# User Management v3 APIs

## Overview

The **User Management v3 APIs** allow you to manage users, user groups, domains, permissions, and account policies in the system. These APIs support operations such as:

- Retrieving user profiles
- Locking or unlocking users
- Deleting users or groups
- Managing domains
- Configuring permissions and account policies

**Example API Request:**

```
https://apm-prod-server:8443/api/v3/users
```

## Types of User Management v3 APIs

Browse through the following topics to perform user management operations to required endpoints:

- [Users](https://www.manageengine.com/products/applications_manager/help/users-v3-apis.html)
- [User Groups](https://www.manageengine.com/products/applications_manager/help/user-groups-v3-apis.html)
- [User Domains](https://www.manageengine.com/products/applications_manager/help/user-domains-v3-apis.html)

Following are the consolidated list of categories and their corresponding v3 APIs supported for User Management in Applications Manager.

| S.No. | Method | Endpoint | Description | Roles Required |
|---|---|---|---|---|
|  |  |  | **USERS** |  |
| 1 | GET | /users | Get all users | Administrator, User |
| 2 | PUT | /users/{userProfileId}/status | Update user status | Administrator |
| 3 | DELETE | /users/{userProfileId} | Delete a single user | Administrator |
| 4 | DELETE | /users | Delete multiple users | Administrator |
|  |  |  | **USER GROUPS** |  |
| 5 | GET | /usergroups | Get all user groups | Administrator, User |
| 6 | DELETE | /usergroups/{userGroupId} | Delete a single user group | Administrator |
| 7 | DELETE | /usergroups | Delete multiple user groups | Administrator |
|  |  |  | **USER DOMAINS** |  |
| 8 | GET | /userdomains | Get all user domains | Administrator, User |
| 9 | DELETE | /userdomains/{userDomainId} | Delete a single user domain | Administrator |
| 10 | DELETE | /userdomains | Delete multiple user domains | Administrator |

## Permission Keys

Following are the list of permission keys used in various response parameters of User Management v3 APIs based on their user roles:

- [Administrator](#administrator-role-permissions)
- [Delegated Administrator](#delegated-administrator-role-permissions)
- [Operator](#operator-role-permissions)
- [User](#user-role-permissions)

### Administrator role permissions

| Permission Key | Description |
|---|---|
| `shutdownPermission` | Allow admin to shut down the server |
| `allowAdminWindowsServices` | Allow admin to manage Windows services |
| `allowAdminToManageDB` | Allow admin to manage database |
| `allowAdminToManageSQLUser` | Allow admin to manage SQL users |
| `allowAdminToUpdateConfig` | Allow admin to update configuration |

### Delegated Administrator role permissions

| Permission Key | Description |
|---|---|
| `disableRestrictedAdmin` | Disable restricted admin functionality |
| `allowDAdminViewAllCredentials` | Allow viewing all credentials |
| `allowDAdminViewAllThresholds` | Allow viewing all thresholds |
| `allowDAdminViewAllActions` | Allow viewing all actions |
| `delAdmin_sendEmail` | Allow send email action |
| `delAdmin_sms` | Allow SMS action |
| `delAdmin_program` | Allow execute program action |
| `delAdmin_trap` | Allow SNMP trap action |
| `delAdmin_sdp` | Allow ServiceDesk Plus integration action |
| `delAdmin_mbean` | Allow MBean action |
| `delAdmin_heap` | Allow heap dump action |
| `delAdmin_amazon` | Allow Amazon action |
| `delAdmin_vm` | Allow VM action |
| `delAdmin_container` | Allow container action |
| `delAdmin_windows` | Allow Windows action |
| `allowDelAdminToTrustCertificates` | Allow trusting certificates |
| `allowDelAdminToManageDB` | Allow database management |
| `allowDelAdminToManageSQLUser` | Allow SQL user management |
| `allowDelAdminToUpdateConfig` | Allow configuration update |
| `delAdmin_sqlJobAction` | Allow SQL job action |
| `delAdmin_restapi` | Allow REST API action |
| `delAdmin_slack` | Allow Slack action |
| `allowDAdminEditEUMAgents` | Allow editing EUM agents |
| `delAdmin_siem` | Allow SIEM action |
| `delAdmin_splunk` | Allow Splunk action |

### Operator role permissions

| Permission Key | Description |
|---|---|
| `allowOperatorManage` | Allow operator to manage monitors |
| `allowOperatorUnmanageAndReset` | Allow operator to unmanage and reset |
| `allowOperatorExecuteAction` | Allow operator to execute actions |
| `allowOperatorServices` | Allow operator to manage services |
| `allowOperatorUpdateIP` | Allow operator to update IP addresses |
| `allowOperatorEdit` | Allow operator to edit monitors |
| `allowOPRProcess` | Allow operator to manage processes |
| `allowDownTimeSchedule` | Allow operator to schedule downtime |
| `allowOprViewAllDownTimeSchedule` | Allow operator to view all downtime schedules |
| `allowJumptoLink` | Allow operator to use jump-to links |
| `allowClearAlarms` | Allow operator to clear alarms |
| `allowOperatorEditTabs` | Allow operator to edit dashboard tabs |
| `allowManageDB` | Allow operator to manage database |
| `allowUpdateConfig` | Allow operator to update configuration |
| `showManagedServersForOP` | Show managed servers for operator |

### User role permissions

| Permission Key | Description |
|---|---|
| `allowUserEditTabs` | Allow user to edit dashboard tabs |
| `am.admin.usermgmt.user.credential.enabled` | Allow user to access credentials section |
| `am.admin.usermgmt.user.security.enabled` | Allow user to access security section |
| `am.admin.usermgmt.user.usermgmt.enabled` | Allow user to access user management section |
| `am.admin.usermgmt.user.actionaudit.enabled` | Allow user to access action audit section |

## Error Codes

Following are the list of permission keys used in various response parameters of User Management v3 APIs. All error responses follow this standard format:

```plaintext
{
  "message": "failure",
  "data": [
    {
      "errorCode": "ERROR_CODE_NAME",
      "errorMessage": "Human-readable error description"
    }
  ],
  "meta": {}
}
```

| Error Code | HTTP Status | Description |
|---|---|---|
| `API_USER_UNAUTHENTICATED` | 401 | API key is missing or invalid |
| `CLIENT_USER_UNAUTHENTICATED` | 401 | Client session is not authenticated |
| `USER_UNAUTHORIZED` | 403 | User does not have permission for this operation |
| `INVALID_USER_ROLE` | 400 / 401 | Invalid role specified or user role is insufficient |
| `JSON_PARSER_ERROR` | 400 | Request body contains malformed JSON |
| `INTERNAL_SERVER_ERROR` | 500 | An unexpected internal server error occurred |
| `INTERNAL_DAO_ERROR` | 500 | Database operation failed |
| `INVALID_REQUEST_PARAMS` | 400 | Request contains invalid or missing parameters |
| `INVALID_APIKEY_USER` | 401 | API key does not correspond to a valid user |
| `FILE_NOT_UPLOADED` | 400 | Expected file upload was not found |
| `UNSUPPORTED_OPERATION` | 400 | The requested operation is not supported. |