User management at the CLI

Initial setup

In these examples, zzzzz-tpzed-3kz0nwtjehhl0u4 is the sample user account. Replace with the uuid of the user you wish to manipulate.

See user management for an overview of how to use these commands.

Setup a user

This creates a default git repository and VM login. Enables user to self-activate using Workbench.

$ arv user setup --uuid zzzzz-tpzed-3kz0nwtjehhl0u4

Deactivate user

$ arv user unsetup --uuid zzzzz-tpzed-3kz0nwtjehhl0u4

When deactivating a user, you may also want to reassign ownership of their data .

Directly activate user

$ arv user update --uuid "zzzzz-tpzed-3kz0nwtjehhl0u4" --user '{"is_active":true}'

Note: this bypasses user agreements checks, and does not set up the user with a default git repository or VM login.

Create a token for a user

As an admin, you can create tokens for other users.

$ arv api_client_authorization create --api-client-authorization '{"owner_uuid": "zzzzz-tpzed-fr97h9t4m5jffxs"}'

To get the token string, combine the values of uuid and api_token in the form “v2/$uuid/$api_token”. In this example the string that goes in ARVADOS_API_TOKEN would be:


Delete a single token

As a user or admin, if you need to revoke a specific, known token, for example a token that may have been leaked to an unauthorized party, you can delete it at the command line.

First, determine the token UUID. If it is a “v2” format token (starts with “v2/”) then the token UUID is middle section between the two slashes. For example:


the UUID is “zzzzz-gj3su-yyyyyyyyyyyyyyy” and you can skip to the next step.

If you have a “bare” token (only the secret part) then, as an admin, you need to query the token to get the uuid:

$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv --format=uuid api_client_authorization current

Now you can delete the token:

$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv api_client_authorization delete --uuid zzzzz-gj3su-yyyyyyyyyyyyyyy

Delete all tokens belonging to a user

First, obtain a valid token for the user.

Then, use that token to get all the user’s tokens, and delete each one:

$ ARVADOS_API_TOKEN=xxxxtoken-belonging-to-user-whose-tokens-will-be-deletedxxxxxxxx ; \
for uuid in $(arv --format=uuid api_client_authorization list) ; do \
arv api_client_authorization delete --uuid $uuid ; \

Adding Permissions

VM login

Give $user_uuid permission to log in to $vm_uuid as $target_username and make sure that $target_username is a member of the docker group


read -rd $'\000' newlink <<EOF; arv link create --link "$newlink"
"properties":{"username":"$target_username", "groups": [ "docker" ]}

Previous: User management Next: Role group management at the CLI

The content of this documentation is licensed under the Creative Commons Attribution-Share Alike 3.0 United States licence.
Code samples in this documentation are licensed under the Apache License, Version 2.0.