Create User Extended

Development Guide
Services
- All Services
- Node
  - Set Node
    Set a node, i.e. create or update it, or retrieve information required to create or update it.
  - Get Node
    Get a version of a node.
  - Delete Node
    Delete a node version and everything that depends on it. If this is the only version, delete the node.
  - Copy Node
    Copies a node version to a new node, or to a new version of an existing node.
  - Change Node Reference
    Change the reference of a node.
  - Change Node Type
    Change the node type for a node.
  - Change Node Owner
    Change the owner associated with a node.
  - Node Import
    Node import is a flexible, high-performance service for loading data into Advisor.
  - Node Export
    Export nodes.
  - Get Changed Value
    Get the value of a member, but only if it has changed since it was last retrieved.
    This is used as a quick way of retrieving a piece of data, but bypassing the read if the data has not changed since the last read.
    Call the service passing it a node version reference for the node, one for the member type, and optionally a timestamp when it was last retrieved or updated.
    If the data has changed since the timestamp, the service will return changed of true, timestamp set to ...
  - List Nodes
    Return a list of node versions.
  - List Node Versions
    Lists all the versions of a node.
  - List Recent Node Types
    List the node types that the user has used recently.
  - List Contained Node Types
    List the node types that are in use within a package.
  - Update Node Versions
    The Update Node Versions service creates new versions of nodes which link to new versions of node types and member type targets, to update a node structure to later node versions.
  - Freeze Node
    Freeze a node version, and all the draft node versions on which it depends, i.e. the node version of its node type and all its target nodes.
- User
  - Create User Extended
    Create a user.
  - Get User
    Retrieve information about a user.
  - Get User Details
    Retrieve information about a different user. The user making the call is identified as usual using the userLogonReference. The user about which details are to be returned is specified in userLogonReferenceDetails.
    The user running the service must be able to grant to the user, e.g. they must be the user, or have maintain-users permission, or own-users permission.
    This is similar to GetUser, but GetUser is used for sign on processing and only returns details of the user ...
  - Get Home Node
    Return the home node for the current user.
  - User Exists
    Indicates whether a user or user group already exists.
  - List Users
    Return all the user groups and all the users to which the current user is authorised to grant, or, on the case of users, authorised to include in user groups.
  - User Search
    Search for a user.
  - List Owned Users
    Return all the users over which the current user has own-users authority.
  - List Users By Email
    Lists users for a given email address.
    This is intended to be used by a sign-in helper script. It returns the response in JSON format.
  - Update User
    Update user information, i.e. name and email address.
  - Update User Status
    Change a user's status.
  - Update Password
    Change a user's password.
  - User Property
    Service to set or get a user property, i.e. a property on the user's node.
  - Delete User
    Delete a user.
  - Change User Owning Group
    Change the owning user group for a user, i.e. move them from one owning user group to another.
    The caller must have authority to maintain the user and must have own users authority on the new group, the same permissions they would need to delete and user and create a new user in the to user group.
  - Create Session
    Creates a Metrici session.
  - Create Proxy Session
    Creates a proxy user session within a given account. The session token and a client session token are returned.
    It does not create a proxy session if:
    - The caller is not authorised.
    - The account identifier is not passed or does not exist.
    - The caller does not have a proxy user in the account.
  - Query Session
    Determine if a session token is still valid.
    This does not sign in with the session token. Single use session tokens are not consumed by using this.
  - Cancel Session
    Cancels a Metrici session.
- User Group
  - Create User Group
    Create a user group.
  - Get User Group
    Return details of a user group and its members.
  - User Exists
    Indicates whether a user or user group already exists.
  - List Users
    Return all the user groups and all the users to which the current user is authorised to grant, or, on the case of users, authorised to include in user groups.
  - Get Authorised User Groups
    Return a list of user groups that this user is authorised to administer, or over which they have own-users authority.
  - Update User Group
    Update the name and description of a user group.
  - Add User Group Member
    Add a user to a user group.
  - Remove User Group Member
    Remove a user from a user group.
  - Change User Owning Group
    Change the owning user group for a user, i.e. move them from one owning user group to another.
    The caller must have authority to maintain the user and must have own users authority on the new group, the same permissions they would need to delete and user and create a new user in the to user group.
  - Delete User Group
    Delete a user group.
- Permission
  - Create Permission
    Create permissions.
  - Get Permission List
    List the permissions the user is authorised to maintain and create.
  - Delete Permission
    Delete a permission, using the permission id.
  - Refresh Manifest Permissions
    Refreshes the permissions defined on a manifest.
- Security
  - Run Authorized
    Run another service, after checking that the user has submit service authority.
  - Hash
    Returns a secure one-way hash of a string.
    It is astronomically improbable that two strings have the same hash, or that a string can be derived from a hash by brute force.
  - User Hash
    Returns a secure one-way hash of a string in a way that only the user can calculate. Use this so that a user can "sign" a string and later check that it has not been modified.
    It is astronomically improbable that two strings have the same hash, or that a string can be derived from a hash by brute force.
    The hash is sensitive to changes in the user setup, such as password change, so this should only be used for hashing strings as part of a short-term process.
    Use ...
  - Generate Keys
    Generates a public/private key pair, using the RSA algorithm, and 2048 bit encryption.
    Keys are returned in privacy enhanced mail (PEM) format.
    This is a very simple service. It requires no authorisation, and it returns no errors.
  - Create JWT
    Create a JSON Web Token (JWT), signed with a private key. The private key should have been generated with the GenerateKeys service, and is passed in as a PEM-format PKCS#8 encoded string.
  - Verify JWT
    Verify a JSON Web Token (JWT).
    The JWT is verified against a public key passed in as a PEM-encoded string.
    In addition to verifying the JWT signature, the service performs the following checks:
    - That the jwt has not expired. If passed, the clockSkew value can be set to a number of additional seconds to allow an expired token, to make up for clockSkew, or for the time taken for a token to be passed to a service.
    - The the JWT "aud" claim, if present, ...
- Theme
  - Get User Theme
    Return theming details for a user and/or a domain.
  - Get Themes
    List the themes available to a user.
- File handling
  - Read User File
    Read all of the data in a user file and return it as a block of text. Optionally can access an entry within a zip file. Can return plain text or base64.
    The service runs without authority; if a user knows the storage key they are presumed to have authority to read the file.
  - Write File
    Write data out to a user file.
  - Get User File Info
    Returns information about a user file identified by a file storage key.
    
