Updates the User specified by the {username} parameter with the property values sent in the request body.

Team memberships can be specified by including a "memberships":[] property in the body, but this list is inclusive of all teams. This means if any team memberships already exist, then they must be included in this list. If any existing memberships are excluded from the list, those memberships will be deleted.

A user can be restricted to accessing the system by including an "allowedIps":"" property in the body. This value must be a comma separated list of IP addresses or subnets the user is allowed to access the system from. Currently IPv4 addresses, IPv4 subnets CIDR notation, and IPv6 addresses (both expanded and condensed) are allowed.

Examples of valid values

- 127.0.0.1                                 IPv4 Address [localhost]
- 192.168.0.25                              IPv4 Address
- 192.168.0.1/24                            IPv4 Subnet [192.168.0.1 - 192.168.0.254]
- 0000:0000:0000:0000:0000:0000:0000:0001   IPv6 Address [localhost]
- ::1                                       IPv6 Address (condensed) [localhost]

Example allowing access from localhost (both IPv4 and IPv6), and a range of IPv4 addresses

127.0.0.1,::1,192.168.0.1/24

NOTE All properties in the request body are optional, and only the properties supplied will be updated.

The current user must have Space management privileges to perform this action.