Guides
GuidesAPI ReferenceRecipesChangelog

Manage Users & Access Control

Suggest Edits

Overview

This guide walks you through managing users, roles, and access controls in the N-Central platform. The User & Access Management APIs allow you to create, retrieve, update, and manage user accounts, roles, and access groups. In this guide, you'll learn how to:

  1. Manage Users and User Lists
  2. Create and Configure Access Groups
  3. Define and Manage User Roles
  4. Implement Role-Based Access Control
  5. Handle Access Group Relationships

Managing Users

List Users in Organization

To retrieve a list of users within an organization unit, use the List Users endpoint. This endpoint supports pagination and sorting to manage large user lists effectively.

Required Parameters:

  • orgUnitId: The ID of the organization unit
  • Authorization: Bearer token for authentication

Optional Parameters:

  • pageSize: Number of results per page (default: 50, max: 1000)
  • pageNumber: Page number to retrieve
  • sortBy: Field to sort by (lastName, username, accountstatus, etc.)
  • sortOrder: Sort direction (asc/desc)

Request

GET https://api.n-able.com/api/org-units/{orgUnitId}/users
Authorization: Bearer <YOUR_JWT_HERE>

Response

Upon success, N-able returns a 200 status code along with the list of users and pagination details:

{
  "data": [
    {
      "firstName": "John",
      "lastName": "Doe",
      "userName": "[email protected]",
      "userId": 1234567890,
      "isEnabled": true,
      "apiOnlyUser": false,
      "twoFactorEnabled": false,
      "roleIds": [12, 13, 14],
      "accessGroupIds": [1, 2, 3]
    }
  ],
  "pageNumber": 1,
  "pageSize": 50,
  "totalItems": 150,
  "totalPages": 3
}

Key points in the response:

  • userId: Unique identifier for the user
  • isEnabled: Current status of the user account
  • roleIds: Array of assigned role identifiers
  • accessGroupIds: Array of associated access group IDs

Managing Access Groups

Create Device Access Group

To create a new device access group, use the Create Device Access Group endpoint. This allows you to define access boundaries for specific devices.

Required Parameters:

  • orgUnitId: Organization unit identifier
  • groupName: Name of the access group
  • groupDescription: Description of the group

Optional Parameters:

  • deviceIds: Array of device IDs to include
  • userIds: Array of user IDs to associate

Request

POST https://api.n-able.com/api/org-units/{orgUnitId}/device-access-groups
Authorization: Bearer <YOUR_JWT_HERE>
Content-Type: application/json

{
  "groupName": "Production Servers",
  "groupDescription": "Access group for production server management",
  "deviceIds": ["1001", "1002"],
  "userIds": ["5001", "5002"]
}

Response

A successful creation returns a 204 status code with no content.

Error Responses:

  • 400: Invalid request format
  • 401: Authentication failure
  • 403: Insufficient permissions
  • 404: Organization unit not found
  • 429: Too many requests

Managing User Roles

Create User Role

To add a new user role in an organization, use the Create User Role endpoint.

Required Parameters:

  • orgUnitId: Organization unit identifier
  • roleName: Name of the role
  • description: Role description
  • permissionIds: Array of permission identifiers

Request

POST https://api.n-able.com/api/org-units/{orgUnitId}/user-roles
Authorization: Bearer <YOUR_JWT_HERE>
Content-Type: application/json

{
  "roleName": "Support Team Lead",
  "description": "Senior support team access with elevated permissions",
  "permissionIds": ["1", "2", "3"],
  "userIds": ["5001", "5002"]
}

Response

Success returns a 201 status code with the created role details:

{
  "data": {
    "roleId": 123,
    "roleName": "Support Team Lead",
    "description": "Senior support team access with elevated permissions",
    "permissionIds": ["1", "2", "3"],
    "userIds": ["5001", "5002"]
  }
}

Implementing Role-Based Access Control (RBAC)

Best Practices for Role Design

  1. Role Hierarchy

    • Create roles based on job functions
    • Implement least-privilege access
    • Use inheritance where appropriate

  2. Permission Assignment

    • Group related permissions logically
    • Document permission combinations
    • Regular review and audit

Example Role Structure

{
  "roles": {
    "admin": {
      "permissions": ["USER_MANAGE", "ROLE_MANAGE", "ACCESS_GROUP_MANAGE"],
      "description": "Full system administration access"
    },
    "support": {
      "permissions": ["DEVICE_VIEW", "TICKET_MANAGE"],
      "description": "Support team access"
    }
  }
}

Managing Access Group Relationships

Link Users to Access Groups

To associate users with access groups, update the access group membership:

PUT https://api.n-able.com/api/org-units/{orgUnitId}/access-groups/{groupId}
Authorization: Bearer <YOUR_JWT_HERE>
Content-Type: application/json

{
  "userIds": ["user1", "user2"]
}

Link Devices to Access Groups

Add devices to device access groups:

PUT https://api.n-able.com/api/org-units/{orgUnitId}/device-access-groups/{groupId}
Authorization: Bearer <YOUR_JWT_HERE>
Content-Type: application/json

{
  "deviceIds": ["device1", "device2"]
}

Updated 6 days ago