Get User Properties

The Get User Properties operation retrieves the properties of a single User object that is designated by its object ID. With one very specific exception, this operation does not support pattern-based users.

HTTP method and URI

GET /api/users/{user-id}

In this request, the URI variable {user-id} is either the object ID of the User object whose properties are to be returned or the keyword value "this-user" which designates the API user that issued the request.

Response body contents

On successful completion, the response body contains a JSON object that provides the current values of the properties for the User object as defined in the data model section. Field names and data types in the JSON object are the same as the property names and data types defined in the Data model.

Description

This operation returns the current properties of a single User object that is designated by {user-id}.

On successful execution, all of the current properties as defined in the data model for the User object, except those designated as write-only properties, are provided in the response body, and HTTP status code 200 (OK) is returned.

The URI path must designate an existing User object and the API user must have access permission to it. All API users have user-related-access permission to their own User object. Action/task permission to the Manage Users task includes access permission to all non-template Users, and action/task permission to the Manage User Templates task includes access permission to all template users. If the URI path does not designate an existing User object or the API user does not have access permission to it, status code 404 (Not Found) is returned.

This operation does not support pattern-based users, unless the target of the operation is the User object for the API user that issued the request.

Authorization requirements

This operation has the following authorization requirement:
  • User-related-access permission to the User object specified in the request URI, or, depending on the type of User object specified in the request URI, action/task permission to the Manage Users task or the Manage User Templates task.

HTTP status and reason codes

On success, HTTP status code 200 (OK) is returned and the response body is provided as described in Response body contents.

The following HTTP status codes are returned for the indicated errors, and the response body is a standard error response body providing the reason code indicated and associated error message.

HTTP error status code Reason code Description
400 (Bad Request) Various Errors were detected during common request validation. See Common request validation reason codes for a list of the possible reason codes.
404 (Not Found) 1 The request URI does not designate an existing resource of the correct type, or designates a resource for which the API user does not have the required authorization.

Additional standard status and reason codes can be returned, as described in Invoking API operations.

Example HTTP interaction

Figure 1. Get User Properties: Request
GET /api/users/e9e8d20a-4a7a-11e4-91ee-1c6f65065a91 HTTP/1.1
x-api-session: 2t4ixcf8nplr7yersi8i9b953fgxvvqxl8c4r066ge9kcyzr4c
Figure 2. Get User Properties: Response
200 OK
server: zSeries management console API web server / 2.0
cache-control: no-cache
date: Thu, 02 Aug 2018 21:27:30 GMT
content-type: application/json;charset=UTF-8
content-length: 1387
{
   "allow-management-interfaces":false,
   "allow-remote-access":false,
   "authentication-type":"local",  
   "backup-mfa-server-definition-uri":null,
   "class":"user",
   "default-group-uri":null,
   "description":"Gabby McRosie - company president",
   "disable-delay":1,
   "disabled":false,
   "disruptive-pw-required":true,
   "disruptive-text-required":false,
   "email-address":"finn@example.com",
   "force-password-change":true,
   "force-shared-secret-key-change":false,
   "idle-timeout":0,
   "inactivity-timeout":0,
   "is-locked":false,
   "ldap-server-definition-uri":null,
   "max-failed-logins":3,
   "max-web-services-api-sessions":100,
   "mfa-policy":null,
   "mfa-types":[
     "hmc-totp"  
    ],
   "mfa-userid":null,
   "mfa-userid-override":null,
   "min-pw-change-time":0,
   "multi-factor-authentication-required":true,
   "name":"Gabby",
   "object-id":"e9e8d20a-4a7a-11e4-91ee-1c6f65065a91",
   "object-uri":"/api/users/e9e8d20a-4a7a-11e4-91ee-1c6f65065a91",
   "parent":"/api/console",
   "password-expires":-1,
   "password-rule-uri":"/api/console/password-rules/4a790766-3dbf-11e4-980d-1c6f65065a91",
   "primary-mfa-server-definition-uri":null,
   "replication-overwrite-possible":false,
   "session-timeout":0,
   "type":"standard",
   "user-roles":[
      "/api/user-roles/ea6f9b14-4a7a-11e4-affa-1c6f65065a91",
      "/api/user-roles/ea41a664-4a7a-11e4-91ee-1c6f65065a91",
      "/api/user-roles/ea094df0-4a7a-11e4-8777-1c6f65065a91"
   ],
   "userid-on-ldap-server":null,
   "verify-timeout":15,
   "web-services-api-session-idle-timeout":360
}