System Administration > Configuration > Fabric > Nodes > User Management

Associated URIs:

API Description API Path

Read node authentication policy configuration


Returns information about the currently configured authentication
policies on the node.
GET /api/v1/transport-nodes/<transport-node-id>/node/aaa/auth-policy
GET /api/v1/node/aaa/auth-policy
GET /api/v1/cluster/<cluster-node-id>/node/aaa/auth-policy

Update node authentication policy configuration


Update the currently configured authentication policy on the node.
If any of api_max_auth_failures, api_failed_auth_reset_period, or
api_failed_auth_lockout_period are modified, the http service is
automatically restarted.
PUT /api/v1/transport-nodes/<transport-node-id>/node/aaa/auth-policy
PUT /api/v1/node/aaa/auth-policy
PUT /api/v1/cluster/<cluster-node-id>/node/aaa/auth-policy

List node users


Returns the list of users configured to log in to the NSX appliance.
GET /api/v1/transport-nodes/<transport-node-id>/node/users
GET /api/v1/cluster/<cluster-node-id>/node/users
GET /api/v1/node/users

Reset a user's own password. Requires current password


Enables a user to reset their own password.
POST /api/v1/node/users?action=reset_own_password
POST /api/v1/cluster/<cluster-node-id>/node/users?action=reset_own_password

Read node user


Returns information about a specified user who is configured to log in to the
NSX appliance. The valid user IDs are: 0, 10000, 10002.
GET /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>
GET /api/v1/cluster/<cluster-node-id>/node/users/<userid>
GET /api/v1/node/users/<userid>

Activate a user account with a password


Activates the account for this user. When an account is successfully
activated, the "status" field in the response is "ACTIVE".
This API is not supported for userid 0 and userid 10000.
POST /api/v1/node/users/<userid>?action=activate
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=activate

Reset a user's password without requiring their current password


Unlike the PUT version of this call (PUT /node/users/<userid>), this API
does not require that the current password for the user be provided. The
account of the target user must be "ACTIVE" for the call to succeed.
This API only supports user IDs 10002, 10003, and 10004.
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=reset_password
POST /api/v1/node/users/<userid>?action=reset_password

Deactivate a user account


Deactivates the account for this user. Deactivating an account is
permanent, unlike an account that is temporarily locked because of
too many password failures. A deactivated account has to be explicitly
activated. When an account is successfully deactivated, the "status"
field in the response is "NOT_ACTIVATED".
This API is not supported for userid 0 and userid 10000.
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>?action=deactivate
POST /api/v1/node/users/<userid>?action=deactivate

Update node user


Updates attributes of an existing NSX appliance user. This method
cannot be used to add a new user. Modifiable attributes include the
username, full name of the user, and password. If you specify a password in
a PUT request, it is not returned in the response. Nor is it returned in a
GET request.
The specified password does not meet the following complexity requirements:
- minimum 12 characters in length
- minimum 1 uppercase character
- minimum 1 lowercase character
- minimum 1 numeric character
- minimum 1 special character
- minimum 5 unique characters
- default password complexity rules as enforced by the Linux PAM module
The valid user IDs are: 0, 10000, 10002.
Note that invoking this API does not update any user-related properties of
existing objects in the system and does not modify the username field in existing
audit log entries.
PUT /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>
PUT /api/v1/cluster/<cluster-node-id>/node/users/<userid>
PUT /api/v1/node/users/<userid>

List SSH keys from authorized_keys file for node user


Returns a list of all SSH keys from authorized_keys file for node user
GET /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys
GET /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys
GET /api/v1/node/users/<userid>/ssh-keys

Remove SSH public key from authorized_keys file for node user


POST /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys?action=remove_ssh_key
POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys?action=remove_ssh_key
POST /api/v1/node/users/<userid>/ssh-keys?action=remove_ssh_key

Add SSH public key to authorized_keys file for node user


POST /api/v1/cluster/<cluster-node-id>/node/users/<userid>/ssh-keys?action=add_ssh_key
POST /api/v1/transport-nodes/<transport-node-id>/node/users/<userid>/ssh-keys?action=add_ssh_key
POST /api/v1/node/users/<userid>/ssh-keys?action=add_ssh_key