-
1. Re: Any way to change a users site role via tabcmd?
satish.parvathaneni Feb 19, 2016 5:00 PM (in response to Christian Lam)Please check this one
-
2. Re: Any way to change a users site role via tabcmd?
Christian Lam Feb 19, 2016 5:04 PM (in response to satish.parvathaneni)So I tried using the createsiteusers command but I constantly get a errorCode=100081. All users on the server i'm working with are from active directory, so it may be a error coming from my end.
Is there a way to simply use usernames as values instead of a csv file? -
3. Re: Any way to change a users site role via tabcmd?
satish.parvathaneni Feb 19, 2016 5:38 PM (in response to Christian Lam)We have only two ways of Providing authentication , Via AD or .Csv file these are the only two ways I have used .
-
4. Re: Any way to change a users site role via tabcmd?
Toby ErksonFeb 22, 2016 8:12 AM (in response to Christian Lam)
Interesting. No method that I'm familiar with. If you make this into an Idea post here and I'll definitely vote for it since it's a cmd function that is missing for more complete scripting automation
-
5. Re: Any way to change a users site role via tabcmd?
Christian Lam Feb 22, 2016 9:58 AM (in response to Toby Erkson)Thanks for the idea to submit this as an idea. You can find it here: Ability to change user site role via tabcmd
-
6. Re: Any way to change a users site role via tabcmd?
Toby ErksonFeb 22, 2016 10:35 AM (in response to Christian Lam)
Christian, you can vote for your own Idea
-
7. Re: Any way to change a users site role via tabcmd?
Rick KunkelJun 13, 2016 10:31 AM (in response to Christian Lam)
A few notes here:
- createsiteusers will work to overwrite roles. I just tried it. The error you're getting might be something else.
- syncgroup will also work to overwrite roles. I know this one from experience.
- However -- gotcha here -- "If a user already exists in a Tableau Server site, the site role assigned during the import or sync process will be applied if it gives the user more access in a site. Importing or synchronizing users and groups will promote a user's site role, but not demote a user's site role." In other words, what's wanted in your case (demotion) doesn't work by default. But read on.
- The syncgroup command has an "--overwritesiterole" switch which WILL let users be demoted. That would work for your use case of making users unlicensed. However, "--overwritesiterole" only works for syncgroup, and not for createsiteusers.
There might be something you can think of through some combination of removing and then syncgroup that will accomplish what you want.
Otherwise, it seems to me that adding "overwritesiterole" (or something like it) to the createsiteusers command (and maybe the createusers command as well) could accomplish what you want. I'll add this to your ideas post.
On a final note, if this is possible with the REST API (and it sounds like it is), I'd shoot for that method if you can. It's bound to be more well-supported and flexible in the long term. I've used curl to interact with it an a very manual fashion, and I'm sure it could be done programmatically with not too much effort.
-
8. Re: Any way to change a users site role via tabcmd?
Russell Christopher Jun 13, 2016 3:32 PM (in response to Rick Kunkel)Yeah, the UpdateUser method of the REST API will be better for this sort of work:
Update User
Modifies information about the specified user.
If Tableau Server is configured to use local authentication, you can update the user's name, email address, password, or site role.
If Tableau Server is configured to use Active Directory for authentication, you can change the user's display name (full name), email address, and site role. However, if you synchronize the user with Active Directory, the display name and email address will be overwritten with the information that's in Active Directory.
Any combination of the elements inside the <user> element is valid. Only those elements present will result in updates to their values for the user. If no elements are present, the update will not take effect.
URIPUT /api/api-version/sites/site-id/users/user-id
Parameter Values
api-version The version of the API to use, such as 2.2
. For more information, see REST API Versions.site-id The ID of the site that contains the user. user-id The ID of the user to update. Request Body
<tsRequest> <user fullName="new-full-name" email="new-email" password="new-password" siteRole="new-site-role" authSetting="new-auth-setting" /> </tsRequest>
Attribute Values
new-full-name (Optional) The new name for the user. Users can change names without affecting the groups they belong to. new-email (Optional) The new email address for the user. new-password (Optional) The new password for the user. new-site-role (Optional) The new site role. Valid role names are Interactor, Publisher, SiteAdministrator,Unlicensed, UnlicensedWithPublish, Viewer, and ViewerWithPublish. Note: You cannot use the REST API to set a user to be a server administrator (ServerAdministrator site role).
new-auth-setting (Optional) The new authentication type for the user. You can assign the following values for this attribute: SAML (the user signs in using SAML) or ServerDefault (the user signs in using the authentication method that's set for the server). These values appear on the User page in Tableau Online—the SAML attribute value corresponds to Single sign-on, and theServerDefault value corresponds to TableauID. Note: This setting is available only if you are using Tableau Online.
Permissions
This method can only be called by server administrators or site administrators.
Response Code
200
Response Body
<tsResponse> <user name="user-name" fullName="new-full-name" email="new-email" siteRole="new-site-role" authSetting="new-auth-setting" /> </tsResponse>
The authSetting attribute is returned only if you are using Tableau Online.
Version
Version 1.0 and later. For more information, see REST API Versions.
Errors
HTTP status error
CodeCondition Details 400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML. 400 400000 Invalid email address The email attribute does not contain a valid email address. 403 403009 Licensing update on self forbidden A user cannot update their own licensing role. 403 403009 Guest update forbidden The Guest user is a special user and cannot be updated. 403 403009 Server administrator update forbidden Only non-administrator users and site admininistrator users can be updated. 400 400013 Invalid site role The value of the siteRole attribute must beInteractor, Publisher, SiteAdministrator,Unlicensed, UnlicensedWithPublish, Viewer, orViewerWithPublish. 404 404000 Site not found The site ID in the URI doesn't correspond to an existing site. 404 404002 User not found The user ID in the URI doesn't correspond to an existing user. 405 405000 Invalid request method Request type was not PUT. 409 409000 User conflict The user with the specified name is already registered on the site in the same domain. 409 409014 Licensing conflict The request is attempting to update the user to a licensing role that has insufficient capacity. For more information, see Handling Errors.