Setting user roles when creating a user via script

I’m trying to create a user via scripting and as a part of that, give the new user roles.

I can see how to set every attribute of the new user but I’m having trouble finding documentation as to how to set their roles.

Is it as simple as newUser.set('roles', rolesList) or is there more to it? I can’t see any documentation about this.

EDIT: Yeah that doesn’t work.

You’re close. Due to technical limitations, some things get accessed differently than others. Here’s the sample script I gave to training:

def printResponse(responseList):
    if len(responseList) > 0:
        for response in responseList:
            print "", response
    else:
        print " None" 

# Make a brand new 'blank' user. Not saved until we, well, save
username = event.source.parent.getComponent('Text Field').text
user = system.user.getNewUser("", "myAwesomeUser")

# Let's fill in some fields. Note we have two ways to access property names
user.set("firstname", "Naomi")
user.set(user.LastName, "Nagata")
user.set("password", "1234567890")

# We can add contact info one at a time. Up to the script user to make sure the type is legit
user.addContactInfo("email", "naomi@roci.com")

#we can add a lot of contact info
contactInfo = {"email":"ignition_user@mycompany.com","sms": "5551212"}
user.addContactInfo(contactInfo)

# We can delete contact info. Only deletes if both fields match.
user.removeContactInfo("sms", "5551212")

# we can add a role. If the role doesn't already exist, user save will fail, depending on user source
user.addRole("mechanic")

# we can add a lot of roles
roles = ["Administrator", "prisoner"] 
user.addRoles(roles)

# and we can remove a role
user.removeRole("prisoner")

# we can add a schedule adjustment too
date2 = system.date.now()
date1 = system.date.midnight(date2)
user.addScheduleAdjustment(date1, date2, False, "An adjustment note")

# we can make a bunch of adjustments and add them en-masse
date3 = system.date.addDays(date2, -4)
adj1 = system.user.createScheduleAdjustment(date3, date2, True, "Another note")
adj2 = system.user.createScheduleAdjustment(date3, date1, False, "")
user.addScheduleAdjustments([adj1, adj2])

# and we can remove a schedule adjustment. All fields must match.
user.removeScheduleAdjustment(date1, date2, True, "Some other note")

# finally need to save our new user and print responses
response = system.user.addUser("", user)

warnings = response.getWarns()
print "Warnings are:"
printResponse(warnings)
 
errors = response.getErrors()
print "Errors are:"
printResponse(errors)
 
infos = response.getInfos()
print "Infos are:"
printResponse(infos)```
3 Likes

Thanks!

1 Like

Actually, sorry, this isn’t working for me for some reason. I’m getting the error:

TypeError: addRoles(): 1st arg can't be coerced to java.util.Collection

in user.addRoles(roles). I’m giving it a list that is pulled from an Array property in the perspective view (that I’ve wrapped in list() just to see if that fixed the error, it didn’t)

Am I missing something here?

Looks like you may need to iterate through and add them one by one for now. I’m not too familiar with the array props in perspective, but I know they aren’t an actual array-array. I’ll get someone to look at it – I know we can make that more intuitive.

Ah, looks like we’re already working on this.

While this will be fixed in the future, there is a workaround for the time being. If you are pulling the roles from an array property, you can get the underlying list by calling tolist() on the property like roles = self.custom.customArray.tolist()

1 Like

Hello everyone,

I know this thread has been opened for some time, however I am currently trying to access some graphs saved in my database. The problem is that I am connecting with a user who does not have all the roles. To be clearer, I need to show some graphics in a window (only one window), for this I need my user to have all the roles in that window. I am using the following request:

chartCount = system.db.runPrepQuery(“SELECT COUNT(*) FROM saved_graphs”,[], database)

But this request (or fonction) « is blocked to users that do not meet the role/zone requirements for the above permission type. This function is unaffected when run in the Gateway scope ».

So, I’ve wondering how i can give the “Administrator Roles” to my user? Or there is another way to divert the probleme?

Thanks

You may not need to give them an administrator role, you may just need to give them access to database functions in the client.

Starting in projects created in 7.9.4 or higher, you need to explicitly give permission to run database queries that are not named queries in the client. This is to help your project be more secure and prevent a malicious person from spoofing queries.

You can either change this query to a named query, or add permission for legacy db queries to the project.

1 Like

Hi Kathy,
I juste give them access to database functions in the client as you said. It’s working as expected.
Thanks again,

1 Like

Hi @KathyApplebaum, did user.removeScheduleAdjustment only work when you created a user or you can do it when the user exist allready and the Schedule Adjustment too?

This is a different topic, since it’s about schedule adjustments and not roles. It’s best to make a new topic for this which gives more people a chance to answer.

1 Like

This doesn't seem to work when I try to add a role to a user from hybrid AD. Object itself gets a role but it doesn't get saved with editUser method. Any suggestions?

me = system.user.getUser("my_company_ad", "my_username")

me.addRole("analyst")

system.user.editUser("my_company_ad", me)

Ignition's user and role editing tools can only update an internal user source. They cannot make changes in AD itself, nor in any external IdP

Peter is not making changes to the AD though, only the roles that are assigned to the hybrid side of the hybid AD setup. I just tried it, and it works.

@Peter.Dmitriev you need to make sure the role exists in the user source before you can assign it to a user.

1 Like

That is correct, Daniel, I just want to be able to assign/remove roles thru the scripting same way I do it in gateway for the hybrid user source. Did you try my code and it worked? Which Ignition version are you running?

Role does exist in a user source...

Thanks!

Yes, tried your script exactly. I went into the AD/hybrid user source, created a new user role, then in the designer's scripting console, I ran your script adjusted for the role I created.

Are you using an AD / internal hybrid?

Also, check spelling and capitalization.

Yes, I'm using AD/Internal Hybrid. Triple checked everything, even tried different gateway, still nothing. I'm running 8.1.23. May have to call Inductive support...

Probably a good idea. I'm on 8.1.32.

Every user source has it's own list of roles, so the role you are trying to add must exist on the specific AD/Hybrid source you're trying to edit.