Create an account

Creates an account or registers an existing external account.

Request

Security

Table 1. Roles capable of executing the Create Account API method
Any Super User System Admin Security Admin Operator
  superUser   securityAdmin  

HTTP method

POST /manager/api/{apiResponseType}/1.0/createAccount.adm HTTP/1.1 Host:{manager.dsnet} name={accountName}&username={accountUsername}&password={password}&confirmPassword={password}&rolesMap[{role1}]={true|false}&rolesMap[{role2}]={true|false}&vaultUserPermissions[{vault1}]={disabled|readOnly|readWrite}&vaultUserPermissions[{vault2}]={disabled|readOnly|readWrite}

Curl method

curl -X POST -u {admin}:{password} -k “https://{manager.dsnet}/manager/api/{apiResponseType}/1.0/createAccount.adm” -d “name={accountName}&username={accountUsername}&password={password}&confirmPassword={password}&rolesMap[{role1}]={true|false}&rolesMap[{role2}]={true|false}&vaultUserPermissions[{vault1}]={disabled|readOnly|readWrite}&vaultUserPermissions[{vault2}]={disabled|readOnly|readWrite}”

Parameters

Table 2. Request Parameters for Create Account (createAccount) API method
Parameter Type Usage Default Description
name String Required   Human-readable name for the new account.
email String Optional   Email address for the new account.
accountType String Optional local
  • local - local account that is created on the Manager.
  • ldap/oidc - external account exists on LDAP server/OIDC provider.
  • keystone - external account exists on Keystone server.
usingPassword Boolean accountType=local true Sets if user authentication to user name / password.
username String usingPassword=true   Account user name.
password String usingPassword=true   Account password.
confirmPassword String usingPassword=true   Account password; must match password.
usingPki Boolean accountType=local false Sets if user authentication to PKI
pkiRealm String usingPki=true   PKI Realm for this account.
pkiSubjectDN String usingPki=true   PKI Subject DN for this account.
ldapUsername String accountType=ldap true Principal user name that ties the account with the LDAP server.
keystoneUsername String accountType=keystone   User name of the Keystone user account.
keystoneDomain String     The Keystone domain that is associated with this Keystone user.
rolesMap Set[{role}] Optional  

Key is name of role string that includes:

  • admin
  • systemAdmin
  • securityAdmin
  • operator
  • vaultProvisioner
  • serviceAccount
  • readOnlySystemAdmin
  • readOnlySecurityAdmin

An account cannot be assigned with readOnlysystemAdmin/SystemAdmin or readOnlySecurityOfficer/securityOfficer together at the same time. The serviceAccount role pertains only to Container Mode. Users with the role have access to the Service API.

vaultUserPermissions Map[{vaultId}] Optional disabled

With specific vault ID, set vault access permissions to 1 of three options.

  • disabled
  • owner
  • readOnly
  • readWrite

Multiple vaultUserPermission[{vaultId}] parameters can be passed as part of the editGroup call.

vaultUserPermission[1]=disabled
&vaultUserPermission[2]=owner
defaultDevicePermission String Optional noAccess Default access permission that can be set on all devices except manager that will enable user to perform actions using nut interface.

Can be 1 of 4 options

  • noAccess
  • readOnlyAccess
  • readWriteAccess
  • rootAccess
managerDevicePermission String Optional noAccess Manager access permission that is specific to manager devices to enable user to perform actions using nut interface. Can be 1 of 4 options as listed above
siteDevicePermissions Map[{siteId}] Optional noAccess For specific site ID, device access permission can be set to 1 of 4 options, as listed above
regionDevicePermissions Map{regionId} Optional noAccess For specific region ID, device access permission can be set to 1 of 4 options, as listed above
organizationId Long Optional   The ID of the organization for the account.
oidcUsername String Required if accountType = oidc   The username of the external account existing on the OIDC provider.

Response

Returns the ID of the new account or a failure status in the responseData object.

JSON response example

{
  “responseStatus”:“ok”,
  “responseHeader”:{
    “status”:“ok”,
    “now”:{milliseconds from the UNIX epoch},
    “requestId”:“{requestId}”
  },
  “responseData”:{
    “id”:124
  }
}

Parameters

Table 3. Response Parameters for Create Account (createAccount) API method
Parameter Type Description

id

Long ID of new account.