Remove Users' Role Assignment (v1)

REST Resource

PUT /interop/rest/security/<api_version>/users

Table 2-21 Tasks for Unassign Users to Roles

Task	Request	REST Resource
Unassign role	PUT	`/interop/rest/security/<api_version>/users`
Unassign role status	GET	`/interop/rest/security/<api_version>/jobs/<jobid>`

Request

Supported Media Types: application/x-www-form-urlencoded

Table 2-22 Parameters

Name Description Type Required Default

jobtype UNASSIGN_ROLE Form Yes None

Name	Description	Type	Required	Default
`jobtype`	UNASSIGN_ROLE	Form	Yes	None
`filename`	The name of the ANSI or UTF-8 encoded CSV file containing the users whose role assignment is to be revoked, such as `unssignRole.csv`. The CSV file must have been uploaded already using the Upload REST API. The CSV file should not include the account of the user who executes this command. File format example: `User Login <email> <FirstName2.LastName2>`	Form	Yes	None
`rolename`	The name of a application or granular role applicable to the service. An incorrect role name will result in an error. It identifies one of the following: If you are removing users from a application role, roleName should identify a application role applicable to the service. See Understanding Application Roles in Getting Started Guide for Administrators. Acceptable values for services other than Oracle Enterprise Data Management Cloud: Service Administrator Power User User (do not use Planner, which was used in earlier versions of the service) Viewer Acceptable values for Oracle Enterprise Data Management Cloud: Service Administrator User If you are removing users from a granular role, roleName should identify a granular role listed in the assign roles tab of Access Control. Acceptable values for Planning, Financial Consolidation and Close, Sales Planning, Strategic Workforce Planning, and Tax Reporting applications: Approvals Administrator Approvals Ownership Assigner Approvals Process Desiger Approvals Supervisor Ad Hoc Grid Creator Ad Hoc User Ad Hoc Read Only User Calculation Manager Administrator Create Integration Drill Through Run Integration Mass Allocation Task List Access Manager Acceptable values for Account Reconciliation applications: Access Control - Manage Access Control - View Alert Types - Manage Announcements - Manage Audit - View Currencies - Manage Dashboards - Manage Data Integration - Administrator Data Integration - Create Data Integration - Run Data Loads - Manage Jobs - View Match Types - Manage Match Types - View Organizations - Manage Periods - Manage Periods - View Profiles - View Profiles and Reconciliations - Manage Public Filters and Views - Manage Reconciliation - Commentator Reconciliation - Preparer Reconciliation - Reviewer Reports - Manage Teams - Manage Users - Manage Acceptable values for Oracle Enterprise Data Management Cloud applications: Application Creator Auditor View Creator Acceptable values for Oracle Enterprise Profitability and Cost Management applications: Ad Hoc Grid Creator Ad Hoc Read Only User Ad Hoc User Clear POV Data Copy POV Data Create/Edit Rule Create Integration Create Model Create POV Create Profit Curve Delete Calculation History Delete Model Delete POV Delete Rule Drill Through Edit POV Status Edit Profit Curve Mass Edit of Rules Run Calculation Run Integration Run Profit Curve Run Rule Balancing Run Trace Allocation Run Validation View Calculation History View Model For a description of these roles, see Managing Role Assignments at the Application Level in Administering Access Control.	Form	Yes	None

filename

The name of the ANSI or UTF-8 encoded CSV file containing the users whose role assignment is to be revoked, such as unssignRole.csv.

The CSV file must have been uploaded already using the Upload REST API. The CSV file should not include the account of the user who executes this command.

File format example:

User Login
<email> 
<FirstName2.LastName2>

Form

Yes

None

rolename

The name of a application or granular role applicable to the service. An incorrect role name will result in an error.

