roles creation

Hi,

IDAM system installed in windows server,We want to create new roles in IDAM,Can please provide the documents for creating and managing roles in IDAM.

Thanks.
  • On 5/31/2019 3:24 AM, KSEB wrote:
    >
    > Hi,
    >
    > IDAM system installed in windows server,We want to create new roles in
    > IDAM,Can please provide the documents for creating and managing roles in
    > IDAM.


    You can create a Role via a SOAP call to createRole() in the
    https://server:port/IDMProv/role/service endpoint.

    Fernando wrote a nice bash script that uses curl to send SOAP messages
    if you pass in sufficient info. I wrote a wrapper that reads a CSV and
    can bulk load data into his script so I can bulk load Roles if I need
    to. (Alas, exporting I have not done, getting the right format for
    import, though that would be useful).

    You can use the GUI to do it in ID APps/User App.

    You can call Create Role in IDM POlicy based on an event. (I.e. If a
    group is created, you could make a Role based on that event).

    Use case is meaningful here.


  • Hi,

    Thanks for response.
    In that previous reply i am not able to open the url:https://serverort/IDMProv/role/service.
    requesting you can you please send correct url again.

    Thanks.
  • On 5/31/2019 8:06 AM, KSEB wrote:
    >
    > Hi,
    >
    > Thanks for response.
    > In that previous reply i am not able to open the
    > url:serverort/.../service.
    > requesting you can you please send correct url again.


    Did you literally try https://serverort/ as the base URL or did you
    replace it with your servers DNS name and proper port?

    Now, there is no UI at the end point, it is meant to listen for incoming
    HTTP PUT/POST requests for SOAP messaging.

    The user interface prior to IDM 4.7.2 is
    YourServerIpHere:YourPortHere/IDMProv

    4.7.2 and higher it changes to
    YourServerIpHere:YourPortHere/landing (or maybe /idmdash)

    If you want to send a SOAP message, you can get the WSDL from:
    YourServerIpHere:YourPortHere/.../service (I think? Docs
    say the specific link).

    Then you can open the SOAP WSDL in a tool like SOAP UI, look for
    createRole and see if you can fill in the fields. I agree this is not
    the simpler approach.

    You may find it simpler to use Fernandos bash script he wrote to do this
    sort of call:
    /cyberres/idm/w/identity_mgr_tips/2314/bash-functions-to-perform-soap-calls-to-rbpm

    Just checked, he does have createRole in there.

    I wrote some articles explaining how this script works, and how you
    could extend it to add new functionality if you need it here:

    /cyberres/idm/w/identity_mgr_tips/3238/adding-new-functions-to-the-ua-bash-extension---part-1

    /cyberres/idm/w/identity_mgr_tips/3716/adding-new-functions-to-the-ua-bash-extension---part-2

    /cyberres/idm/w/identity_mgr_tips/4456/adding-new-functions-to-the-ua-bash-extension-part-3

    Then I specifically addressed createRole since I wanted more info in my
    Role specified:
    /cyberres/idm/w/identity_mgr_tips/4583/enhancing-the-ua-bash-extension-for-createrole

    Then some more:
    /cyberres/idm/w/identity_mgr_tips/4238/enhancing-the-ua-bash-extension-for-the-provisioning-endpoint---terminate---part-1

    /cyberres/idm/w/identity_mgr_tips/3231/enhancing-the-ua-bash-extension-for-resources

    /cyberres/idm/w/identity_mgr_tips/4832/enhancing-the-ua-bash-extension-for-modifyresource


    Read all that, and lets see if you have anything specific. None of this
    is official docs, sorry, just stuff I wrote a year or three ago.