Remove Users' Role Assignment (v1)

Removes one role currently assigned to the users (including the user who invokes this API) whose login IDs are included in the ANSI or UTF-8 encoded CSV file that is used with this command. Before running this API, upload the file to the environment using the Upload REST API. The file should be deleted after the API executes. With this API, you can see which records failed and the reason why they failed in addition to how many records passed and failed.

Use double quotation marks to enclose role names that contain the space character.

The API is asynchronous and returns the Job ID. The presence of status -1 in the response indicates that the removal of role assignments is in progress. Use the job status URI to determine whether unassigning roles is complete. Any non-zero status except -1 indicates failure of unassigning roles.

Required Roles

For predefined roles:

Service Administrator, or Identity Domain Administrator and any predefined role (Power User, User, or Viewer)

For granular roles:

Service Administrator or any predefined role and the Access Control - Manage granular role

REST Resource

PUT /interop/rest/security/<api_version>/users

Table 13-20 Tasks for Unassign Users to Roles

Task Request REST Resource
Unassign role PUT /interop/rest/security/<api_version>/users
Unassign role status GET /interop/rest/security/<api_version>/jobs/<jobid>

Request

Supported Media Types: application/x-www-form-urlencoded

Table 13-21 Parameters

Name Description Type Required Default
jobtype UNASSIGN_ROLE Form Yes None
filename

The name of the ANSI or UTF-8 encoded CSV file containing the users whose role assignment is to be revoked, such as unssignRole.csv.

The CSV file must have been uploaded already using the Upload REST API. The CSV file should not include the account of the user who executes this command.

File format example: 

User Login
<email> 
<FirstName2.LastName2>
Form Yes None
rolename

The name of a pre-defined or granular role applicable to the service. An incorrect role name will result in an error.

It identifies one of the following:
  • If you are removing users from a pre-defined role, roleName should identify a pre-defined role applicable to the service. See Understanding Predefined Roles in Getting Started Guide for Administrators.
  • Acceptable values for services other than Oracle Enterprise Data Management Cloud:
    • Service Administrator
    • Power User
    • User (do not use Planner, which was used in earlier versions of the service)
    • Viewer
  • Acceptable values for Oracle Enterprise Data Management Cloud:
    • Service Administrator
    • User
  • If you are removing users from a granular role, roleName should identify a granular role listed in the assign roles tab of Access Control. Acceptable values for Planning, Financial Consolidation and Close, Sales Planning, Strategic Workforce Planning, and Tax Reporting applications:
    • Approvals Administrator
    • Approvals Ownership Assigner
    • Approvals Process Desiger
    • Approvals Supervisor
    • Ad Hoc Grid Creator
    • Ad Hoc User
    • Ad Hoc Read Only User
    • Calculation Manager Administrator
    • Create Integration
    • Drill Through
    • Run Integration
    • Mass Allocation
    • Task List Access Manager
  • Acceptable values for Account Reconciliation applications:
    • Access Control - Manage
    • Access Control - View
    • Alert Types - Manage
    • Announcements - Manage
    • Audit - View
    • Currencies - Manage
    • Dashboards - Manage
    • Data Integration - Administrator
    • Data Integration - Create
    • Data Integration - Run
    • Data Loads - Manage
    • Jobs - View
    • Match Types - Manage
    • Match Types - View
    • Organizations - Manage
    • Periods - Manage
    • Periods - View
    • Profiles - View
    • Profiles and Reconciliations - Manage
    • Public Filters and Views - Manage
    • Reconciliation - Commentator
    • Reconciliation - Preparer
    • Reconciliation - Reviewer
    • Reports - Manage
    • Teams - Manage
    • Users - Manage
  • Acceptable values for Oracle Enterprise Data Management Cloud applications:
    • Application Creator
    • Auditor
    • View Creator
  • Acceptable values for Oracle Enterprise Profitability and Cost Management applications:
    • Ad Hoc Grid Creator
    • Ad Hoc Read Only User
    • Ad Hoc User
    • Clear POV Data
    • Copy POV Data
    • Create/Edit Rule
    • Create Integration
    • Create Model
    • Create POV
    • Create Profit Curve
    • Delete Calculation History
    • Delete Model
    • Delete POV
    • Delete Rule
    • Drill Through
    • Edit POV Status
    • Edit Profit Curve
    • Mass Edit of Rules
    • Run Calculation
    • Run Integration
    • Run Profit Curve
    • Run Rule Balancing
    • Run Trace Allocation
    • Run Validation
    • View Calculation History
    • View Model

For a description of these roles, see Managing Role Assignments at the Application Level in Administering Access Control.

Form Yes None

Response

Supported Media Types: application/json

Table 13-22 Parameters

Name Description
details In the case of errors, details are published with the error string
status See Migration Status Codes
links Detailed information about the link
href Links to API call or status API
action The HTTP call type
rel Possible values: self or Job Status. If the value is set to Job Status, you can use the href to get the status
data Parameters as key value pairs passed in the request
items Details about the resource
links Details of the first URL to be requested to get the job details; rel is Job Details

Examples of Response Body

Example 1: Job is in Progress

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/users",
      "data": {
        "jobtype": "UNASSIGN_ROLE",
        "filename": "<fileName>",
        "rolename": "<roleName>"
      },
      "action": "PUT"
    },
    {
      "rel": "Job Status",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": null,
  "status": -1,
  "items": null
}

Example 2: Job Completes with Errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Failed to unassign role for users. Input file <filename> is not found. Specify a valid file name.",
  "status": 1,
  "items": null
}

Example 3: Job Completes without Errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Processed - 3, Succeeded - 2, Failed - 1.",
  "status": 0,
  "items": [
    {
		"UserName":"<USERNAME>","Error_Details": "User <USERNAME> is not found. Verify that the user exists."
    }
  ]
}

Sample cURL Command Basic Auth Pre-Defined Role

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=UNASSIGN_ROLE&filename=unassignRoleUsers.csv&rolename=Viewer' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command Basic Auth Granular Role

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=UNASSIGN_ROLE&filename=unassignRoleUsers.csv&rolename=Ad Hoc - Create' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command OAuth 2.0 Pre-Defined Role

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=UNASSIGN_ROLE&filename=unassignRoleUsers.csv&rolename=Viewer' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command OAuth 2.0 Granular Role

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=UNASSIGN_ROLE&filename=unassignRoleUsers.csv&rolename=Ad Hoc - Create' 'https://<BASE-URL>/interop/rest/security/v1/users'