This chapter contains the following sections:
This chapter describes the web services that are used to get roles and policies information from Oracle Identity Analytics.
Each web service has two parts: the request parameters and the response. Request parameters such as businessUnitName
and roleId
are used to request a role by business unit name or role name, and the policyId
request parameter is used to request a policy by policy ID. The typical responses received are the RoleVO
and AccessPolicyVO
objects. The Role Value Object provides the resultant role object on the request criteria of roleId
.
Note - The Role Management Service has been deprecated and is superseded by the Role Service. Implementations using methods from the Role Management Service, however, can continue to use the older methods.
WSDL stands for Web Services Description Language. It is an XML format that describes web services as a set of endpoints operating on messages, and that contains information on how to access them. It specifies the location of each service and the operations (or methods) the service exposes.
Use the following to access the Role Service WSDL through a browser:
http://
server-name:
port-number/rbacx/ws/roleService?wsdl
where server-name is the IP address or alias of the server on which Oracle Identity Analytics is running, and port-number is the port number of the application server that is listening to Oracle Identity Analytics calls.
Example:
http://localhost:8081/rbacx/ws/roleService?wsdl
In the previous example, localhost
is the server name, and 8081
is the port number of the application server.
This section describes the web services used to get information from Oracle Identity Analytics regarding roles and policies.
This web service provides the capability to search for roles in a particular business unit. The request parameters are the business unit name (businessUnitName
), traverse
, and stopWhenFound
, and the response is a RoleVO[]
array associated with the business unit.
public RoleVO[] findRolesInBusinessUnit(String businessUnitName, boolean traverse, boolean stopWhenFound) throws RbacxServiceException
Name | Data Type | Description |
---|---|---|
businessUnitName |
String |
The name of the business unit to be queried for roles. |
traverse |
Boolean |
If true , traverse the business unit tree to find roles. |
stopWhenFound |
Boolean |
If true , stop traversing the business unit tree as soon as roles are found. If false , continue traversing the entire tree. |
Data Type | Description |
---|---|
RoleVO[] |
An array of RoleVO objects containing role information is returned from the requested business unit. An empty array is returned if no roles are found. |
This web service searches for all users who have access to a particular role. The request parameter is the String roleName
, and the response is a UserVO[]
array that contains all users with the role specified.
public UserVO[] findUsersInRole(String roleName) throws RbacxServiceException
Name | Data Type | Description |
---|---|---|
roleName |
String |
The name of the role to be queried for users. |
Data Type | Description |
---|---|
UserVO[] |
An array of UserVO containing user information. An empty array is returned if no users are found. |
This web service assigns a role to a user. The request parameters are roleName
, username
, startDateVO
, and endDateVO
, and a Boolean flag is returned to indicate the result of the assignment. Include the updateConnectedSystems
parameter to control if the user assignment should be propagated to any connected systems. If the updateConnectedSystems
parameter is not included, the user assignment is always propagated to connected systems.
public boolean
assignUserToRole(String roleName, String userName, DateVO startDateVO, DateVO endDateVO) throws RbacxServiceException
public boolean
assignUserToRole(String roleName, String userName, DateVO startDateVO, DateVO endDateVO, boolean updateConnectedSystems) throws RbacxServiceException
Name | Data Type | Description |
---|---|---|
roleName |
String |
The name of the role that is being assigned. |
username |
String |
The name of the user to whom the role needs to be assigned. |
startDateVO |
DateVO |
The date that the role association should start. |
endDateVO |
DateVO |
The date that the role association should end. |
updateConnectedSystems |
Boolean |
Set to true if assignment is to be propagated to connected systems; false otherwise. |
Data Type | Description |
---|---|
Boolean |
True if the role is successfully assigned to the user; false otherwise. |
This web service removes a user from a role. The request parameters are roleName and username, and a Boolean flag is returned to indicate the result of the removal. Include the updateConnectedSystems parameter to control if the removal should be propagated to any connected systems. If the updateConnectedSystems parameter is not included, the user removal is always propagated to connected systems.
public boolean
removeUserFromRole(String roleName, String userName) throws RbacxServiceException
public boolean
removeUserFromRole(String roleName, String userName, boolean updateConnectedSystems) throws RbacxServiceException
Name | Data Type | Description |
---|---|---|
roleName |
String |
The name of the role that needs to be removed from the user. |
username |
String |
The name of the user from whom the role should be removed. |
updateConnectedSystems |
Boolean |
Set to true if the removal should be propagated to connected systems; false otherwise. |
Data Type | Description |
---|---|
Boolean |
True if the user is successfully removed from the role; false otherwise. |
This web service previews the results of a rule-based role assignment. The request parameters are userVO[]
and modifiedAccounts
, and the response is RoleVO[]
.
public RoleVO[] userRoleAssignmentPreview
(UserVO user, AccountVO[] modifiedAccounts) throws RbacxServiceException
Name | Data Type | Description |
---|---|---|
user |
UserVO |
An UserVO for whom the role assignment needs to be previewed. |
modifiedAccounts |
AccountVO[] |
An array of AccountVO that is allocated to the user. |
Data Type | Description |
---|---|
RoleVO[] |
An array of RoleVO containing role value objects is returned from the requested list of users. An empty array is returned if no roles are found. |
This web service returns an array of role value objects that match the specified array of role name strings.
Name | Data Type | Description |
---|---|---|
roleNames |
String[] |
The array of role names to retrieve. |
This web service updates a role using the specified Role Value Object (RoleVO
). The RoleVO
must have its role ID set to a valid role ID. If the RoleVO instance contains null values specified for any of its fields, those fields will be ignored and the current role's values will be retained. The specified flag autoApprove
can be used to automatically approve the role update. Note that new owners must exist as Global Users or the update will fail.
Name | Data Type | Description |
---|---|---|
role |
RoleVO |
The Role Value Object instance representing the role to be updated. |
autoApprove |
Boolean |
Set to true if the role update should be automatically approved. |