Remove Users' Role Assignment (v1)
Removes one role currently assigned to the users (including the user who invokes this API) whose login IDs are included in the ANSI or UTF-8 encoded CSV file that is used with this command. Before running this API, upload the file to the environment using the Upload REST API. The file should be deleted after the API executes. With this API, you can see which records failed and the reason why they failed in addition to how many records passed and failed.
Use double quotation marks to enclose role names that contain the space character.
The API is asynchronous and returns the Job ID. The presence of status -1 in the response indicates that the removal of role assignments is in progress. Use the job status URI to determine whether unassigning roles is complete. Any non-zero status except -1 indicates failure of unassigning roles.
This API is version v1.
Required Roles
For predefined roles:
Classic environments: Identity Domain Administrator and any predefined role (Service Administrator, Power User, User, or Viewer)
OCI environments: Service Administrator, or Identity Domain Administrator and any predefined role (Power User, User, or Viewer)
For application roles:
Service Administrator or Access Control – Manage
REST Resource
PUT /interop/rest/security/<api_version>/users
Note:
Before using the REST resources, you must understand how to access the REST resources and other important concepts. See Implementation Best Practices for EPM Cloud REST APIs. Using this REST API requires prerequisites. See Prerequisites.
Table 12-20 Tasks for Unassign Users to Roles
Task | Request | REST Resource |
---|---|---|
Unassign role | PUT | /interop/rest/security/<api_version>/users |
Unassign role status | GET | /interop/rest/security/<api_version>/jobs/<jobid> |
Request
Supported Media Types: application/x-www-form-urlencoded
The following table summarizes the PUT request parameters.
Table 12-21 Parameters
Name | Description | Type | Required | Default |
---|---|---|---|---|
api_version |
Specific API version | Path | Yes | None |
jobtype |
UNASSIGN_ROLE | Form | Yes | None |
filename |
The name of the ANSI or UTF-8 encoded CSV file containing the users whose role assignment is to be revoked, such as The CSV file must have been uploaded already using the Upload REST API. The CSV file should not include the account of the user who executes this command. File format example:
|
Form | Yes | None |
rolename |
The name of a pre-defined or application role applicable to the service. An incorrect role name will result in an error. It identifies one of the following:
For a description of these roles, see Managing Role Assignments at the Application Level in Administering Access Control for Oracle Enterprise Performance Management Cloud. |
Form | Yes | None |
Response
Supported Media Types: application/json
Table 12-22 Parameters
Name | Description |
---|---|
details |
In the case of errors, details are published with the error string |
status |
See Migration Status Codes |
links |
Detailed information about the link |
href |
Links to API call or status API |
action |
The HTTP call type |
rel |
Possible values: self or Job Status . If the value is set to Job Status , you can use the href to get the status
|
data |
Parameters as key value pairs passed in the request |
items |
Details about the resource |
links |
Details of the first URL to be requested to get the job details; rel is Job Details |
Examples of Response Body
The following examples show the contents of the response body in JSON format:
Example 1: Job is in Progress
{
"links": [
{
"rel": "self",
"href": "https://<BASE-URL>/interop/rest/security/<api_version>/users",
"data": {
"jobtype": "UNASSIGN_ROLE",
"filename": "<fileName>",
"rolename": "<roleName>"
},
"action": "PUT"
},
{
"rel": "Job Status",
"href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
"data": null,
"action": "GET"
}
],
"details": null,
"status": -1,
"items": null
}
Example 2: Job Completes with Errors
{
"links": [
{
"rel": "self",
"href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
"data": null,
"action": "GET"
}
],
"details": "Failed to unassign role for users. Input file <filename> is not found. Specify a valid file name.",
"status": 1,
"items": null
}
Example 3: Job Completes without Errors
{
"links": [
{
"rel": "self",
"href": "https://<BASE-URL>/interop/rest/security/<api_version>/jobs/<jobid>",
"data": null,
"action": "GET"
}
],
"details": "Processed - 3, Succeeded - 2, Failed - 1.",
"status": 0,
"items": [
{
"UserName":"<USERNAME>","Error_Details": "User <USERNAME> is not found. Verify that the user exists."
}
]
}
Java Sample Code
Prerequisites: json.jar
Common Functions: See CSS Common Helper Functions for Java
public void unassignRole(String fileName, String roleName) {
try {
String url = this.serverUrl + "/interop/rest/security/" + apiVersion + "/users";
Map<String, String> reqHeaders = new HashMap<String, String>();
reqHeaders.put("Authorization", "Basic " + DatatypeConverter
.printBase64Binary((this.userName + ":" + this.password).getBytes(Charset.defaultCharset())));
Map<String, String> reqParams = new HashMap<String, String>();
reqParams.put("filename", fileName);
reqParams.put("jobtype", "UNASSIGN_ROLE");
reqParams.put("rolename", roleName);
Map<String, String> restResult = CSSRESTHelper.callRestApi(new HashMap(), url, reqHeaders, reqParams,
"PUT");
String jobStatus = CSSRESTHelper.getCSSRESTJobCompletionStatus(restResult, reqHeaders);
System.out.println(jobStatus);
} catch (Exception e) {
e.printStackTrace();
}
}
Shell Script Sample Code
Prerequisites: jq (http://stedolan.github.io/jq/download/linux64/jq)
Common Functions: See CSS Common Helper Functions for cURL.
funcUnassignRole() {
url="$SERVER_URL/interop/rest/security/$API_VERSION/users"
params="filename=$1&jobtype=UNASSIGN_ROLE&rolename=$2"
header="Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
cssRESTAPI="UnassignRole"
statusMessage=$(funcCSSRESTHelper "PUT" "$url" "$header" "$USERNAME" "$PASSWORD" "$params" "$cssRESTAPI")
echo $statusMessage
}
Groovy Sample Code
Common Functions: See CSS Common Helper Functions for Groovy.
def unassignUsersRoles(fileName, roleName) {
String scenario = "Un-assigning users in " + fileName + " with role " + roleName;
String params = "jobtype=UNASSIGN_ROLE&filename="+ fileName +"&rolename="+ roleName;
def url = null;
def response = null;
try {
url = new URL(serverUrl + "/interop/rest/security/" + apiVersion + "/users");
} catch (MalformedURLException e) {
println "Please enter a valid URL"
System.exit(0);
}
response = executeRequest(url, "PUT", params, "application/x-www-form-urlencoded");
if (response != null) {
getJobStatus(getUrlFromResponse(scenario, response, "Job Status"), "GET");
}
}
Sample cURL Command Basic Auth
curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H'Content-Type: application/x-www-form-urlencoded' -d
' jobtype=UNASSIGN_ROLE&filename=<CSV-FILE-NAME>&rolename=<ROLENAME>' 'https://<BASE-URL>/interop/rest/security/v1/users'
Sample cURL Command OAuth 2.0
curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/x-www-form-urlencoded' -d
'jobtype=UNASSIGN_ROLE&filename=<CSV-FILE-NAME>&rolename=<ROLENAME>' 'https://<BASE-URL>/interop/rest/security/v1/users'