Limiting the user information that is returned by usermgmt
API calls
By default, a user without the Administer platform or
Manage users permission can see detailed information about other IBM Cloud Pak® for Data users by running usermgmt
API calls. You can set the usermgmt_limit_user_info
parameter to limit the
information that is returned by the API calls.
- Who needs to complete this task?
- To complete this task, you must be either:
- A cluster administrator
- An administrator of the project where Cloud Pak for Data is installed
- When do you need to complete this task?
- Complete this task before you give users access to Cloud Pak for Data.
4.6.5 or laterStarting with Cloud Pak for Data Version 4.6.5, the
usermgmt_limit_user_info
is set totrue
by default.
About this task
By default, when a user without the Administer platform or
Manage users permission runs usermgmt
API calls, they can
see detailed user records. For example:
[
{
"uid": "1000331009",
"username": "user@email.com",
"displayName": "First Last",
"email": "user@email.com",
"approval_status": "approved",
"permissions": [
"sign_in_only",
"administrator",
"can_provision"
],
"user_roles": [
"zen_user_role",
"zen_administrator_role"
],
"current_account_status": "enabled",
"internal_user": false,
"deletable": true,
"authenticator": "external",
"created_timestamp": 1663963657537,
"last_modified_timestamp": 1665614744277,
"misc": {
"dark_mode": false
},
"role": "Admin",
"groups": [
{
"group_id": 10000,
"name": "All users",
"description": "All users are implicitly part of this group",
"created_by": "",
"created_at": "",
"updated_at": "",
"misc": {},
"members_count": "5"
}
],
"group_roles": []
},
.
.
.
]
However, if you set the usermgmt_limit_user_info
parameter to
true
, the API calls return a subset of the properties in the user record. For
example:
[
{
"uid": "1000331009",
"username": "user@email.com",
"displayName": "First Last",
"email": "user@email.com",
"permissions": [
"User"
],
"role": "User",
"user_roles": [
"sign_in_only"
],
"groups": [],
"group_roles": []
},
.
.
.
]
The limited record includes only the parameters that are necessary for other features, such as adding a user to a project and deployment space.
Procedure
Results
usermgmt
API calls is limited."usermgmt_limit_user_info":"false"
.