Role Assignment Report for Groups (v2)

Generates a Role Assignment report of groups in the environment. The report lists the roles assigned to groups. It identifies the group’s name, description, type and assigned roles. The report can be created for a specific group or a role or a combination of groups and roles.

The report includes:

  • Application roles (such as Service Administrator)

  • Granular roles (such as Approvals - Assign Ownerships, Approvals - Supervise, Approvals - Administer, and Approvals - Design Process)

The API is synchronous and returns the outcome of the operation in the response. Any non-zero status indicates failure of getting Role Assignment Report for groups.

Note:

When the report is generated for a single group (using the groupname query parameter), the API returns the currently available data and does not reflect the latest updates.

Required Roles

  • Service Administrator

  • Any application role and the Access Control - Manage granular role

  • Any application role and the Access Control - View granular role

REST Resource

GET /interop/rest/security/v2/report/roleassignmentreport/group?groupname=<groupname>&rolename=<rolename>

Request

Supported Media Types: application/json

The following table summarizes the request parameters.

Table 2-101 Parameters

Name Description Type Required Default
groupname

Generates roleassignmentreport for the specified group only. When the report is generated for a single group (using the groupname query parameter), the API returns the currently available data and does not reflect the latest updates. If a group name is not specified, the report is generated for all the groups.

The group name can be either EPM or IDCS groups with the updated data.

 Query No All Groups
rolename

Generates roleassignmentreport for the specified role only. If a role name is not specified, the report is generated for all the roles.

The Role name can be either Application or Granular Role (for example, Power User or Access Control - Manage).

 Query No All Roles

Response

Supported Media Types: application/json

Table 2-102 Parameters

Parameters Description
links Detailed information about the link and HTTP call type
status See Migration Status Codes
error Detailed information about the error
details Lists records matching the request

Example of Response Body

Response 1: REST API Issued without groupname or rolename Query Parameters Completes without Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group",
    "action": "GET"
  },
  "status": 0,
  "error": null,
  "details": [
    {
      "groupname": "idcsgroup",
      "description": "Sample IDCS Group",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "Service Administrator",
          "roletype": "Application",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Granular",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Ad Hoc - Read Only User",
          "roletype": "Granular",
          "grantedthroughgroup": "Analyst"
        }
      ]
    },
    {
      "groupname": "FinancialAnalyst",
      "description": "Sample EPM Group",
      "type": "EPM",
      "roles": [
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Granular",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "DataIntegration-Create",
          "roletype": "Granular",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "DataIntegration-Run",
          "roletype": "Granular",
          "grantedthroughgroup": ""
        }
      ]
    },
    {
      "groupname": "GroupPU",
      "description": "Sample IDCS GroupPU",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "PowerUser",
          "roletype": "Application",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Approval-Supervise",
          "roletype": "Granular",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "DataIntegration-Run",
          "roletype": "Granular",
          "grantedthroughgroup": "Analyst->FinancialAnalyst"
        }
      ]
    }
  ]
}

Response 2: REST API Issued with groupname and rolename Query Parameters Completes without Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?groupname='idcsgroup'&rolename='Service Administrator'",
    "action": "GET"
  },
  "status": 0,
  "error": null,
  "details": [
    {
      "groupname": "idcsgroup",
      "description": "Sample IDCS Group",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "Service Administrator",
          "roletype": "Application",
          "grantedthroughgroup": ""
        }
      ]
    }
  ]
}

Response 3: REST API Issued with Only rolename Query Parameter Completes without Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?rolename='Application - Mass Allocate'",
    "action": "GET"
  },
  "status": 0,
  "error": null,
  "details": [
    {
      "groupname": "idcsgroup",
      "description": "Sample IDCS Group",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Granular",
          "grantedthroughgroup": ""
        }
      ]
    },
    {
      "groupname": "FinancialAnalyst",
      "description": "Sample EPM Group",
      "type": "EPM",
      "roles": [
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Granular",
          "grantedthroughgroup": ""
        }
      ]
    }
  ]
}

Response 4: REST API Issued with Only groupname Query Parameter Completes without Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?groupname='idcsgroup'",
    "action": "GET"
  },
  "status": 0,
  "error": null,
  "details": [
    {
      "groupname": "idcsgroup",
      "description": "Sample IDCS Group",
      "type": "IDCS",
      "roles": [
        {
          "rolename": "Service Administrator",
          "roletype": "Application",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Application - Mass Allocate",
          "roletype": "Granular",
          "grantedthroughgroup": ""
        },
        {
          "rolename": "Ad Hoc - Read Only User",
          "roletype": "Granular",
          "grantedthroughgroup": "Analyst"
        }
      ]
    }
  ]
}

Response 5: Job Completes with Errors

{
  "links": {
    "href": "https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group",
    "action": "GET"
  },
  "status": 1,
  "error": {
    "errorcode": "EPMCSS-21203",
    "errormessage": "Failed to generate Role Assignment Report for Groups. Authorization failed. Please provide valid authorized user."
  },
  "details": null
}

Sample cURL Commands Basic Auth

curl -X GET -s -u '<USERNAME>:<PASSWORD>' -H 'Content-Type: application/json' 'https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group'
curl -X GET -s -u '<USERNAME>:<PASSWORD>' -H 'Content-Type: application/json' 'https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?groupname=auditingepm&rolename=Power%20User'

Sample cURL Commands OAuth 2.0

curl -X GET --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/json' 'https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group'
curl -X GET --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/json' 'https://<BASE-URL>/interop/rest/security/v2/report/roleassignmentreport/group?groupname=auditingepm&rolename=Power%20User'