Configuring Protegrity Anonymization
Steps to configure Protegrity Anonymization.
Update Role Permission and Create User
After deployment, update the default anonymization_administrator role to include can_create_token permission and then create a user with this role.
Step 1: Update anonymization_administrator role permission
export GATEWAY_URL="https://$(kubectl get configmap/nfa-config -n default -o jsonpath='{.data.FQDN}')"
# 1. Obtain an Authentication Token
TOKEN=$(curl -sk -X POST "${GATEWAY_URL}/api/v1/auth/login/token" \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'loginname=admin&password=Admin123!' \
-D - -o /dev/null | grep -i 'pty_access_jwt_token' | awk '{print $2}' | tr -d '\r\n')
curl -sk -X PUT \
"${GATEWAY_URL}/pty/v1/auth/roles" \
-H 'accept: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
-d '{
"name": "anonymization_administrator",
"description": "Administrator role",
"permissions": [
"can_create_token",
"anonymization_operations_admin"
]
}'
Step 2: Create user with anonymization_administrator role attached
Use the following request payload when creating the user:
{
"username": "anonymization_admin",
"email": "anonadmin@example.com",
"firstName": "Anon",
"lastName": "User",
"password": "StrongPassword123!",
"roles": [
"anonymization_administrator"
]
}
Example API call:
curl -sk -X POST \
"${GATEWAY_URL}/pty/v1/auth/users" \
-H 'accept: application/json' \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
-d '{
"username": "anonymization_admin",
"email": "anonadmin@example.com",
"firstName": "Anon",
"lastName": "User",
"password": "StrongPassword123!",
"roles": [
"anonymization_administrator"
]
}'
Feedback
Was this page helpful?