Users¶
A user is an account that can log in and act on the RTLS deployment.
Users have a Role (one of six enum values) and may carry project-
specific role bindings. The SDK exposes the same compound vs raw split
as tags: users.create / update handle the project-role binding saga,
*_raw methods hit one REST endpoint each.
Quick reference¶
| Method | What it does |
|---|---|
client.users.list(*, with_projects=False) |
List users in scope. |
client.users.me() |
The currently authenticated user. |
client.users.create(email, password, *, project_role=None, **fields) |
Create user; optionally bind a project role in one call. |
client.users.update(uid, *, project_role=None, **fields) |
Update fields and/or project role; refreshes own email if self-edit. |
client.users.delete(uid) |
Delete a user. |
client.users.update_access(project_uid, *, uid, role) |
Bind or change one user's role on one project. |
client.users.restore_password(email) |
Trigger the server's password-reset email. |
client.users.validate(**fields) |
Server-side pre-create validation (returns the would-be errors). |
client.users.list_roles() |
The role catalog (a list of Role enum entries). |
client.users.get_access_control() |
Per-project role bindings for the current user. |
client.users.create_raw / update_raw / change_password_raw |
Single-call REST escape hatches. |
For changing the current user's password (with automatic re-login), see Auth.
Reading¶
Writing¶
create performs the user-create + optional project-role binding in
one compound call, with rollback on partial failure:
user = client.users.create(
email="ops@example.com",
password="…",
project_role={"project_uid": "p-1", "role_key": "operator"},
)
On step failure the SDK raises PartialFailureError with
step="bind_project_role" — the created user is rolled back.
update is diff-aware: if you pass project_role=, the SDK
reconciles the binding against the current state via
update_access. delete is single-uid:
client.users.update(user.uid, last_name="Smith", project_role={"project_uid": "p-1", "role_key": "viewer"})
client.users.delete(user.uid)
Roles¶
Role is a six-value enum: SYSTEM_ADMIN, COMPANY_ADMIN,
PROJECT_SYSTEM_ADMIN, PROJECT_OPERATIONS_ADMIN,
PROJECT_MAINTAINER, PROJECT_USER. The SDK computes a single
User.role from the server's flag bits; the raw flags stay on
User.raw_flags for advanced filtering.
Model — User¶
| Field | Type | Notes |
|---|---|---|
uid |
str \| None |
Server-assigned. |
email |
str |
Login identity. |
first_name / last_name |
str \| None |
Display. |
role |
Role |
Computed from flags (see above). |
raw_flags |
UserFlags |
Original boolean flags. |
is_super_admin |
bool |
Shortcut for SYSTEM_ADMIN. |
is_company_admin |
bool |
Shortcut for COMPANY_ADMIN. |
Related entities¶
- Projects:
users.update_access(project_uid, uid=, role=)manages cross-resource role bindings. See Projects. - Companies:
is_company_admin=Trueusers span every project under their Company. - Auth:
client.auth.whoami()andclient.auth.change_password(...)cover session-time identity ops. See Auth.
See also¶
- Error handling —
PartialFailureError.stepstrings for users compounds. - Compound workflows — the project-role binding saga.
- Credential rotation — changing passwords.