You can remove a user from an API Connect user registry by
using the developer toolkit
CLI.
Before you begin
To complete this task, you must have Administrator access to your API Connect cloud, or be the
owner of a provider organization, depending on the scope of the user registry.
You cannot remove a user from a user registry if that user is a member of the Cloud Manager admin organization, a
provider organization, or a consumer organization, and that user registry is used for the associated
login. Before removing a user from a user registry, ensure that they have been deleted from any
organizations for which that user registry is used for login. For more information, see Deleting a member or
Removing a
user from an organization.
Procedure
- Log in to the management server.
- If the user registry is defined at the cloud administration level, and therefore available to
all provider organizations, you must log in as a member of the Cloud Manager admin organization.
- If the user registry is defined at a provider organization level, and therefore specific to that
provider organization, you must log in as the organization owner.
For full details of the apic login
command, see Logging in to a management
server.
Note: If the same user registry is used for both the Cloud Manager and API
Manager user interfaces, and
the user has access to both, when you remove them from the user registry they will lose access to
both even though you are logging in to the admin organization.
- Identify the name of the user registry from which you want to remove the user. Enter the
following command:
apic user-registries:list --server mgmt_endpoint_url --org organization_name
where
organization_name has the value
admin
if you are logged in as a
member of the
Cloud Manager admin
organization, or is the name of the provider organization if you are logged in as an organization
owner.
For
example:
apic user-registries:list --server platform-api.myserver.com.com --org admin
The
command returns a list of all user registries, with the registry name displayed first; for
example:
api-manager-lur https://platform-api.myserver.com.com/api/user-registries/3283e897-1d23-4fac-acf5-0193d0b2c1b5/4438937a-6ad0-4eaa-9163-820888ac6245
cloud-manager-lur https://platform-api.myserver.com/api/user-registries/3283e897-1d23-4fac-acf5-0193d0b2c1b5/3adbf524-cd74-4051-99c0-89ce5ffcc9c0
my-ldap https://platform-api.myserver.com/api/user-registries/3283e897-1d23-4fac-acf5-0193d0b2c1b5/29eae413-cd74-4051-99c0-89ce5ffcc9c0
- Identify the name of the user, from the required user registry, that you want to remove.
Enter the following
command:
apic users:list --server mgmt_endpoint_url --org organization_name --user-registry user_registry_name
For
example:
apic users:list --server platform-api.myserver.com.com --org admin --user-registry my-ldap
The
command returns a list of all users in the user registry, with the user name displayed first; for
example:
user1 [state: enabled] https://platform-api.myserver.com.com/api/user-registries/32830897-1d23-4fac-acf5-0193d0b2c1b5/4438937a-6ad0-4eaa-9163-820888ac6245/users/040adb11-e9a4-4d93-9c2e-62a974da0689
user2 [state: enabled] https://platform-api.myserver.com.com/api/user-registries/32830897-1d23-4fac-acf5-0193d0b2c1b5/4438937a-6ad0-4eaa-9163-820888ac6245/users/12f1aa82-d9f0-4670-99f1-7500d1fb6583
- Remove the required user from the user registry. Enter the following
command:
apic users:delete user_name --server mgmt_endpoint_url --org organization_name --user-registry user_registry_name
For
example:
apic users:delete user1 --server platform-api.myserver.com.com --org admin --user-registry my-ldap
The
command confirms successful removal by returning the details of the deleted user; for
example:
user1 [state: enabled] https://platform-api.myserver.com.com/api/user-registries/32830897-1d23-4fac-acf5-0193d0b2c1b5/4438937a-6ad0-4eaa-9163-820888ac6245/users/040adb11-e9a4-4d93-9c2e-62a974da0689