Technical Articles
Create additional users in SAP Data Intelligence trial (with vctl)
Ok, so assuming you got your SAP Data Intelligence 3.0 trial (see more details in the post by Dimitri Vorobiev) running and you are the one having administrator (user system
in tenant system
) access to it.
Tutorials assume you keep using the admin user for all the exercises, but you want more people from your team/organization to be able learning how to develop data-intensive applications without sharing the admin user and password with them. That’s, at least, my case. And I plan to resolve it by creating separate DI developer (I name them didevXX
) users.
I will use SAP Data intelligence’s CLI utility vctl
, because — as DJ Adams keeps saying — “The future is terminal” 🙂
Get vctl
utility
Thanks to Gianluca De Lorenzo who already covered vctl
in his post Zen and the Art of SAP Data Intelligence. Episode 3: vctl, the hidden pearl you must know!
So, I logon to my SAP Data Intelligence system
tenant as a system
user and open System Management. And then go to the Help icon to download VCTL.
From the pop-up pick the right version for your OS. I am using MacOS, so I pick Darwin
and download the utility to my ~/Tools
folder.
And because I am using macOS Catalina version I need to remove the extended attribute com.apple.quarantine
. Catalina assigned this attribute to the file because it was downloaded from the web.
ls -l@ vctl
xattr -d com.apple.quarantine vctl
One more step — make it executable.
chmod u+x vctl
Who am I?
./vctl whoami
…returns Error: invalid session. Did you login? Has your session expired?
as I am not logged in yet.
./vctl login --help
./vctl login https://a00371847c6a6444eb0f3bf4fa2a65c6-mysupersecrethost.supersecretdomain.com system system --insecure
./vctl whoami
I had to use --insecure
option, as a host in the Trial is using a self-signed certificate.
Hint: If you have
kubectl
installed and its context is set to the Data Intelligence’s K8s cluster, then you can get the ingress host name fromkubectl get ingress -n datahub -o=jsonpath='{.items[0].status.loadBalancer.ingress[0].hostname}'
.Use it in the login command:
./vctl login https://$(kubectl get ingress -n datahub -o=jsonpath='{.items[0].status.loadBalancer.ingress[0].hostname}') system system --insecure
Once login is successful the connection info is stored in the file ~/.vsystem/.vsystem_conn
.
Create a tenant
I am going to create a separate tenant learning
, but if you want users to access all connections and data pre-configured for tutorials, then you should create new users in the existing default
tenant.
./vctl tenant create --help
./vctl tenant create learning
./vctl tenant set-strategy learning sdi-default-extension-strategy
should return Successfully created tenant "learning"
and Successfully set strategy "sdi-default-extension-strategy" for tenant "learning"
.
Create a user
./vctl user create --help
./vctl user create learning didev00 Welcome20 member
…should return Successfully created user "learning/didev00"
.
It created a member
(not an admin) user didev00
in the tenant learning
with the password Welcome20
(although I understand many might say 2020 is not that welcoming…)
Assign policies to a user
./vctl policy --help
./vctl policy list-policies --tenant learning
./vctl policy assign sap.dh.metadata --tenant learning didev00
./vctl policy assign sap.dh.developer --tenant learning didev00
Now this user can logon into your SAP Data Intelligence trial to start learning and experimenting ?️.
The script to create developer users
Obviously, creating all users manually can be annoying, so here is a quick and dirty (i.e. no checks for errors, or if running user is logged and has authorizations) bash
script sapdi_users_create.sh
.
#!/bin/bash
while getopts n:t:p: option
do
case "${option}"
in
n) NRTOTAL=${OPTARG};;
t) DITENANT=${OPTARG};;
p) DEVPWD=${OPTARG};;
esac
done
NRTOTAL=${NRTOTAL:-'3'}
DITENANT=${DITENANT:-'default'}
DEVPWD=${DEVPWD:-'SAPDI30trial'}
for i in $(eval echo {1..${NRTOTAL}})
do
nr=$(printf "%02d" $i)
didevnr="didev${nr}"
echo "${didevnr} out of ${NRTOTAL} being created..."
./vctl user create ${DITENANT} ${didevnr} ${DEVPWD} member
./vctl policy assign sap.dh.metadata --tenant ${DITENANT} ${didevnr}
./vctl policy assign sap.dh.developer --tenant ${DITENANT} ${didevnr}
done
By default, it creates 3 users with the password SAPDI30trial
in the default
tenant.
These defaults can be changed by providing parameters from the command line:
-n
number of users to create starting fromdidev01
-t
tenant-p
new user’s password (same for all newly created users)
./sapdi_users_create.sh -n 2 -t learning -p P@$$w0rd$
As I am not an expert in Bash scripts, any suggestions for improvement are welcome! Or if you want to rework it to PowerShell script and to share in comments — please do so!
I hope you find it useful,
-Vitaliy (aka @Sygyzmundovych)
Hello Witalij
additional hints for vctl can also be found in the Blog - prepare the Installation Host for the SLC Bridge
Best Regards Roland
Thank you Witalij Rudnicki for the details. This is very helpful.
I could easily create user (developer) in the system tenant ending in two users (default, developer).
I also tried creating another tenant (tenant2) and assigned admin policies to it, but when I created a new user(user1) in tenant2, even after assigning all the policies (except admin) , the user1 is having only two applications in the launchpad, not the metadata ,modeler etc.
Is it the expected behaviour or am I missing something?
P.S. I have created users/tenants from SAP Data Intelligence platform not from vctl.
Thanks,
Indu Khurana.
Hi Indu. Have you created it in the trial edition of SAP Data Intelligence? What version of Data Intelligence have you gotten?
Hello Witalij,
I have created in SAP Data Intelligence, trial edition 3.1.
Thanks,
Indu.
Hello Witalij,
I understood where I was wrong, It was the strategy which should be correct for a tenant ,in order to have all the applications to appear in the launchpad for the user under that tenant.
Thanks,
Indu.
I am glad it worked out for you Indu Khurana 🙂
Hi Witalij Rudnicki
I have a new issue now. 🙂
Issue:
There is no connection in connection management (by default) in 'tenant2' , hence I created one for s3 , status ok.
But for HANA local host, If I provide the same host, port of existing HANA local host as we have in tenant 'default' , it fails. ( credentials used are user and pass used to login tenant2)
what port/host should I provide for creating new connection to HAAN DB?
Please advise.
Thanks,
Indu Khurana.