Skip to main content

User Guide

Managing API Users

API Users are defined as application users that operate on Privitar through the automation APIs, rather than the UI. In addition to being used when calling Privitar Automation v3 APIs, API users are also required for:

  • Running Data Flow Jobs, using basic HTTP authentication or Mutual TLS authentication.

  • Making authorisation checks on HTTPS calls to the Privitar On Demand and SecureLink Unveiler APIs to perform Masking, Re-masking and Unveiling operations on Protected Data Domains (PDDs).

Privitar can be configured to use the Privitar local database or LDAP/Active Directory for identity management of API users.

This section describes managing API users when Privitar is configured to use a local user database.

Note

For more information about managing users when Privitar is configured to use LDAP/Active Directory or SSO, contact your system administrator.

For more information about managing Users, see Managing Users .

Note

API Users cannot login to the Privitar UI.

Creating/Editing API Users

To create a new API user, or edit the details of an existing API user:

  1. Select API Users from the Superuser navigation sidebar.

  2. Click on Create New API User.

    The Create New API User dialog box is displayed.

  3. Enter the details for the new API User:

    • Name is the full display name of the API User (first and last name).

    • Username is the unique name that will be used to login to Privitar.

    • Email is the email address. (This is optional.)

    • Common Name is used for API authentication. Enter the details if Privitar is configured to use Mutual TLS.

  4. Select the Account enabled checkbox to ensure that the account is activated on Privitar.

  5. Select the Superuser checkbox if you want the new API User to have Superuser permissions.

  6. Note down or copy the automatically generated Password displayed in the Password edit box. This temporary password will be required for the API User's first login.

    You can also enter a new password, or click on Generate to create a new password.

    Note

    If you have entered a Common Name, you do not need to enter Password details. Password details are only required if you are using basic HTTP authentication.

  7. Click on Save to create the new API User.

For more information about how to add API Users to a Team and assign Permissions/Roles to them, see Managing Teams.

Disabling an API User account

To disable an API User account:

  1. Select API Users from the Superuser navigation sidebar.

  2. Click on Edit in the Actions column alongside the name of the API User.

  3. Deselect the Account enabled checkbox.

  4. Click on Save.

Resetting an API User's password

To reset a User's password (if basic HTTP authentication is used):

  1. Select API Users from the Superuser navigation sidebar.

  2. Click on Edit in the Actions column alongside the name of the API User.

  3. Click on Change Password.

    The Password edit box is displayed.

  4. Enter a new password, or click Generate to generate a random password.

    Note down or copy the password. This temporary password will be required for the API User's login.

  5. Click on Save.

Assigning or Removing Superusers

To assign Superuser permissions to an API user account:

  1. Select API Users from the Superuser navigation sidebar.

  2. Click on Edit in the Actions column alongside the name of the API User.

  3. Select the Superuser checkbox if you want the User to have Superuser permissions. Deselect the checkbox to remove Superuser permissions.

  4. Click on Save.

In this section: