Assign Users to a Predefined Role or Granular Role (v1)

This API assigns users included in an ANSI or UTF-8 encoded CSV file to a pre-defined or granular role. Use this API to assign users (including the user who invokes this API) to a pre-defined role or to assign a user with granular roles.

To assign a user to a granular role, that user should already have a pre-defined role assigned to them.

Use double quotation marks to enclose role names that contain space characters in the CSV file. Before using this API, use the Upload REST API to upload files to the environment. The file should be deleted after the API executes.

The file format is as follows:

User Login
jane.doe@example.com
jdoe

The API is asynchronous and returns the Job ID. The presence of status -1 in the response indicates that assigning users is in progress. Use the job status URI to determine whether the assignment of roles is complete. Any non-zero status except -1 indicates failure of assigning users. With this API, you can see which records failed and the reason why they failed, in addition to how many records passed and failed.

Required Roles

For predefined roles:

Service Administrator, or Identity Domain Administrator and any predefined role (Power User, User, or Viewer)

For granular roles:

Service Administrator or any predefined role and the Access Control - Manage granular role

REST Resource

PUT /interop/rest/security/<api_version>/users

Table 13-14 Tasks for Assign Users to Roles

Task	Request	REST Resource
Assign role	PUT	`/interop/rest/security/<api_version>/users`
Assign role status	GET	`/interop/rest/security/<api_version>/jobs/<jobid>`

Request

Supported Media Types: application/x-www-form-urlencoded

Table 13-15 Parameters

Name	Description	Type	Required	Default
`api_version`	Specific API version	Path	Yes	None
`jobtype`	ASSIGN_ROLE	Form	Yes	None
`filename`	The name of the ANSI or UTF-8 encoded CSV file containing the login IDs of the users whose role assignment is to be modified, such as `assignRoles.csv`.	Form	Yes	None
`rolename`	The name of a pre-defined or granular role applicable to the service. An incorrect role name will result in an error. To assign users to a pre-defined role, roleName should identify a pre-defined role applicable to the service. For a list of pre-defined roles for each business process, see Understanding Predefined Roles in Getting Started Guide for Administrators. To assign users to a granular role, roleName should identify a granular role listed in the Assign Roles tab of Access Control. For a description of these roles, see Granular Role Assignment Overview in Administering Access Control.	Form	Yes	None

Response

Supported Media Types: application/json

Table 13-16 Parameters

Name	Description
`details`	In the case of errors, details are published with the error string
`status`	See Migration Status Codes
`links`	Detailed information about the link
`href`	Links to API call or status API
`action`	The HTTP call type
`rel`	Possible values: `self` or `Job Status`. If the value is set to `Job Status`, you can use the href to get the status
`data`	Parameters as key value pairs passed in the request
`items`	Details about the resource
`links`	Details of the first URL to be requested to get the job details; rel is "Job Details"

Examples of Response Body

Example 1: Job is in Progress

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/users",
      "data": {
        "jobType": "ASSIGN_ROLE",
        "filename": "<filename>",
        "rolename": "<rolename>"
      },
      "action": "PUT"
    },
    {
      "rel": "Job Status",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": null,
  "status": -1,
  "items": null
}

Example 2: Job Completes with Errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": " Failed to assign role for users. Input file <filename> is not found. Specify a valid file name.",
  "status": 1,
  "items": null
}

Example 3: Job Completes without Errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Processed - 3, Succeeded - 2, Failed - 1.",
  "status": 0,
  "items": [
    {
		"UserName":"<USERNAME>","Error_Details": "User <USERNAME> is not found. Verify that the user exists."
    }
  ] 
}

Sample cURL Command Basic Auth Pre-Defined Role

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=ASSIGN_ROLE&filename=assignRoleUsers.csv&rolename=Power User' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command Basic Auth Granular Role

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=ASSIGN_ROLE&filename=assignRoleUsers.csv&rolename=Access Control - Manage' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command OAuth 2.0 Pre-Defined Role

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=ASSIGN_ROLE&filename=assignRoleUsers.csv&rolename=Power User' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command OAuth 2.0 Granular Role

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=ASSIGN_ROLE&filename=assignRoleUsers.csv&rolename=Access Control - Manage' 'https://<BASE-URL>/interop/rest/security/v1/users'