So I tried using the createsiteusers command but I constantly get a errorCode=100081. All users on the server i'm working with are from active directory, so it may be a error coming from my end.
Is there a way to simply use usernames as values instead of a csv file?
We have only two ways of Providing authentication , Via AD or .Csv file these are the only two ways I have used .
Interesting. No method that I'm familiar with. If you make this into an Idea post here and I'll definitely vote for it since it's a cmd function that is missing for more complete scripting automation
Christian, you can vote for your own Idea
A few notes here:
- createsiteusers will work to overwrite roles. I just tried it. The error you're getting might be something else.
- syncgroup will also work to overwrite roles. I know this one from experience.
- However -- gotcha here -- "If a user already exists in a Tableau Server site, the site role assigned during the import or sync process will be applied if it gives the user more access in a site. Importing or synchronizing users and groups will promote a user's site role, but not demote a user's site role." In other words, what's wanted in your case (demotion) doesn't work by default. But read on.
- The syncgroup command has an "--overwritesiterole" switch which WILL let users be demoted. That would work for your use case of making users unlicensed. However, "--overwritesiterole" only works for syncgroup, and not for createsiteusers.
There might be something you can think of through some combination of removing and then syncgroup that will accomplish what you want.
Otherwise, it seems to me that adding "overwritesiterole" (or something like it) to the createsiteusers command (and maybe the createusers command as well) could accomplish what you want. I'll add this to your ideas post.
On a final note, if this is possible with the REST API (and it sounds like it is), I'd shoot for that method if you can. It's bound to be more well-supported and flexible in the long term. I've used curl to interact with it an a very manual fashion, and I'm sure it could be done programmatically with not too much effort.
Yeah, the UpdateUser method of the REST API will be better for this sort of work:
Modifies information about the specified user.
If Tableau Server is configured to use local authentication, you can update the user's name, email address, password, or site role.
If Tableau Server is configured to use Active Directory for authentication, you can change the user's display name (full name), email address, and site role. However, if you synchronize the user with Active Directory, the display name and email address will be overwritten with the information that's in Active Directory.
Any combination of the elements inside the <user> element is valid. Only those elements present will result in updates to their values for the user. If no elements are present, the update will not take effect.
api-version The version of the API to use, such as
2.2. For more information, see REST API Versions.
site-id The ID of the site that contains the user. user-id The ID of the user to update.
<tsRequest> <user fullName="new-full-name" email="new-email" password="new-password" siteRole="new-site-role" authSetting="new-auth-setting" /> </tsRequest>
new-full-name (Optional) The new name for the user. Users can change names without affecting the groups they belong to. new-email (Optional) The new email address for the user. new-password (Optional) The new password for the user. new-site-role (Optional) The new site role. Valid role names are Interactor, Publisher, SiteAdministrator,Unlicensed, UnlicensedWithPublish, Viewer, and ViewerWithPublish.
Note: You cannot use the REST API to set a user to be a server administrator (ServerAdministrator site role).
new-auth-setting (Optional) The new authentication type for the user. You can assign the following values for this attribute: SAML (the user signs in using SAML) or ServerDefault (the user signs in using the authentication method that's set for the server). These values appear on the User page in Tableau Online—the SAML attribute value corresponds to Single sign-on, and theServerDefault value corresponds to TableauID.
Note: This setting is available only if you are using Tableau Online.
This method can only be called by server administrators or site administrators.
<tsResponse> <user name="user-name" fullName="new-full-name" email="new-email" siteRole="new-site-role" authSetting="new-auth-setting" /> </tsResponse>
The authSetting attribute is returned only if you are using Tableau Online.
Version 1.0 and later. For more information, see REST API Versions.
Condition Details 400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML. 400 400000 Invalid email address The email attribute does not contain a valid email address. 403 403009 Licensing update on self forbidden A user cannot update their own licensing role. 403 403009 Guest update forbidden The Guest user is a special user and cannot be updated. 403 403009 Server administrator update forbidden Only non-administrator users and site admininistrator users can be updated. 400 400013 Invalid site role The value of the siteRole attribute must beInteractor, Publisher, SiteAdministrator,Unlicensed, UnlicensedWithPublish, Viewer, orViewerWithPublish. 404 404000 Site not found The site ID in the URI doesn't correspond to an existing site. 404 404002 User not found The user ID in the URI doesn't correspond to an existing user. 405 405000 Invalid request method Request type was not PUT. 409 409000 User conflict The user with the specified name is already registered on the site in the same domain. 409 409014 Licensing conflict The request is attempting to update the user to a licensing role that has insufficient capacity.
For more information, see Handling Errors.