Remove Users from Application Roles or Granular Roles

Removes application roles or granular roles currently assigned to users using either a CSV file upload (v1) or request payload (v2). These APIs can remove role assignments from users, including the user executing the API.

Before running this API, upload the file to the environment using the Upload REST API

To remove a granular role assignment in v2, the user must exist in Oracle Fusion Cloud Enterprise Performance Management.

Both APIs provide details about successful and failed role removals, including failure reasons and counts of passed and failed records.

The v1 API requires an ANSI or UTF-8 encoded CSV file containing user login IDs. Role names that contain spaces must be enclosed in double quotation marks. Before running the API, the file must be uploaded to the environment using the Upload REST API, and the file should be deleted after the API executes. The v1 API is asynchronous and returns a Job ID that can be used to monitor the status of the role removal process.

The v2 API accepts all parameters directly in the request payload. This topic describes the simplified v2 version of the REST API. This version contains all parameters in the payload and does not require URL encoding while calling the REST APIs, which makes the v2 API easier to use. The v2 API is synchronous and returns the outcome of the operation directly in the response.

In v1, a response status of -1 indicates that the removal of role assignments is still in progress. Any non-zero status value indicates failure of removing users from roles.

Required Roles

For application roles:

Service Administrator, or Identity Domain Administrator and any application role (Power User, User, or Viewer)

For granular roles:

Service Administrator or any application role and the Access Control - Manage granular role