Skip to main content
NetApp Knowledgebase

The Grid Administrator User can post new password without inputting currentPassword. Is it expected behavior?

Views:
80
Visibility:
Public
Votes:
0
Category:
storagegrid-webscale
Specialty:
sgrid
Last Updated:

Applies to

StorageGRID

Answer

  • Yes. It is a correct behavior by design.
    • The Grid Administrator User has root permission as a superuser.
    • To reset someone's password, it is not necessary to know the current password for that person.

Note: The permission requirements are different for current-user and other-user endpoints. 

Additional Information

  1. Update a local Grid Administrator User password by unique name using the following command.

POST /grid/users/user/{shortName}/change-password

Example:

Curl
curl -X POST "https://10.64.24.95/api/v3/grid/users/user/api_test/change-password" -H "accept: application/json" -H "Authorization: Bearer 224a741d-47b3-4e50-a3a0-7dc9f4070e71" -H "Content-Type: application/json" -H "X-Csrf-Token: c0c1ab7d204fc8bcbfe68c2e02589e94" -d "{ \"password\": \"87654321\", \"currentPassword\": \"\"}"
Server response
Code     Description
204       successfully updated

  1. Update the current Grid Administrator User's password using the following command.

POST /grid/users/current-user/change-password

Example:

Curl
curl -X POST "https://10.64.24.95/api/v3/grid/users/current-user/change-password" -H "accept: application/json" -H "Content-Type: application/json" -H "X-Csrf-Token: fa434a2773c84f3688a951fb718290df" -d "{ \"password\": \"12345678\", \"currentPassword\": \"\"}"
Server response
422 Error: Unprocessable Entity   
Response body
{
  "errors": [
    {
      "text": "Currentpassword can't be blank.",   
      "key": "error.i18n.validation",
      "context": "currentPassword"
    }
  ],