search

cubewise-code / tm1py

TM1py is a Python package that wraps the TM1 REST API in a simple to use library.
http://tm1py.readthedocs.io/en/latest/
MIT License
187 stars 107 forks source link

issue changing friendly name of a TM1 admin user #1137

Open fxmenard opened 1 month ago

fxmenard commented 1 month ago

Describe the bug In some situations, it is not possible to update friendly name for a TM1 admin user via tm1py. Looks like a bug in the REST API itself as the response is "Cannot enable or disable an admin or security admin." Although I am not changing user enablement.

Call is successful for "Admin" users (except standard user Admin). Call is in error for "SecurityAdmin" or "DataAdmin" users.

To Reproduce Here is a sample script:

import configparser from TM1py import TM1Service, User

Load configuration

config = configparser.ConfigParser() config.read('config.ini')

Retrieve TM1 connection details from the configuration file

tm1Address = config.get('TM1', 'address') tm1Port = config.getint('TM1', 'port') tm1User = config.get('TM1', 'user') tm1Password = config.get('TM1', 'user')

userName = "jdoe" newAlias = "Johnny"

Connect to the TM1 server and update the user's friendly name

with TM1Service(address=tm1Address, port=tm1Port, ssl=True, user=tm1User, password=tm1Password) as tm1:

Retrieve the existing user object

user = tm1.security.get_user( userName )

# Update the friendly name
user.friendly_name = newAlias

print( user );

# Update the user in TM1
tm1.security.update_user( user )

print(f"User '{userName}' friendly name updated to '{newAlias}'.")

Problem happens when John Doe is SecurityAdmin only. It happens alos for the standard user "Admin" with group "Admin"

Expected behavior Freindly name should be updated, and nothing else

Actual behavior {"Name": "jdoe", "FriendlyName": "Johnny", "Enabled": true, "Type": "SecurityAdmin", "Groups@odata.bind": ["Groups('SecurityAdmin')"]} Traceback (most recent call last): File "tm1Test.py", line 44, in tm1.security.update_user( user ) File "TM1py\Utils\Utils.py", line 45, in wrapper return func(self, *args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "TM1py\Services\SecurityService.py", line 82, in update_user return self._rest.PATCH(url, user.body, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "TM1py\Services\RestService.py", line 94, in wrapper self.verify_response(response=response) File "TM1py\Services\RestService.py", line 538, in verify_response raise TM1pyRestException(response.text, TM1py.Exceptions.Exceptions.TM1pyRestException: Text: '{"error":{"code":"67","message":"Cannot enable or disable an admin or security admin."}}' - Status Code: 400 - Reason: 'Bad Request' - Headers: {'Content-Length': '95', 'Connection': 'keep-alive', 'Content-Encoding': 'gzip', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json; charset=utf-8', 'OData-Version': '4.0'}

Version TM1py [e.g. 1.11.3] TM1 Server Version: [e.g. 2.0.9.19]

Additional context None

MariusWirtz commented 1 month ago

Agree. This looks like a limitation of the TM1 REST API. Please raise this directly with IBM

fxmenard commented 1 month ago

Will do... Thank you Marius for the prompt reply.

fxmenard commented 1 month ago

Bug is reported to IBM. I will update this issue when I know more