Removing another user from a user registry

You can remove a user from an API Connect user registry by using the developer toolkit CLI.

Before you begin

To complete this task, you must have Administrator access to your API Connect cloud, or be the owner of a provider organization, depending on the scope of the user registry.

You cannot remove a user from a user registry if that user is a member of the Cloud Manager admin organization, a provider organization, or a consumer organization, and that user registry is used for the associated login. Before removing a user from a user registry, ensure that they have been deleted from any organizations for which that user registry is used for login. For more information, see Deleting a member or Removing a user from an organization.

Procedure

  1. Log in to the management server.
    • If the user registry is defined at the cloud administration level, and therefore available to all provider organizations, you must log in as a member of the Cloud Manager admin organization.
    • If the user registry is defined at a provider organization level, and therefore specific to that provider organization, you must log in as the organization owner.

    For full details of the apic login command, see Logging in to a management server.

    Note: If the same user registry is used for both the Cloud Manager and API Manager user interfaces, and the user has access to both, when you remove them from the user registry they will lose access to both even though you are logging in to the admin organization.
  2. Identify the name of the user registry from which you want to remove the user. Enter the following command:
    apic user-registries:list --server mgmt_endpoint_url --org organization_name
    where organization_name has the value admin if you are logged in as a member of the Cloud Manager admin organization, or is the name of the provider organization if you are logged in as an organization owner.
    For example:
    apic user-registries:list --server platform-api.myserver.com.com --org admin
    The command returns a list of all user registries, with the registry name displayed first; for example:
    api-manager-lur     https://platform-api.myserver.com.com/api/user-registries/3283e897-1d23-4fac-acf5-0193d0b2c1b5/4438937a-6ad0-4eaa-9163-820888ac6245   
    cloud-manager-lur   https://platform-api.myserver.com/api/user-registries/3283e897-1d23-4fac-acf5-0193d0b2c1b5/3adbf524-cd74-4051-99c0-89ce5ffcc9c0
    my-ldap             https://platform-api.myserver.com/api/user-registries/3283e897-1d23-4fac-acf5-0193d0b2c1b5/29eae413-cd74-4051-99c0-89ce5ffcc9c0
  3. Identify the name of the user, from the required user registry, that you want to remove. Enter the following command:
    apic users:list --server mgmt_endpoint_url --org organization_name --user-registry user_registry_name
    For example:
    apic users:list --server platform-api.myserver.com.com --org admin --user-registry my-ldap
    The command returns a list of all users in the user registry, with the user name displayed first; for example:
    user1     [state: enabled]   https://platform-api.myserver.com.com/api/user-registries/32830897-1d23-4fac-acf5-0193d0b2c1b5/4438937a-6ad0-4eaa-9163-820888ac6245/users/040adb11-e9a4-4d93-9c2e-62a974da0689   
    user2     [state: enabled]   https://platform-api.myserver.com.com/api/user-registries/32830897-1d23-4fac-acf5-0193d0b2c1b5/4438937a-6ad0-4eaa-9163-820888ac6245/users/12f1aa82-d9f0-4670-99f1-7500d1fb6583
  4. Remove the required user from the user registry. Enter the following command:
    apic users:delete user_name --server mgmt_endpoint_url --org organization_name --user-registry user_registry_name
    For example:
    apic users:delete user1 --server platform-api.myserver.com.com --org admin --user-registry my-ldap
    The command confirms successful removal by returning the details of the deleted user; for example:
    user1    [state: enabled]   https://platform-api.myserver.com.com/api/user-registries/32830897-1d23-4fac-acf5-0193d0b2c1b5/4438937a-6ad0-4eaa-9163-820888ac6245/users/040adb11-e9a4-4d93-9c2e-62a974da0689