mkrey_ctp Valued Contributor.
Valued Contributor.
191 views

Create Roles via REST API with "otherAttributes" or "otherModifiedAttributes"

Jump to solution

Hi

Question about adding additional attributes to a Role using the REST API

Requirement:
- Role Management (creation, modification, deletion, composition definition, etc) done in an external Tool
- Role Data Model in external tool defines a couple of additional attributes, eg environment, risk, classification, etc.
- Roles shall be pushed to NetIQ IDM using IDApps REST API
- Role ordering, assignment and provisioning done in IDM using standard processes

Question:
NetIQ IDApps REST API defines for the Create Role Endpoint JSON Elements like "otherAttributes" and "otherModifiedAttributes".
It looks to me that those are related to DAL entities, but I can't figure out hwo to provide those properly in the REST call.
When adding values "otherAttributes", even referencing a DAL atttribut I just get REST Interface timeouts...no error...
Creating a Role using just the basic set of attributes works just fine.

Is settings additional attributes supported via REST API using "otherAttributes" or "otherModifiedAttributes" ?
Has somebody done this before and can share some tips or examples?

Reference:
https://idm:8443/idmappsdoc/#/Catalog/resource_Catalog_createRole_POST

[....]
"otherAttributes": [
{
"key": "...",
"displayLabel": "...",
"attributeValues": [
{},
{}
],
"dataType": "...",
"isSearchable": true,
"isSortable": true,
"isRequired": true,
"isEditable": true,
"isMultivalued": true,
"isHideable": true,
"isClickable": true,
"formatType": "...",
"choiceList": [
{
"key": "...",
"value": "..."
},
{
"key": "...",
"value": "..."
}
],
"controlType": "..."
},
{
"key": "...",
"displayLabel": "...",
"attributeValues": [
{},
{}
],
"dataType": "...",
"isSearchable": true,
"isSortable": true,
"isRequired": true,
"isEditable": true,
"isMultivalued": true,
"isHideable": true,
"isClickable": true,
"formatType": "...",
"choiceList": [
{
"key": "...",
"value": "..."
},
{
"key": "...",
"value": "..."
}
],
"controlType": "..."
}
],
"otherModifiedAttributes": [
{
"name": "...",
"key": "...",
"dataType": "...",
"isMultivalued": true,
"isEditable": true,
"values": [
"...",
"..."
]
},
{
"name": "...",
"key": "...",
"dataType": "...",
"isMultivalued": true,
"isEditable": true,
"values": [
"...",
"..."
]
}
]

Thanks,
Matthias

Labels (1)
0 Likes
1 Solution

Accepted Solutions
mkrey_ctp Valued Contributor.
Valued Contributor.

Re: Create Roles via REST API with "otherAttributes" or "otherModifiedAttributes"

Jump to solution
So after adding an auxiliary class attribute to my DAL and trying to use the REST API to create a role after, the role creation is successful but 'otherAttributes' are not added. We are able to query these attributes using the API but not POST them during creation. I added the auxiliary class to the sys-nrf-role entity as well, and then tried adding the attribute just to be sure. While it is not supported during POST / creation of the role, we did find that you can modify the role immediately after using the PUT endpoint. This will see the otherAttributes and otherModifiedAttributes added, as expected. Modifying the sys-nrf-role DAL entity is not supported though. See also: https://ideas.microfocus.com/MFI/identity-manager/Idea/Detail/15292

View solution in original post

0 Likes
2 Replies
mkrey_ctp Valued Contributor.
Valued Contributor.

Re: Create Roles via REST API with "otherAttributes" or "otherModifiedAttributes&quot

Jump to solution

Just a small update...the timeouts occured due to a malformatted JSON, my bad...

So now, my request goes through, but no additional attributes are set on the role.

Playing around with the entity-defintion sys-nrf-role by adding an ObjectClass Element (acmeGroupAux) directly by modifying the XML via LDAP leads to the result that this ObjectClass is actually added when I create the Role via REST. - not supported of course....

However, an attribute (acmeGroupTitle, also added manually to sys-nrf-role) is not added via the REST Call.

Example of a successful body

{
"id": "APP_TEST_API_TEST-12",
"name": "APP_TEST_API_TEST-12",
"description": "DESCRIPTION",
"categories": [
{
"id": "ApplicationRole",
"name": "ApplicationRole"
}
],
"owners": [
{
"id": "cn=group,ou=groups,o=data",
"name": "group",
"type": "GROUP"
}
],
"level": 10,
"roleLevel": {
"name": "Permission Role",
"level": 10,
"cn": "Level10"
},
"localizedNames": [
{
"locale": "en",
"name": "APP_TEST_API_TEST-12"
}
],
"localizedDescriptions": [
{
"locale": "en",
"desc": "DESCRIPTION"
}
],
"status": 50,
"otherAttributes": [
{
"key": "acmeGroupAux",
"displayLabel": "acmeGroupAux",
"attributeValues": [
{"acmeGroupTitle" : "Some Group Title"}
],
"dataType": "String",
"isSearchable": false,
"isSortable": true,
"isRequired": false,
"isEditable": true,
"isMultivalued": false,
"isHideable": false,
"isClickable": true,
"formatType": "",
"controlType": ""
}
]
}

0 Likes
mkrey_ctp Valued Contributor.
Valued Contributor.

Re: Create Roles via REST API with "otherAttributes" or "otherModifiedAttributes"

Jump to solution
So after adding an auxiliary class attribute to my DAL and trying to use the REST API to create a role after, the role creation is successful but 'otherAttributes' are not added. We are able to query these attributes using the API but not POST them during creation. I added the auxiliary class to the sys-nrf-role entity as well, and then tried adding the attribute just to be sure. While it is not supported during POST / creation of the role, we did find that you can modify the role immediately after using the PUT endpoint. This will see the otherAttributes and otherModifiedAttributes added, as expected. Modifying the sys-nrf-role DAL entity is not supported though. See also: https://ideas.microfocus.com/MFI/identity-manager/Idea/Detail/15292

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.