Skip to content

Users

A user is an account that can log in and act on the RTLS deployment. Users have a Role (one of six enum values) and may carry project- specific role bindings. The SDK exposes the same compound vs raw split as tags: users.create / update handle the project-role binding saga, *_raw methods hit one REST endpoint each.

Quick reference

Method What it does
client.users.list(*, with_projects=False) List users in scope.
client.users.me() The currently authenticated user.
client.users.create(email, password, *, project_role=None, **fields) Create user; optionally bind a project role in one call.
client.users.update(uid, *, project_role=None, **fields) Update fields and/or project role; refreshes own email if self-edit.
client.users.delete(uid) Delete a user.
client.users.update_access(project_uid, *, uid, role) Bind or change one user's role on one project.
client.users.restore_password(email) Trigger the server's password-reset email.
client.users.validate(**fields) Server-side pre-create validation (returns the would-be errors).
client.users.list_roles() The role catalog (a list of Role enum entries).
client.users.get_access_control() Per-project role bindings for the current user.
client.users.create_raw / update_raw / change_password_raw Single-call REST escape hatches.

For changing the current user's password (with automatic re-login), see Auth.

Reading

users = client.users.list(with_projects=True)
me = client.users.me()
print(me.email, me.role)

Writing

create performs the user-create + optional project-role binding in one compound call, with rollback on partial failure:

user = client.users.create(
    email="ops@example.com",
    password="…",
    project_role={"project_uid": "p-1", "role_key": "operator"},
)

On step failure the SDK raises PartialFailureError with step="bind_project_role" — the created user is rolled back.

update is diff-aware: if you pass project_role=, the SDK reconciles the binding against the current state via update_access. delete is single-uid:

client.users.update(user.uid, last_name="Smith", project_role={"project_uid": "p-1", "role_key": "viewer"})
client.users.delete(user.uid)

Roles

Role is a six-value enum: SYSTEM_ADMIN, COMPANY_ADMIN, PROJECT_SYSTEM_ADMIN, PROJECT_OPERATIONS_ADMIN, PROJECT_MAINTAINER, PROJECT_USER. The SDK computes a single User.role from the server's flag bits; the raw flags stay on User.raw_flags for advanced filtering.

Model — User

Field Type Notes
uid str \| None Server-assigned.
email str Login identity.
first_name / last_name str \| None Display.
role Role Computed from flags (see above).
raw_flags UserFlags Original boolean flags.
is_super_admin bool Shortcut for SYSTEM_ADMIN.
is_company_admin bool Shortcut for COMPANY_ADMIN.

Full field list.

  • Projects: users.update_access(project_uid, uid=, role=) manages cross-resource role bindings. See Projects.
  • Companies: is_company_admin=True users span every project under their Company.
  • Auth: client.auth.whoami() and client.auth.change_password(...) cover session-time identity ops. See Auth.

See also