Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated per TFDEV-4912

/rest/{version}/users/{userId}/update

Note

As of ThreadFix 3.8, when CoalFire Identity is enabled, user management must be performed from Coalfire Identity’s management dashboard

  • ThreadFix SaaS Customers please note when SSO is enabled, in order to restrict access to user modification, API commands are disabled at the SSO layer

Descriptor

Value

HTTP Method

POST

Description

Updates user information.

To obtain the userId value in the endpoint, run the Get Users - API call first. The user's id value in the response is the userId value that you use in this endpoint.

Required Permission

Manage Users

Version Introduced

2.6

Changes in 2.6.2

Removed requirement that 'confirmPassword' parameter be included when changing password.


Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request POST Data Parameters

Parameter

Value

Required

Description

name

String

No

Updates the name of the user. Maximum 40 characters.

displayName

String

No

Updates the displayName of the user.

type

String

No

Updates a LOCAL user to LDAP/SAML, an LDAP user to LOCAL/SAML, or a SAML user to LOCAL/LDAP. Possible values

...

are LOCAL, LDAP, and SAML.

activeDirectoryId

String

Possibly

Updates a non-LDAP user to LDAP user with 'type' and 'activeDirectoryId' parameters.

...

Required when 'type' is in the request body and its value is 'LDAP'.

password

String

Possibly

Updates password of an existing local user. Also, adds password to a non-LOCAL user update to LOCAL user. Minimum 12 characters.

...

Required when 'confirmPassword' is in the request body.

confirmPassword

String

Possibly

Must match password if supplied.

...

Required when 'password' is in the request body in versions prior to 2.6.2

globalRoleId

String

No

Updates user's global role. Possible values

...

are 0 for Read Access, -1 for No Global Access, Role ids.

Sample Call:

Code Block

...

curl -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'name=user123&displayName=user123' https://localhost:8443/threadfix/rest/latest/users/{userId}/update

Sample Output:

Code Block

...

{
    "message": "",
    "success": true,
    "responseCode": -1,
    "object": "Successfully updated the user."
}

Page Tree
rootUsers, Roles, and Groups 3.0 API