Role Assignment Report for Groups (v2)

Generates a Role Assignment report of groups in the environment. The report lists the roles assigned to groups. It identifies the group’s name, description, type and assigned roles. The report can be created for a specific group or a role or a combination of groups and roles.

The report includes:

Predefined roles (such as Service Administrator)
Granular roles (such as Approvals - Assign Ownerships, Approvals - Supervise, Approvals - Administer, and Approvals - Design Process)

The API is synchronous and returns the outcome of the operation in the response. Any non-zero status indicates failure of getting Role Assignment Report for groups.

Required Roles

Service Administrator
Any predefined role and the Access Control - Manage granular role
Any predefined role and the Access Control - View granular role

REST Resource

GET /interop/rest/security/v2/report/roleassignmentreport/group?groupname=<groupname>&rolename=<rolename>

Request

Supported Media Types: application/json

The following table summarizes the request parameters.

Table 13-100 Parameters

Name Description Type Required Default

Name	Description	Type	Required	Default
`groupname`	Generates `roleassignmentreport` for the specified group only. If a group name is not specified, the report is generated for all the groups. The group name can be either EPM or IDCS group.	Query	No	All Groups
`rolename`	Generates `roleassignmentreport` for the specified role only. If a role name is not specified, the report is generated for all the roles. The Role name can be either Predefined or Granular Role (for example, Power User or Access Control - Manage).	Query	No	All Roles

groupname

Generates roleassignmentreport for the specified group only. If a group name is not specified, the report is generated for all the groups.

The group name can be either EPM or IDCS group.

Query

No

All Groups

rolename

Generates roleassignmentreport for the specified role only. If a role name is not specified, the report is generated for all the roles.

The Role name can be either Predefined or Granular Role (for example, Power User or Access Control - Manage).

Query

No

All Roles

Response

Supported Media Types: application/json

Table 13-101 Parameters

Parameters	Description
`links`	Detailed information about the link and HTTP call type
`status`	See Migration Status Codes
`error`	Detailed information about the error
`details`	Lists records matching the request

Example of Response Body

Response 1: REST API Issued without groupname or rolename Query Parameters Completes without Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group",
    "action": "GET"
  },
  "status": 0,
  "error": null,
  "details": [
    {
      "groupname": "idcsgroup",
      "description": "Sample IDCS Group",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "Service Administrator",
          "roletype": "Predefined",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Application",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Ad Hoc - Read Only User",
          "roletype": "Application",
          "grantedthroughgroup": "Analyst"
        }
      ]
    },
    {
      "groupname": "FinancialAnalyst",
      "description": "Sample EPM Group",
      "type": "EPM",
      "roles": [
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Application",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "DataIntegration-Create",
          "roletype": "Application",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "DataIntegration-Run",
          "roletype": "Application",
          "grantedthroughgroup": ""
        }
      ]
    },
    {
      "groupname": "GroupPU",
      "description": "Sample IDCS GroupPU",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "PowerUser",
          "roletype": "Predefined",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Approval-Supervise",
          "roletype": "Application",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "DataIntegration-Run",
          "roletype": "Application",
          "grantedthroughgroup": "Analyst->FinancialAnalyst"
        }
      ]
    }
  ]
}

Response 2: REST API Issued with groupname and rolename Query Parameters Completes without Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?groupname='idcsgroup'&rolename='Service Administrator'",
    "action": "GET"
  },
  "status": 0,
  "error": null,
  "details": [
    {
      "groupname": "idcsgroup",
      "description": "Sample IDCS Group",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "Service Administrator",
          "roletype": "Predefined",
          "grantedthroughgroup": ""
        }
      ]
    }
  ]
}

Response 3: REST API Issued with Only rolename Query Parameter Completes without Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?rolename='Application - Mass Allocate'",
    "action": "GET"
  },
  "status": 0,
  "error": null,
  "details": [
    {
      "groupname": "idcsgroup",
      "description": "Sample IDCS Group",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Application",
          "grantedthroughgroup": ""
        }
      ]
    },
    {
      "groupname": "FinancialAnalyst",
      "description": "Sample EPM Group",
      "type": "EPM",
      "roles": [
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Application",
          "grantedthroughgroup": ""
        }
      ]
    }
  ]
}

Response 4: REST API Issued with Only groupname Query Parameter Completes without Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?groupname='idcsgroup'",
    "action": "GET"
  },
  "status": 0,
  "error": null,
  "details": [
    {
      "groupname": "idcsgroup",
      "description": "Sample IDCS Group",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "Service Administrator",
          "roletype": "Predefined",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Application",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Ad Hoc - Read Only User",
          "roletype": "Application",
          "grantedthroughgroup": "Analyst"
        }
      ]
    }
  ]
}

Response 5: Job Completes with Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group",
    "action": "GET"
  },
  "status": 1,
  "error": {
    "errorcode": "EPMCSS-21203",
    "errormessage": "Failed to generate Role Assignment Report for Groups. Authorization failed. Please provide valid authorized user."
  },
  "details": null
}

Sample cURL Commands Basic Auth

curl -X GET -s -u '<USERNAME>:<PASSWORD>' -H 'Content-Type: application/json' 'https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group'

curl -X GET -s -u '<USERNAME>:<PASSWORD>' -H 'Content-Type: application/json' 'https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?groupname=auditingepm&rolename=Power%20User'

Sample cURL Commands OAuth 2.0

curl -X GET --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/json' 'https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group'

curl -X GET --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/json' 'https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?groupname=auditingepm&rolename=Power%20User'