Remove Users from a Group

Removes users from a group listed in an ANSI or UTF-8 encoded CSV file from a group maintained in Access Control. You can use the Upload REST API to upload the file to the environment. The file format is as follows:

User Login
jdoe
john.doe@example.com

Note: You cannot remove your own account from a group. A user is removed from a group only if both of these conditions are met:

  • User logins included in the file exist in the identity domain that services the environment
  • The user is assigned to a pre-defined role in the identity domain

This API can be run only by a service administrator in the identity domain from which users are to be removed. The CSV file should not include the account of the user who executes this command. The API is asynchronous and returns the Job ID.

The presence of status -1 in the response indicates that the removal of users is in progress. Use the job status URI to determine whether the removal of users is complete. Any non-zero status except -1 indicates failure of removing users.

This API is version v1.

Before using the REST resources, you must understand how to access the REST resources and other important concepts. See About the REST APIs. Using these REST APIs requires prerequisites. See Prerequisites.

Table 8-17 Tasks for Remove Users from Group

Task Request REST Resource
Remove users from group PUT /interop/rest/security/<api_version>/groups
Remove users from group status GET /interop/rest/security/<api_version>/jobs/<jobId>

REST Resource

PUT /interop/rest/security/<api_version>/groups

Supported Media Types: application/json

Parameters:

The following table summarizes the request parameters.

Table 8-18 Parameters

Name Description Type Required Default
api_version Specific API version Path Yes None
jobtype The string should have the value REMOVE_USERS_FROM_GROUP. This value denotes that the users are being removed from the group.      
filename

The name of the uploaded ANSI or UTF-8 encoded CSV file containing information on the users to be removed, for example, removeUsersFromGroup.csv.

The file must have been uploaded already using the Upload REST API. The CSV file should not include the account of the user who executes this command.

Form Yes None
groupname The name of group from which the users must be removed. This group must be a pre-existing group.      

Response

Supported Media Types: application/json

Parameters:

Table 8-19 Parameters

Name Description
details In the case of errors, details are published with the error string
status See Migration Status Codes
links Detailed information about the link
href Links to API call or status API
action The HTTP call type
rel Possible values: self or Job Status. If the value is set to Job Status, you can use the href to get the status of the recreate service
data Parameters as key value pairs passed in the request
items Details about the resource
links Details of the first URL to be requested to get the job details; rel is "Job Details"

Example of Response Body in JSON format

Example 1: Response when the job is in progress

{
  "links": [
    {
      "rel": "self",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/<api_version>/groups",
      "data": {
        "jobType": "REST_REMOVE_USERS_FROM_GROUP",
        "filename": "<filename>"
        "groupName": "<groupName>"
      },
      "action": "PUT"
    },
    {
      "rel": "Job Status",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/<api_version>/jobs/<jobID>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": null,
  "status": -1,
  "items": null
}

Example 2: Response when the job completes with errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>..oraclecloud.com/interop/rest/security/<api_version>/jobs/<jobId>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Failed to remove users. File <filename> is not found. Please provide a valid file name.",
  "status": 1,
  "items": null
}

Example 3: Response when the job completes with no errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>..oraclecloud.com/interop/rest/security/<api_version>/jobs/<jobId>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Processed - 3, Succeeded - 1, Failed - 2.",
  "status": 0,
  "items": null
}

Example 8-10 Java Sample Code

Prerequisites: json.jar

Common Functions: See CSS Common Helper Functions for Java

public void removeUsersFromGroup(String roleName) {
        try {
                        String url = this.serverUrl + "/interop/rest/security/" + apiVersion + "/groups";
                        Map<String, String> reqHeaders = new HashMap<String, String>();
                        reqHeaders.put("Authorization", "Basic " + DatatypeConverter
                                                        .printBase64Binary((this.userName + ":" + this.password).getBytes(Charset.defaultCharset())));

                        Map<String, String> reqParams = new HashMap<String, String>();
                        reqParams.put("filename",fileName);
                        reqParams.put("jobtype","REMOVE_USERS_FROM_GROUP);
                        reqParams.put("groupname","groupName);


                        Map<String, String> restResult = CSSRESTHelper.callRestApi(new HashMap(), url, reqHeaders, reqParams,
                                                       "PUT");
                        String jobStatus = CSSRESTHelper.getCSSRESTJobCompletionStatus(restResult);
                        System.out.println(jobStatus);
        } catch (Exception e) {
                        e.printStackTrace();
        }
}

Example 8-11 Shell Script Sample Code

Prerequisites: jq (http://stedolan.github.io/jq/download/linux64/jq)

Common Functions: See CSS Common Helper Functions for cURL.

funcRemoveUsersFromGroup() {
        url="$SERVER_URL/interop/rest/security/$API_VERSION/groups"
        params="filename=$1&jobtype=REMOVE_USERS_FROM_GROUP&groupname=$2"
        header="Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
        cssRESTAPI="RemoveUsersFromGroup"
        statusMessage=$(funcCSSRESTHelper "PUT" "$url" "$header" "$USERNAME" "$PASSWORD" "$params" "$cssRESTAPI")
        echo $statusMessage
}

Groovy Sample Code

Common Functions: See CSS Common Helper Functions for Groovy

def removeUsersFromGroup(fileName, groupName) {

	String scenario = "Removing users in " + fileName + " from group " + groupName;
	String params = "jobtype=REMOVE_USERS_FROM_GROUP&filename="+ fileName +"&groupname="+ groupName;
	def url = null;
	def response = null;
	try {
		url = new URL(serverUrl + "/interop/rest/security/" + apiVersion + "/groups");
	} catch (MalformedURLException e) {
		println "Please enter a valid URL"
		System.exit(0);
	}
	response = executeRequest(url, "PUT", params, "application/x-www-form-urlencoded");
	if (response != null) {
		getJobStatus(getUrlFromResponse(scenario, response, "Job Status"), "GET");
	}
}