Contents:
The Command Line Interface for User Administration enables administrators to perform bulk user management tasks on the platform. You can use the CLI to manage the following tasks:
- Create, edit, or delete users.
- Enable or disable an existing users.
- Retrieve individual or all user profiles, including any security details.
- Password reset.
Command Reference
The CLI tools are stored in the following directory:
/opt/trifacta/bin/
For creating or managing users, specify parameters for the following:
./trifacta_admin_cli.py --admin_username <trifacta_admin_username> --admin_password <trifacta_admin_password> --verbose create_user --user_name joe@example.com --password user_pwd --name "<user_display_name>"
Parameters
| Parameter | Description | Applicable CLI Commands |
|---|---|---|
admin_username | Username of the admin account to be used to execute the user admin command. Please specify the full username. NOTE: If Single Sign On is enabled, you must specify your SSO credentials here instead. See below. | All |
admin_password | Password of the admin account. NOTE: If Single Sign On is enabled, you must specify your SSO credentials here instead. See below. NOTE: If you have enabled Kerberos-based access to the Designer Cloud Powered by Trifacta platform, you do not need to provide a password. To enable, additional configuration is required. See Set up for a Kerberos-enabled Hadoop cluster. NOTE: Passwords can be stored in an external file, which is automatically checked during script execute. See CLI Config File. | All |
verbose | Generate verbose output. NOTE: This parameter is required. | All |
admin_command_type | The type of CLI command to execute. Accepted values:
| All |
host | (Optional) The server and port number of the Alteryx® instance. By default, this value is set to NOTE: When SSO is enabled, you must specify this value to point to the Apache server port where the Alteryx node authentication gateway listens. When running the CLI on the Alteryx node, this value is typically the following: https://localhost:2443 See below. NOTE: In some environments, the | All |
user_name | Username of the account to be modified. This value is the user ID. It must resolve to a valid, accessible email address. Some features of the platform fail to work correctly with invalid email addresses. NOTE: In the response, this value is listed as | All |
password | Password of the account to be modified. NOTE: If you have enabled Kerberos-based access to the Designer Cloud Powered by Trifacta platform, you do not need to provide a password. To enable, additional configuration is required. See Set up for a Kerberos-enabled Hadoop cluster. | All |
name | Display name for the user. NOTE: This parameter is required. | create_user and edit_user if making changes to this parameter. |
disable_ssl_certification | (Optional) When communicating over HTTPS, this setting can be used to override the default behavior of validating the server certificate before executing the command. NOTE: If you have stored a self-signed certificate on the Alteryx node, please set the | All |
disable | (Optional) Put the user in a disabled state. | create_user and edit_user |
enable | (Optional) Put the user in an enabled state. Default is to enable the user. | create_user and edit_user |
transfer_assets_to | (Optional) When deleting a user, you can optionally transfer all of the user's assets to another user. NOTE: Assets cannot be transferred to another user before or after the user deletion command. If assets are not transferred, they remain unowned in the system and are not removed from any form of storage. | delete_user |
For documentation on the CLI parameters, run:
./trifacta_admin_cli.py --help
Config file
You can store Designer Cloud Powered by Trifacta platform username and password information in an external file. See CLI Config File.
User account properties
The following user account properties are exposed through the command line:
| Property | Description | Editable through CLI? |
|---|---|---|
--hadoopPrincipal | Hadoop principal value that is used to connect to the Hadoop environment. This setting applies only when secure impersonation is enabled. | Y |
--outputHomeDir | The output home directory for the user. By default, the results of each job executed by the user are generated in a sub-directory within this one. | Y |
--name | The display name for the user. | Y |
--isDisabled | When set to True, the user account is disabled and cannot be used to login to the application. | Y |
--email | The email address associated with the user account. The email address is also the userID for the account. | Y |
--ssoPrincipal | The SSO principal value associated with the user account. This value only applies to environments that are integrated with an enterprise Single Sign On solution. | Y |
--enableAdmin | When set to True, this user account is a system administrator account. You should limit the number of accounts that have system administrator access. | Y |
--disableAdmin | When set to True, this user account is not a system administrator account. You should limit the number of accounts that have system administrator access. | Y |
--lastLoginTime | The timestamp of when the user account was most recently used to login to the application. | N |
Examples
User Admin under SSO
If you are in an SSO environment, the following properties require special values to properly authenticate with AD/LDAP. All values are required:
| Property | Description |
|---|---|
admin_username | Use the SSO username for the platform admin user issuing the command. NOTE: In an SSO environment, the default admin user account for the Designer Cloud Powered by Trifacta platform does not work. The issuing user must be an SSO user that has been promoted to admin within the Designer Cloud Powered by Trifacta platform. |
admin_password | Use the password associated with the SSO username. |
host | This value must point to the SSO gateway on the Alteryx node and must include the port number. If you are running the CLI on the Alteryx node, use the following: https://localhost:2443 For more information, see Configure SSO for AD-LDAP. |
ssoPrincipal | In SSO environments, this parameter is required. It must be set to the SSO principal value associated with the user that is being modified. |
Create user
Command
Example (all one command):
./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> create_user --user_name joe@example.com --password Hello2U --name Joe
Notes
- Add
--disableparameter to create the user in a disabled state.
