UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Vice Admiral
Vice Admiral
292 views

NetIQ Identity Applicaiton Rest API to Delete permissions from NetIQ REST driver

Hello

NEtIQ IDM 4.7.3 AE

 

DELETE /assignment/permissions

Delete permissions assigned to an assignee.

https://www.netiq.com/documentation/identity-manager-developer/rest-api-documentation/idmappsdoc/#/Admin/resource_Admin_deletePermissions_DELETE

We are doing  add and delete permissions from NetIQ REST driver towards NetIQ Identity Application REST service, in our experience

1) Add permissions just works fine, both from NetIQ REST driver and from Postman.

2) Delete permissions has some strange behavior

 

from postman:

   doing HTTP method delete with the following payload:

https://XXXXX/IDMProv/rest/admin/assignment/permissions

{
"permissions": [
{
"domainType": "ROLES",
"dn": "CN=12353,CN=Level10,CN=RoleDefs,CN=RoleConfig,CN=AppConfig,CN=UA,CN=DriverSet,OU=IDM,OU=Services,O=ORG",
"permission": "nrfAccessViewRole",
"objType": "Role",
"objClass": "nrfRole"
}
],
"assignedToDN": "CN=jamesbond,OU=EU,O=ORG"
}

gives sucessfully reply, but it has no affect, permissions are still there when looking from UX within Identity Applciaiton. Even catalina.out shows delete permissions messages in logs.

2020-04-29 19:50:42,695 INFO [com.novell.idm.security.authorization.service.AuthorizationManagerService] (https-jsse-nio-8443-exec-9) [RBPM] [Delete_Authorization] Initiated by cn=bobAdmin,ou=EU,o=ORG; Auth Object ID: CN=12353,CN=Level10,CN=RoleDefs,CN=RoleConfig,CN=AppConfig,CN=UA,CN=DriverSet,OU=IDM,OU=Services,O=ORG; Message: Authorization deleted successfully

 

but doing samethign with NETIQ Rest driver comes 500 error;

with following HTML as response:

 

<p> </p>
<div style="margin-left: 3%; margin-right: 3%; width: 100%; max-width: 94%;">
<table border="0" width="100%">
<tbody>
<tr>
<td><a href="/IDMProv"><img src="/IDMProv/images/netiq.gif" alt="NetIQ Corporation." border="0" /></a></td>
<td align="right"><a href="/IDMProv">Home</a></td>
</tr>
</tbody>
</table>
<!--hr--><br /><span class="portlet-error-msg">An Error has occurred:</span>
<table id="errorMessage" border="1" width="100%" cellspacing="2" cellpadding="2">
<tbody>
<tr>
<td class="nv-fontMedium nv-color1 nv-fontBold" valign="top" width="20%">Message</td>
<td class="nv-fontSmall" width="80%">An error has occurred while processing your request. Please contact the administrator, or click the back button and try again.</td>
</tr>
</tbody>
</table>
<br /><br /><br /><br /></div>

 

 

I am already in doubt that NetIQ REST driver does not handle DELETE with Body, whereas NetiIQ Identity Application REST  API developer preferred to use DELETE for remove permissions in Identity application requiring Body 😞

 

What to do? Removing ACL directly from eDirectory is another option.

 

Regards,

Maqsood.

 

Labels (1)
Tags (1)
0 Likes
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.