The Hybrid Data Pipeline API allows administrators to manage several resources on behalf of users. Administrators can carry out a number of API operations by passing the name of a user account with the ?user query parameter. For example, the following query retrieves a list of data sources on behalf of the TestUser user account.
GET https://<myserver>:<port>/api/mgmt/datasources?user=TestUser
System administrators need no permissions beyond the Administrator (12) permission to execute operations on behalf of any user across the system, including users that reside in different tenants. However, administrators who do not have the Administrator (12) permission must meet the following criteria to execute operations on behalf of users.
Tenant-level administrators (administrators who reside in a tenant other than the default system tenant) must belong to the same tenant to which the user belongs. System-level administrators (administrators who reside in the default system tenant) need only meet the following criteria.
The administrator must have administrative access on the tenant to which the user belongs.
The administrator must have the OnBehalfOf (21) permission.
The administrator must have permission for any operation he or she plans to execute. For example, the administrator must have the DeleteDataSource permission to be able to delete a data source on behalf of a user.
For a summary list of supported on-behalf-of API operations and specific permissions for each, see On-behalf-of API operations.