Remove Users from a Group (v1)

Removes users from a group listed in an ANSI or UTF-8 encoded CSV file from a group maintained in Access Control. You can use the Upload REST API to upload the file to the environment. The file format is as follows:

User Login
jdoe
john.doe@example.com

Note:

A user is removed from a group only if both of these conditions are met:

User logins included in the file exist in the identity domain that services the environment
The user is assigned to a pre-defined role in the identity domain

This API can be run only by a service administrator in the identity domain from which users are to be removed.

The presence of status -1 in the response indicates that the removal of users is in progress. Use the job status URI to determine whether the removal of users is complete. Any non-zero status except -1 indicates failure of removing users. With this API, you can see which records failed and the reason why they failed in addition to how many records passed and failed.

This API is version v1.

Required Roles

Service Administrator or Access Control – Manage

REST Resource

PUT /interop/rest/security/<api_version>/groups

Note:

Before using the REST resources, you must understand how to access the REST resources and other important concepts. See Implementation Best Practices for Cloud EPM REST APIs. Using this REST API requires prerequisites. See Prerequisites.

Table 12-32 Tasks for Remove Users from Group

Task	Request	REST Resource
Remove users from group	PUT	`/interop/rest/security/<api_version>/groups`
Remove users from group status	GET	`/interop/rest/security/<api_version>/jobs/<jobId>`

Request

Supported Media Types: application/x-www-form-urlencoded

The following table summarizes the request parameters.

Table 12-33 Parameters

Name	Description	Type	Required	Default
`api_version`	Specific API version	Path	Yes	None
`jobtype`	The string should have the value `REMOVE_USERS_FROM_GROUP`. This value denotes that the users are being removed from the group.	Form	Yes	None
`filename`	The name of the uploaded ANSI or UTF-8 encoded CSV file containing information on the users to be removed, for example, `removeUsersFromGroup.csv`. The file must have been uploaded already using the Upload REST API.	Form	Yes	None
`groupname`	The name of group from which the users must be removed. This group must be a pre-existing group.	Form	Yes	None

Response

Supported Media Types: application/json

Table 12-34 Parameters

Name	Description
`details`	In the case of errors, details are published with the error string
`status`	See Migration Status Codes
`links`	Detailed information about the link
`href`	Links to API call or status API
`action`	The HTTP call type
`rel`	Possible values: `self` or `Job Status`. If the value is set to `Job Status`, you can use the href to get the status
`data`	Parameters as key value pairs passed in the request
`items`	Details about the resource
`links`	Details of the first URL to be requested to get the job details; rel is "Job Details"

Examples of Response Body

The following examples show the contents of the response body in JSON format:

Example 1: Job is in Progress

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/groups",
      "data": {
        "jobType": "REST_REMOVE_USERS_FROM_GROUP",
        "filename": "<filename>"
        "groupName": "<groupName>"
      },
      "action": "PUT"
    },
    {
      "rel": "Job Status",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobID>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": null,
  "status": -1,
  "items": null
}

Example 2: Job Completes with Errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobId>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Failed to remove users. Input file <filename> is not found. Specify a valid file name.",
  "status": 1,
  "items": null
}

Example 3: Job Completes without Errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobId>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Processed - 3, Succeeded - 2, Failed - 1.",
  "status": 0,
  "items": [
    {
         "UserName":"<USERNAME>","Error_Details": "User <USERNAME> is not found. Verify that the user exists."
    }
  ]
 }

Java Sample Code

Prerequisites: json.jar

Common Functions: See CSS Common Helper Functions for Java

public void removeUsersFromGroup(String roleName) {
        try {
                        String url = this.serverUrl + "/interop/rest/security/" + apiVersion + "/groups";
                        Map<String, String> reqHeaders = new HashMap<String, String>();
                        reqHeaders.put("Authorization", "Basic " + DatatypeConverter
                                                        .printBase64Binary((this.userName + ":" + this.password).getBytes(Charset.defaultCharset())));

                        Map<String, String> reqParams = new HashMap<String, String>();
                        reqParams.put("filename",fileName);
                        reqParams.put("jobtype","REMOVE_USERS_FROM_GROUP);
                        reqParams.put("groupname","groupName);


                        Map<String, String> restResult = CSSRESTHelper.callRestApi(new HashMap(), url, reqHeaders, reqParams,
                                                       "PUT");
                        String jobStatus = CSSRESTHelper.getCSSRESTJobCompletionStatus(restResult);
                        System.out.println(jobStatus);
        } catch (Exception e) {
                        e.printStackTrace();
        }
}

Shell Script Sample Code

Prerequisites: jq (http://stedolan.github.io/jq/download/linux64/jq)

Common Functions: See CSS Common Helper Functions for cURL.

funcRemoveUsersFromGroup() {
        url="$SERVER_URL/interop/rest/security/$API_VERSION/groups"
        params="filename=$1&jobtype=REMOVE_USERS_FROM_GROUP&groupname=$2"
        header="Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
        cssRESTAPI="RemoveUsersFromGroup"
        statusMessage=$(funcCSSRESTHelper "PUT" "$url" "$header" "$USERNAME" "$PASSWORD" "$params" "$cssRESTAPI")
        echo $statusMessage
}

Groovy Sample Code

Common Functions: See CSS Common Helper Functions for Groovy

def removeUsersFromGroup(fileName, groupName) {

	String scenario = "Removing users in " + fileName + " from group " + groupName;
	String params = "jobtype=REMOVE_USERS_FROM_GROUP&filename="+ fileName +"&groupname="+ groupName;
	def url = null;
	def response = null;
	try {
		url = new URL(serverUrl + "/interop/rest/security/" + apiVersion + "/groups");
	} catch (MalformedURLException e) {
		println "Please enter a valid URL"
		System.exit(0);
	}
	response = executeRequest(url, "PUT", params, "application/x-www-form-urlencoded");
	if (response != null) {
		getJobStatus(getUrlFromResponse(scenario, response, "Job Status"), "GET");
	}
}

Common Functions

Sample cURL Command Basic Auth

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=REMOVE_USERS_FROM_GROUP&filename=removeUsersFromGroup.csv&groupname=GroupA' 'https://<BASE-URL>/interop/rest/security/v1/groups'

Sample cURL Command OAuth 2.0

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=REMOVE_USERS_FROM_GROUP&filename=removeUsersFromGroup.csv&groupname=GroupA' 'https://<BASE-URL>/interop/rest/security/v1/groups'