Using the APIs to set up a single-tenant environment

The following operations show how you can set up a single-tenant environment using Hybrid Data Pipeline APIs.

Note: It is assumed that users and features will be managed from the default system tenant. Therefore, there is no step to create a child tenant.

Retrieving valid roles in the system tenant

The following GET operation retrieves the valid roles and their IDs for the system tenant in a single-tenant environment. Role IDs can then be used to assign roles to users.

GET https://MyServer:8443/api/admin/roles

{
"roles": [
{
"id": 1,
"name": "System Administrator",
"tenantId": 1,
"description": "This role has all permissions. This role cannot be
modified or deleted."
},
{
"id": 2,
"name": "User",
"tenantId": 1,
"description": "This role has the default permissions that a normal
user will be expected to have."
},
{
"id": 3,
"name": "Tenant Administrator",
"tenantId": 1,
"description": "This role has all the tenant administrator
permissions."
}
]
}

Create a user with the Tenant Administrator role

The ID for the Tenant Administrator role (3) can then be used to create a user with the Tenant Administrator role, as shown in the following POST operation. The user inherits the permissions associated with this role.

POST https://MyServer:8443/api/admin/users

{
"userName": "TenantAdmin",
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"password": "<password>",
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00"
},
"permissions": {
"roles": [
3
]
}
}

{
"id": 87,
"userName": "TenantAdmin",
"tenantId": 1,
"tenantName": "Root",
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00.0"
},
"permissions": {
"roles": [
3
]
},
"authenticationInfo": {
"authUsers": [
{
"authUserName": "TenantAdmin",
"authServiceId": 1
}
]
}
}

Grant the administrator user administrative access to the system tenant

In addition to being granted the Tenant Administrator role, the tenant administrator must be granted administrative access to the system tenant. The following Users API request grants user account 87 administrative access to the system tenant.

Note: Administrative access to the system tenant can also be managed by updating the list of administrators via the Tenant API.

PUT https://MyServer:8443/api/admin/users/87/tenantsadministered

{
"tenantsAdministered": [
1
]
}

Create a new role with tenant and elevated permissions

The following POST request creates the new Tenant Admin Plus role. The new role has all user and tenant permissions plus the Logging (24), Limits (27), and OAuth (28) permissions.

POST https://MyServer:8443/api/admin/roles

{
"name": "Tenant Admin Plus",
"description": "This role has all the tenant administrator permissions plus
elevated permissions.",
"permissions": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
13,
14,
15,
16,
17,
18,
19,
20,
21,
24,
27,
28
],
"users": []
}

{
"id": 42,
"name": "Tenant Admin Plus",
"description": "This role has all the tenant administrator permissions plus
elevated permissions.",
"permissions": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
13,
14,
15,
16,
17,
18,
19,
20,
21,
24,
27,
28
],
"users": []
}

Assign the new role to the administrator user

The following PUT assigns the new Tenant Admin Plus role to the administrator user. The user inherits the permissions associated with this role. Note that the ID of the Tenant Admin Plus role (42) was provided in the response payload when the role was created. Also, note that any existing roles and permissions are removed by this operation.

PUT https://MyServer:8443/api/admin/users/87/permissions

{
"roles": [42],
"permissions": []
}

Retrieving and setting system configurations

GET https://MyServer:8443/api/admin/configurations

Note: See System Configurations API for a complete list of system configurations and their descriptions.

{
"configurations": [
{
"id": 1,
"description": "Delimiter between user name and authentication
service/configuration name",
"value": null
},
{
"id": 2,
"description": "Enable Secure Password Change, when value is set to
true, the change password api will require a valid old password
in order to update the logged in user password.",
"value": "true"
},
...,
{
"id": 8,
"description": "Configure whitelist filtering. Enables filtering when
value is set to 'true'. Default value is "true" ",
"value": "true"
}
]
}

The following PUT operation disables IP address whitelists. The number 8 is the ID of the IP address whitelist feature.

PUT https://MyServer:8443/api/admin/configurations/8

Retrieving and setting limits

GET https://MyServer:8443/api/admin/limits

{
"limits": [
{
"id": 1,
"name": "MaxFetchRows",
"description": "Maximum number of rows allowed to be fetched for a
single query",
"minValue": 1,
"maxValue": 9000000000000000000,
"defaultValue": 9000000000000000000,
"validForLimits": 15
},
...,
{
"id": 6,
"name": "ODataMaxConcurrentQueries",
"description": "Maximum number of concurrent active queries per
data source",
"minValue": 0,
"maxValue": 9000000000000000000,
"defaultValue": 0,
"validForLimits": 15
},
...
]
}

The following POST creates a system-level limit of 50000 queries. The number 6 is the ID of the ODataMaxConcurrentQueries limit. The payload passes 50000 as the value for this limit.