Commander
Commander
463 views

Revoke a role via the REST API interface (IDM 4.7.3)

Jump to solution

I have written a simple app that allows me ADD an IDM role to a user using the IDM4.7.3 REST API.  However, I can not find any method/endpoint in the documentation that allows me to REVOKE a user role.  There is an endpoint that revokes a resource but not a role.  I have even checked the 4.8 API documentation and there is no role revoke endpoint there, either.  Am I missing something?  Or is this a glaring omission from the REST API's capabilities?

 

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Hi,

that endpoint is documented here:

https://www.netiq.com/documentation/identity-manager-developer/rest-api-documentation/idmappsdoc/#/Access/resource_Access_removeUserPermissionAssignmentsFromAssignees_DELETE

A sample payload:

{
    "reason": "revoke REST test",
    "assignments": [
        {
            "id": "cn=testöäüß,cn=level30,cn=roledefs,cn=roleconfig,cn=appconfig,cn=user application driver,cn=driverset1,o=system",
            "entityType": "role",
            "assignmentToList": [
                {
                    "assignedToDn": "cn=1234567,ou=users,ou=data",
                    "subtype": "user"
                }
            ]
        }
    ]
}

 

--
Norbert

View solution in original post

2 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

You right,
The documentation mentioned about REVOKE only for resources
/resources/resource/assignments/revoke
API Objective: Revoke resource to users.

but at the same time, I can see <revokeRequestDef> and <revokeRequired> in RoleNode section. You can try it
<json_RoleNode>
<id>...</id>
<name>...</name>
<description>...</description>
<categories>
<id>...</id>
<name>...</name>
</categories>
<categories>
<id>...</id>
<name>...</name>
</categories>
<owners>
<id>...</id>
<name>...</name>
<type>...</type>
</owners>
<owners>
<id>...</id>
<name>...</name>
<type>...</type>
</owners>
<approvalRequestDef>...</approvalRequestDef>
<approvalRequestDefName>...</approvalRequestDefName>
<revokeRequestDef>...</revokeRequestDef>

...

<revokeRequired>true</revokeRequired> 

Micro Focus Expert
Micro Focus Expert

Hi,

that endpoint is documented here:

https://www.netiq.com/documentation/identity-manager-developer/rest-api-documentation/idmappsdoc/#/Access/resource_Access_removeUserPermissionAssignmentsFromAssignees_DELETE

A sample payload:

{
    "reason": "revoke REST test",
    "assignments": [
        {
            "id": "cn=testöäüß,cn=level30,cn=roledefs,cn=roleconfig,cn=appconfig,cn=user application driver,cn=driverset1,o=system",
            "entityType": "role",
            "assignmentToList": [
                {
                    "assignedToDn": "cn=1234567,ou=users,ou=data",
                    "subtype": "user"
                }
            ]
        }
    ]
}

 

--
Norbert

View solution in original post

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.