Managing users using Striim
Note
For information on managing users through single sign-on in Microsoft Entra ID or Okta, see, Implementing single sign-on for Striim Cloud.
This topic describes managing users directly using Striim without implementing single sign-on through an identity provider.
Before a user can access Striim, an administrator must create a user account for them.
CREATE USER <name> IDENTIFIED BY <password> [ DEFAULT ROLE <namespace>.<role name> ];
Creates a new user and a personal namespace of the same name. The password is encrypted using AES-256 and stored in the metadata repository.
User names:
must contain only alphanumeric characters and underscores
may not start with a numeric character
must be unique
If you do not specify a default role, the user will have the following role and permissions:
role | notes |
|---|---|
<username>.admin | has full control over their personal namespace (all other namespaces will be hidden and inaccessible until the user is granted additional roles) |
<username>.useradmin | can change their password and other account details |
Global.systemuser | can use use types, property templates, and deployment groups in the Global namespace (unless the administrator has modified this role) |
Global.uiuser | can access the Apps, Dashboard, Flow Designer, Monitor, and Source Preview pages in the UI (unless the administrator has modified this role) |
Warning
Passwords may contain only uppercase and lowercase letters, numbers, _, and $. Passwords are case-sensitive.
For example, the following command creates a new user jsmith with the ability to view, edit, deploy, and run the sample applications:
CREATE USER jsmith IDENTIFIED BY secureps DEFAULT ROLE Samples.dev;
If you do not include the optional DEFAULT ROLE clause, the user will have access only to their personal namespace until granted additional roles as described in Managing roles.
To change a user's password (requires UPDATE permission on the user), use:
ALTER USER <user name> SET ( password:"<password>" );
For example, ALTER USER jsmith SET (password:"newpass"); will change jsmith's password to newpass.
Optionally, you may specify a time zone to be used to convert DateTime values in dashboard visualizations and query output to the user's local time. For example:
ALTER USER jsmith SET (timezone:"America/Los_Angeles");
This can be useful when the user is in a different time zone than the Striim cluster. See http://joda-time.sourceforge.net/timezones.html for a full list of supported values.
Optionally, you may add additional fields that will be included in DESCRIBE USER output:
ALTER USER <user name> SET ( { firstname | lastname | email }:"<value>",... );
For example, ALTER USER jsmith SET (email:"jsmith@example.com", firstname:"James",lastname:"Smith", email:"jsmith@example.com"); will result in this DESCRIBE output:
USER jsmith CREATED 2017-10-02 16:49:32
USERID jsmith
FIRSTNAME James
LASTNAME Smith
TIMEZONE America/Los_Angeles
CONTACT THROUGH [type : email value : jsmith@example.com]
ROLES {samples.dev, jsmith.admin, jsmith.useradmin, Global.systemuser, Global.uiuser}
PERMISSIONS []
INTERNAL user.
NAMESPACE jsmith CREATED 2017-10-02 16:49:32
CONTAINS OBJECTS (
ROLE DEV,
ROLE USERADMIN,
ROLE ENDUSER,
ROLE ADMIN,
)