Output
Create user joe@example.com
Account information for joe@example.com hadoopPrincipal: None outputHomeDir: /trifacta/queryResults/joe@example.com name: Joe isDisabled: False email: joe@example.com ssoPrincipal: None enableAdmin: False lastLoginTime: None
Show user
Command
Example (all one command):
./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> show_user --user_name joe@example.com
Output
Show user joe@example.com
Account information for joe@example.com hadoopPrincipal: None outputHomeDir: /trifacta/queryResults/joe@example.com name: Joe isDisabled: False email: joe@example.com ssoPrincipal: None enableAdmin: False lastLoginTime: None
Edit user
Command
The following command changes the Single Sign On principal for the user to a new value. The values for other user account settings found in the response below can be inserted in the command to modify those settings.
Example (all one command):
./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> edit_user --user_name joe@example.com --ssoPrincipal sso_principal
Output
Edit user joe@example.com
Account information for joe@example.com hadoopPrincipal: None outputHomeDir: /trifacta/queryResults/joe@example.com name: Joe isDisabled: True email: joe@example.com ssoPrincipal: sso_principal enableAdmin: False lastLoginTime: None
Generate password reset URL
Command
The following command generates a URL for a specified user that enables the user to reset his or her account password.
NOTE: The script returns with a URL containing the hostname with which it was invoked. You should invoke the script with a fully qualified domain name. If returned hostname is not accessible to the designated user, then the hostname must be replaced prior to passing the URL to the user for execution.
Example (all one command):
./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> get_password_reset_url --user_name joe@example.com
Output
Generating password reset url for user joe@example.com Reset url:http://localhost:3005/password-reset?email=joe@example.com&code=CD44232791
Disable user
Command
The following command disables the specified user. Disabled users can no longer login to the application and cannot execute any jobs or commands at the command line.
Example (all one command):
./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> edit_user --user_name joe@example.com --disable
Output
Edit user joe@example.com
Account information for joe@example.com hadoopPrincipal: None outputHomeDir: /trifacta/queryResults/joe@example.com name: Joe isDisabled: True email: joe@example.com ssoPrincipal: None enableAdmin: False lastLoginTime: None
Delete user
Command
Delete the user joe@example.com and transfer his assets to jim@example.com.
NOTE: The transfer of the deleted user's assets is optional. If it is invoked, the user to whom the assets are assigned must have matching permissions on the datastores where the imported datasets are located.
If it is not invoked, the assets remain on the datastore and cannot be managed through the Designer Cloud Powered by Trifacta platform until someone creates imported datasets from the files or directories.
Example (all one command):
./trifacta_admin_cli.py --admin_username <trifacta_admin_user> --admin_password <trifacta_admin_password> delete_user --user_name joe@example.com --transfer_assets_to jim@example.com
Output
Delete user joe@example.com Transferring assets from joe@example.com to jim@example.com
Troubleshooting
Exceeded 30 redirects when executing Admin CLI in SSO mode
If you are executing the Admin CLI in SSO mode on the localhost, you may receive the following error message to standard output:
Exceeded 30 redirects
Solution:
This problem occurs when the CLI is run against the application, instead of the gateway proxy. Please insert the host of the gateway proxy for the host parameter, instead of the host of the application.
This page has no comments.