IGA 3.6.2 / 3.7 --- What rest calls do I need to make to request the removal of a group or application from a user?

When an account is disabled / terminated in IDM we want to send a rest call to IG to remove specific applications / permissions from that user.

-get token

-/data/users to get user's unique ID  (not working yet)

-request/users/{User Unique ID}/perms  (working when submitting it based on data in IG catalog)

do we then do a /request/request ?

      -If so any examples of doing a removal?
      -What are the requestType values we can specify?
      -What do we specify for the recipient? The Source ID or unique ID value we retrieved earlier?

      -What doe we specify for the requestItem? The unique ID of the permission or application?

thanks!
Fred

Parents Reply Children
  • Suggested Answer

    IG Rest calls to remove permission.

    Used a POST with the URL containing the below

    {{authURL}}
    /api/data/users/search?sortBy=displayName&sortOrder=DESC&indexFrom=0&size=100&showCt=true&listAttr=displayName&listAttr=userId&qMatch=ANY&q=cn=LX1411,ou=CPO,o=CTT

    This worked great to grab the user based on their UserDN value for the given environment.



    Here is an example to request permissions on an account:

    {{authURL}}/api/request/users/{{userID}}/perms?getParams=true

    with body containing:
    {
    "requestItem": "true",

    }


    Here is an example of how to request the removal of a permission on an account using /api/request/request

    {
        "requestSource""REQUEST",
        "requester""6fd75ecd493b4f1b87b2f09a0447f3cc",
        "reason""Disconnected App Removal on Account Dissablement",
        "requestItems": [
            {
                "requestItem""a3e2f34c-a62f-3e6c-bd8b-b8c481cb7272",
                "reason""Disconnected App Removal on Account Dissablement",
                "type""PERMISSION",
                "recipient""7ac6682a7bd543ee8e2fe75fb6b6b11f",
                "removal"true,
                "requestType""REMOVE_PERMISSION_ASSIGNMENT"
            }
        ]
    }

     

    Reference <url>/apidoc against the ig server for docmuentation

    Swagger looks to be 1.2 and doesn't import into Postman with 3.7.0 version