This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
dtesenair
Commander
Commander
‎2020-04-22 21:35
522 views

Revoke a role via the REST API interface (IDM 4.7.3)

Jump to solution

I have written a simple app that allows me ADD an IDM role to a user using the IDM4.7.3 REST API.  However, I can not find any method/endpoint in the documentation that allows me to REVOKE a user role.  There is an endpoint that revokes a resource but not a role.  I have even checked the 4.8 API documentation and there is no role revoke endpoint there, either.  Am I missing something?  Or is this a glaring omission from the REST API's capabilities?

 

Labels (1)
Labels
0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
klasen
Micro Focus Expert
Micro Focus Expert
‎2020-04-27 11:11

Jump to solution

Hi,

that endpoint is documented here:

https://www.netiq.com/documentation/identity-manager-developer/rest-api-documentation/idmappsdoc/#/Access/resource_Access_removeUserPermissionAssignmentsFromAssignees_DELETE

A sample payload:

{
    "reason": "revoke REST test",
    "assignments": [
        {
            "id": "cn=testöäüß,cn=level30,cn=roledefs,cn=roleconfig,cn=appconfig,cn=user application driver,cn=driverset1,o=system",
            "entityType": "role",
            "assignmentToList": [
                {
                    "assignedToDn": "cn=1234567,ou=users,ou=data",
                    "subtype": "user"
                }
            ]
        }
    ]
}

 

--
Norbert

View solution in original post

Reply
Report Inappropriate Content
2 Replies
al_b
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2020-04-24 17:41

Jump to solution

You right,
The documentation mentioned about REVOKE only for resources
/resources/resource/assignments/revoke
API Objective: Revoke resource to users.

but at the same time, I can see <revokeRequestDef> and <revokeRequired> in RoleNode section. You can try it
<json_RoleNode>
<id>...</id>
<name>...</name>
<description>...</description>
<categories>
<id>...</id>
<name>...</name>
</categories>
<categories>
<id>...</id>
<name>...</name>
</categories>
<owners>
<id>...</id>
<name>...</name>
<type>...</type>
</owners>
<owners>
<id>...</id>
<name>...</name>
<type>...</type>
</owners>
<approvalRequestDef>...</approvalRequestDef>
<approvalRequestDefName>...</approvalRequestDefName>
<revokeRequestDef>...</revokeRequestDef>

...

<revokeRequired>true</revokeRequired> 

Reply
Report Inappropriate Content
klasen
Micro Focus Expert
Micro Focus Expert
‎2020-04-27 11:11

Jump to solution

Hi,

that endpoint is documented here:

https://www.netiq.com/documentation/identity-manager-developer/rest-api-documentation/idmappsdoc/#/Access/resource_Access_removeUserPermissionAssignmentsFromAssignees_DELETE

A sample payload:

{
    "reason": "revoke REST test",
    "assignments": [
        {
            "id": "cn=testöäüß,cn=level30,cn=roledefs,cn=roleconfig,cn=appconfig,cn=user application driver,cn=driverset1,o=system",
            "entityType": "role",
            "assignmentToList": [
                {
                    "assignedToDn": "cn=1234567,ou=users,ou=data",
                    "subtype": "user"
                }
            ]
        }
    ]
}

 

--
Norbert

View solution in original post

Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.