It identifies one of the following:

If you are removing users from a application role, roleName should identify a application role applicable to the service. See Understanding Application Roles in Getting Started Guide for Administrators.
Acceptable values for services other than Oracle Enterprise Data Management Cloud:
- Service Administrator
- Power User
- User (do not use Planner, which was used in earlier versions of the service)
- Viewer
Acceptable values for Oracle Enterprise Data Management Cloud:
- Service Administrator
- User
If you are removing users from a granular role, roleName should identify a granular role listed in the assign roles tab of Access Control. Acceptable values for Planning, Financial Consolidation and Close, Sales Planning, Strategic Workforce Planning, and Tax Reporting applications:
- Approvals Administrator
- Approvals Ownership Assigner
- Approvals Process Desiger
- Approvals Supervisor
- Ad Hoc Grid Creator
- Ad Hoc User
- Ad Hoc Read Only User
- Calculation Manager Administrator
- Create Integration
- Drill Through
- Run Integration
- Mass Allocation
- Task List Access Manager
Acceptable values for Account Reconciliation applications:
- Access Control - Manage
- Access Control - View
- Alert Types - Manage
- Announcements - Manage
- Audit - View
- Currencies - Manage
- Dashboards - Manage
- Data Integration - Administrator
- Data Integration - Create
- Data Integration - Run
- Data Loads - Manage
- Jobs - View
- Match Types - Manage
- Match Types - View
- Organizations - Manage
- Periods - Manage
- Periods - View
- Profiles - View
- Profiles and Reconciliations - Manage
- Public Filters and Views - Manage
- Reconciliation - Commentator
- Reconciliation - Preparer
- Reconciliation - Reviewer
- Reports - Manage
- Teams - Manage
- Users - Manage
Acceptable values for Oracle Enterprise Data Management Cloud applications:
- Application Creator
- Auditor
- View Creator
Acceptable values for Oracle Enterprise Profitability and Cost Management applications:
- Ad Hoc Grid Creator
- Ad Hoc Read Only User
- Ad Hoc User
- Clear POV Data
- Copy POV Data
- Create/Edit Rule
- Create Integration
- Create Model
- Create POV
- Create Profit Curve
- Delete Calculation History
- Delete Model
- Delete POV
- Delete Rule
- Drill Through
- Edit POV Status
- Edit Profit Curve
- Mass Edit of Rules
- Run Calculation
- Run Integration
- Run Profit Curve
- Run Rule Balancing
- Run Trace Allocation
- Run Validation
- View Calculation History
- View Model

For a description of these roles, see Managing Role Assignments at the Application Level in Administering Access Control.

Form

Yes

None

Response

Supported Media Types: application/json

Table 2-23 Parameters

Name	Description
`details`	In the case of errors, details are published with the error string
`status`	See Migration Status Codes
`links`	Detailed information about the link
`href`	Links to API call or status API
`action`	The HTTP call type
`rel`	Possible values: `self` or `Job Status`. If the value is set to `Job Status`, you can use the href to get the status
`data`	Parameters as key value pairs passed in the request
`items`	Details about the resource
`links`	Details of the first URL to be requested to get the job details; rel is Job Details

Examples of Response Body

Example 1: Job is in Progress

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/users",
      "data": {
        "jobtype": "UNASSIGN_ROLE",
        "filename": "<fileName>",
        "rolename": "<roleName>"
      },
      "action": "PUT"
    },
    {
      "rel": "Job Status",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": null,
  "status": -1,
  "items": null
}

Example 2: Job Completes with Errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Failed to unassign role for users. Input file <filename> is not found. Specify a valid file name.",
  "status": 1,
  "items": null
}

Example 3: Job Completes without Errors

{
  "links": [
    {
      "rel": "self",
      "href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Processed - 3, Succeeded - 2, Failed - 1.",
  "status": 0,
  "items": [
    {
		"UserName":"<USERNAME>","Error_Details": "User <USERNAME> is not found. Verify that the user exists."
    }
  ]
}

Sample cURL Command Basic Auth Application Role

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=UNASSIGN_ROLE&filename=unassignRoleUsers.csv&rolename=Viewer' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command Basic Auth Granular Role

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=UNASSIGN_ROLE&filename=unassignRoleUsers.csv&rolename=Ad Hoc - Create' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command OAuth 2.0 Application Role

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=UNASSIGN_ROLE&filename=unassignRoleUsers.csv&rolename=Viewer' 'https://<BASE-URL>/interop/rest/security/v1/users'

Sample cURL Command OAuth 2.0 Granular Role

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/x-www-form-urlencoded' -d 'jobtype=UNASSIGN_ROLE&filename=unassignRoleUsers.csv&rolename=Ad Hoc - Create' 'https://<BASE-URL>/interop/rest/security/v1/users'