    By default this returns only an error number to indicate if the file storage key is valid and, if it is valid, the size of the file.
    
    Set the parameter contentType to true to return a contentType for the file.
    
    Set the parameter digest to a digest method (such as MD5) to return a digest of the content of the file. The list of permissible methods is available in the "MessageDigest ...
  - Resize User File Image
    Resizes an image held in a user file.
  - Read Excel
    Read an Excel file and return the contents using JavaScript Object Notation (JSON).
    This supports .xlxs files, as produced by Excel 2007 onwards.
  - Write Excel
    Write an Excel file using data described using JavaScript Object Notation (JSON).
  - Write FO PDF
    Write a PDF file using XSL formatting object (FO) data.
  - PDF
    Utilities for manipulating PDF files.
- Network services
  - Send User Email
    Sends an email.
  - Http Client
    The HttpClient service performs HTTP operations such as GET and POST against a remote service. It can be used to retrieve remote web pages or interact with web services.
    It supports:
    - GET, POST, PUT, DELETE and HEAD methods
    - HTTPS and port specification.
    - Authentication
    - Parameters
    - Headers
    - Data
    The service deals with basic authentication and redirects which may require more than one HTTP request. It will ...
  - SFTP Client
    SFTP client accesses files on a remote server using the SSH file transfer protocol (SFTP).
- Other
  - Echo
    Returns whatever is passed to it, minus user credentials.
  - Run Script / Execute Script
    Run a JavaScript script.
  - Schedule Service
    Schedule a service to run later.
  - Run Rules
    Run a set of rules to infer more findings from a set of input facts.
  - Parse Table Data
    Parses tabular data that typically has been pasted or saved from a spreadsheet program.
  - Translate
    Translate an HTML document or fragment of HTML into a user's chosen language.
  - Search
    Searches for nodes.
  - Set Properties
    Set the properties associated with an object.
  - Get Properties
    Get a set of properties associated with an object.

Description

Create a user. Roughly speaking there are three different types of user creation: self-created, owned and temporary.

This service replaces CreateUser and CreateOwnedUsers, and adds support for temporary users.

The differences between the different types of user creation are:

A self-created user provides a user logon reference, password, and name. If all is OK, the user is created, and added to the unowned user group.
An owned user is created by another user. The user logon reference, password and name of the new user are provided. The user is created and added to a user group specified on the call, over which the owning user has own-users authority.
A temporary user is created either with or without

The service is more flexible and can be used to fine-tune user setup.

