
    2039 Posts

    Re: How to create user group and user with SOMA request

    ‏2013-05-06T12:48:59Z  

    I got "Access Denied" error for the request

    <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="MyDomain">
                <dp:set-config>
                    <UserGroup name="MyDomainGrp">
                        <AccessPolicies>*/MyDomain/*?Access=r+w+a+d+x</AccessPolicies>
                        <CommandGroup>configuration</CommandGroup>
                        <CommandGroup>common</CommandGroup>
                    </UserGroup>
                </dp:set-config>
            </dp:request>
     

    I can make it work if change domain to "default"

    <dp:request xmlns:dp="http://www.datapower.com/schemas/management" domain="default">
                 <dp:set-config>
                    <UserGroup name="MyDomainGrp">
                        <AccessPolicies>*/MyDomain/*?Access=r+w+a+d+x</AccessPolicies>
                        <CommandGroup>configuration</CommandGroup>
                        <CommandGroup>common</CommandGroup>
                    </UserGroup>
                </dp:set-config>
            </dp:request>
     

    Do User and User Group managment have to be under "default" domain?

    Well, if you think about it, users and groups have permissions to access domains. So yes, you have to login to the default domain in order to update users and groups.

    Ken