Manage roles with the DevOps API

Use the DevOps API to create, modify, and delete roles for your organization.

The following roles use the application token to execute DevOps API queries:

  • Organization Administrator

  • Database Administrator

Prerequisites

  1. Create an application token to authenticate your service account in the DevOps API.

  2. Once you have authenticated your service account, you can create and delete users in the DevOps API.

Invite a user to an organization

  1. Check existing users within the organization:

    • cURL command (/v2)

    • Result

    curl --request GET \
     --url 'https://api.astra.datastax.com/v2/organizations/users' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>'
    {
    "OrgID":"dacb3c32-cc2a-4bea-bd95-47ab8eb20410”,
    "OrgName":"DataStax”,
    "Users”:[
    	{"UserID":"388def78-0040-4dge-b235-d67806929c8f”,
    	"Email":"john.smith@datastax.com”,
    	"Status":"active”,
    	"Roles”:[{"ID":"704fc2af-9c11-4c57-b9e5-5667b8889b3e”, "Name":"Admin User”}]
    	},
    	{"UserID":"d8bb706b-95a0-499b-aadc-5a43b4f9042d”,
    	"Email":"jane.doe@datastax.com”,
    	"Status":"active”,
    	"Roles”:[{"ID":"21ef3576-0197-415a-b167-d510af12ecf0”,"Name":"Organization Administrator”}]
    	}]
    }
  2. Invite a new user to your organization:

    curl --request PUT \
     --url 'https://api.astra.datastax.com/v2/organizations/users' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>' \
     --data '{
         "email":"<userEmail>",
         "orgID":"<organizationId>",
         "roles": ["<roleId1>", "<roleId2>", "<roleId3>"]
       }'

For roles, use the id UUID value by Getting existing roles in your organization. The API results will show the UUID for each role id.

Your invited user must validate their email address in their invitation before they can log in to Astra.

For more, see Invite a user to an organization in the DevOps API.

Get information about an organization’s user

  1. Check for a specified user’s information within the organization:

    • cURL command (/v2)

    • Result

    curl --request GET \
     --url 'https://api.astra.datastax.com/v2/organizations/users/<userId>' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>'
    {
    	"UserID":"388def78-0040-4dfe-b235-d67806939c8f",
    	"Email":"sebastian.estevez@datastax.com",
    	"Status":"active",
    	"Roles":[{"ID":"704fc2af-9c11-4c57-b9e5-5667b8889b3e","Name":"Admin User"}]
    }

For more, see Get an organization’s user in the DevOps API.

Remove a user from an organization

  1. Delete a user by their ID:

    curl --request DELETE \
     --url 'https://api.astra.datastax.com/v2/organizations/users/<userId>' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>'
  2. Confirm user no longer exists:

    • cURL command (/v2)

    • Result

    curl --request GET \
     --url 'https://api.astra.datastax.com/v2/organizations/users/<userId>' \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <application_token>'
    {
    	"OrgID":"dccb8c32-cc2a-4bea-bd95-47ab8eb20510",
    	"ID":"b125f9ab-675e-4bc7-9306-5e50a05b7c56",
    	"Name":"newRoleName",
    	"Policy":"{
    		\"description\":\"keyspaces\",
    		\"resources\":[\"drn:astra:org:dccb8c32-cc2a-4bea-bd95-47ab8eb20510\"],
    		\"actions\":[\"db-all-keyspace-create\",\"db-all-keyspace-describe\"],
    		\"effect\":\"allow\"
    		}",
    	"LastUpdateDateTime":"",
    	"LastUpdateUserID":"wsbCtHyXCfuSHkiKbYWHsYZa"
    }

For more, see Remove or uninvite a user from an organization in the DevOps API.