If userSetup is set to default, then the user will be assigned all the licenses in the blank-delimited list in the config parameter defaultLicenseTemplateReference. Each license template is of the form tttt.rrrr, where tttt is the type (currently always "asset"), and rrrr is the reference.

<config>
  <defaultLicenseTemplateReference>asset.lt1 asset.lt2</defaultLicenseTemplateReference>
</config>

This specifies that the user should be given asset licenses for templates lt1 and lt2.

In all cases, set the property createTimestamp to the timestamp when the user was created.

Input

<CreateUserExtended>

  <!-- User group to own the new user.  Defaults to 0, which means "unowned". -->
  <userGroupIdentifierOwning>user group id</userGroupIdentifierOwning>
  <userGroupReferenceOwning>user group id</userGroupReferenceOwning>

  <!-- If owning user group is specified, credentials of user creator. -->
  <userLogonReference>userid</userLogonReference>
  <password>password</password>

  <!-- Set to true to generate user reference, password and name automatically. -->
  <generateUserIdentityIndicator>false|true</generateUserIdentityIndicator>

  <!-- If generateUserIdentityIndicator is false (the default), credentials for new user. -->
  <!-- userLogonReferenceCreate is mandatory. -->
  <!-- passwordCreate is optional, if blank or not given then no password is created and the user cannot sign on. -->
  <userLogonReferenceCreate>new user reference</userLogonReferenceCreate>
  <passwordCreate>new user password</passwordCreate>

  <!-- If generateUserIdentityIndicator is false, this is mandatory. -->
  <!-- If true, this is optional and defaults to "New User". -->
  <userNameCreate>new user name</userNameCreate>

  <!-- Optional, in all cases -->
  <userEmailAddressCreate>new user email</userEmailAddressCreate>
  <acceptMarketingIndicatorCreate>true|false</acceptMarketingIndicatorCreate>
  <acceptThirdPartyMarketingIndicatorCreate>true|false</acceptThirdPartyMarketingIndicatorCreate>

  <!-- Indicates the user must change their password when they first sign in --> 
  <forcePasswordChangeIndicator>true|false</forcePasswordChangeIndicator>

  <!-- Code to indicate what setup is required for the new user.  Valid values are default or none -->
  <userSetup>default|none</userSetup>

  <!-- 
    - Account for the user.
    - This is a reference to a node which can be used to navigate to the user's resources.
    - If not specified, then the account of the creator is used.
    - If called anonymously, then no account is used.
    - Creator must have link authority to the account.
    - (They do not require any higher authority because this only creates a pointer to an account,
    - it does not actually confer any authority.)
    - Id takes precendence over reference, as always.
    -->
  <nodeVersionIdentifierAccount/>
  <nodeVersionReferenceAccount/>

  <!-- 
    - Theme for the user. If not passed, no theme is created. 
    - Caller must have link authority on theme node.
    -->
  <nodeVersionIdentifierTheme/>
  <nodeVersionReferenceTheme/>

  <!-- 
    - Home node for the user. If not passed, no home node is set. 
    - Caller must have link authority on home node.
    -->
  <nodeVersionIdentifierHome/>
  <nodeVersionReferenceHome/>

</CreateUserExtended>

All the fields that end in Create refer to the new user that is to be created.

If owning user group is specified, the calling user must have own-users authority over the user group identified by userGroupIdentifierOwning. If it is not specified, the caller's credentials are not checked.

The owning user group can be specified by id or reference. If both are passed, id takes precedence.

Output

<CreateUserExtended>
  <errorNumber>0</errorNumber>
  <userIdentifierCreate/>
  <!-- Only returned if generateUserIdentityIndicator is true -->
  <userLogonReferenceCreate/>
  <passwordCreate/>
  <userNameCreate/>
</CreateUserExtended>

userIdentifierCreate contains the id of the newly created user.

Errors

101 - Not authorised
102 - Not found (i.e. owning user group identifier not found)
103 - parameter error
105 - user error Error 105 is returned when there is an error in the Create fields that might have been entered by the user.

Class

com.metrici.xerula.CreateUserExtendedService

Notes

The force password change indicator can only be set when creating a user.

If there is a support need to force a password change, then admin or another user with submit service authority can achieve this using the following service request:

<Execute>
  update user
  set force_password_change_indicator = true
  where user_logon_reference = 'userid';
</Execute>

Where userid is the user logon reference of the person whose for whom you want to force a password change.