I’ve been playing around with using configuration management to manage the SG internal users (primarily by using sgadmin.sh). It would be fantastic to be manage users individually, is this already possible and I’m just missing something?
I see one of the main challenges in doing this would be the fact that the entire users hash is stored in ES as a single base64 blob (why is that?) and wouldn’t allow for easy manipulation of individual users.
The issue I’m facing with the API is that the internal users will be overwritten the next time I run sgadmin (please correct me if I’m wrong). How do you suggest users continually update their security policy while making use of the API?
Generally speaking: Either use sgadmin (in case you have no enterprise subscription or you want to managed everything manually from a central place) or use the REST api but not both on the same config resource. Typically users manage the internal users, roles and role mappings, tenants with the REST API and authentication config and action groups via sgadmin.
Perfect, this is exactly what I’ve been looking for. Apologies for missing it in your online docs. I didn’t notice it in the help output from sgadmin because this is the help documentation for the two options: