Remove Users' Role Assignment (v2)

The Remover Users' Role Assignment (v2) REST API removes a pre-defined or granular role from users provided in the REST API payload. To unassign a user from a granular role, the user should exist in Oracle Fusion Cloud Enterprise Performance Management.

This topic describes the simplified v2 version of this REST API. This version contains all parameters in the payload and does not require URL encoding while calling the REST APIs. This makes the v2 API easier to use.

The API is synchronous and returns the outcome of the operation in the response. Any non-zero status indicates that removing users from roles failed. With this API, you can see which records failed and the reason why they failed, in addition to how many records passed and failed.

Required Roles

For predefined roles:

Service Administrator, or Identity Domain Administrator and any predefined role (Power User, User, or Viewer)

For granular roles:

Service Administrator or any predefined role and the Access Control - Manage granular role

REST Resource

PUT /interop/rest/security/v2/role/unassign/user

Table 13-23 Tasks for Unassign Users to Roles

Task	Request	REST Resource
Unassign role	PUT	`/interop/rest/security/v2/role/unassign/user`

Request

Supported Media Types: application/json

Table 13-24 Parameters

Name Description Type Required Default

Name	Description	Type	Required	Default
`rolename`	The name of a pre-defined or granular role applicable to the service. An incorrect role name will result in an error. It identifies one of the following: If you are removing users from a pre-defined role, roleName should identify a pre-defined role applicable to the service. See "Understanding Predefined Roles" in Getting Started Guide for Administrators. Acceptable values for services other than Oracle Fusion Cloud Enterprise Data Management: Service Administrator Power User User (do not use Planner, which was used in earlier versions of the service) Viewer Acceptable values for Cloud EDM: Service Administrator User If you are removing users from a granular role, roleName should identify a granular role listed in the Manage Granular Roles tab of Access Control. Acceptable values for FreeForm, Planning, Planning Modules, Sales Planning, Strategic Workforce Planning, Financial Consolidation and Close, and Tax Reporting applications: Approvals Administrator Approvals Ownership Assigner Approvals Supervisor Approvals Process Designer Ad Hoc Grid Creator Ad Hoc User Ad Hoc Read Only User Calculation Manager Administrator Create Integration Drill Through Run Integration Mass Allocation Task List Access Manager Acceptable values for Account Reconciliation: Access Control - Manage Access Control - View Alert Types - Manage Announcements - Manage Audit - View Currencies - Manage Dashboards - Manage Data Integration - Administrator Data Integration - Create Data Integration - Run Data Loads - Manage Jobs - View Match Types - Manage Match Types - View Organizations - Manage Periods - Manage Periods - View Profiles - View Profiles and Reconciliations - Manage Public Filters and Views - Manage Reconciliation - Commentator Reconciliation - Preparer Reconciliation - Reviewer Reports - Manage Teams - Manage Users - Manage Acceptable values for Cloud EDMapplications: Application Creator Auditor View Creator Acceptable values for Enterprise Profitability and Cost Management applications: Ad Hoc Grid Creator Ad Hoc Read Only User Ad Hoc User Clear POV Data Copy POV Data Create/Edit Rule Create Integration Create Model Create POV Create Profit Curve Delete Calculation History Delete Model Delete POV Delete Rule Drill Through Edit POV Status Edit Profit Curve Mass Edit of Rules Run Calculation Run Integration Run Profit Curve Run Rule Balancing Run Trace Allocation Run Validation View Calculation History View Model For a description of these roles, see "Managing Role Assignments at the Application Level" in Administering Access Control.	Payload	Yes	None
`users`	List of user login IDs of the users whose role assignment is to be removed.	Payload	Yes	None

rolename

The name of a pre-defined or granular role applicable to the service. An incorrect role name will result in an error.

It identifies one of the following:

If you are removing users from a pre-defined role, roleName should identify a pre-defined role applicable to the service. See "Understanding Predefined Roles" in Getting Started Guide for Administrators.
Acceptable values for services other than Oracle Fusion Cloud Enterprise Data Management:
- Service Administrator
- Power User
- User (do not use Planner, which was used in earlier versions of the service)
- Viewer
Acceptable values for Cloud EDM:
- Service Administrator
- User
If you are removing users from a granular role, roleName should identify a granular role listed in the Manage Granular Roles tab of Access Control.
Acceptable values for FreeForm, Planning, Planning Modules, Sales Planning, Strategic Workforce Planning, Financial Consolidation and Close, and Tax Reporting applications:
- Approvals Administrator
- Approvals Ownership Assigner
- Approvals Supervisor
- Approvals Process Designer
- Ad Hoc Grid Creator
- Ad Hoc User
- Ad Hoc Read Only User
- Calculation Manager Administrator
- Create Integration
- Drill Through
- Run Integration
- Mass Allocation
- Task List Access Manager
Acceptable values for Account Reconciliation:
- Access Control - Manage
- Access Control - View
- Alert Types - Manage
- Announcements - Manage
- Audit - View
- Currencies - Manage
- Dashboards - Manage
- Data Integration - Administrator
- Data Integration - Create
- Data Integration - Run
- Data Loads - Manage
- Jobs - View
- Match Types - Manage
- Match Types - View
- Organizations - Manage
- Periods - Manage
- Periods - View
- Profiles - View
- Profiles and Reconciliations - Manage
- Public Filters and Views - Manage
- Reconciliation - Commentator
- Reconciliation - Preparer
- Reconciliation - Reviewer
- Reports - Manage
- Teams - Manage
- Users - Manage
Acceptable values for Cloud EDMapplications:
- Application Creator
- Auditor
- View Creator
Acceptable values for Enterprise Profitability and Cost Management applications:
- Ad Hoc Grid Creator
- Ad Hoc Read Only User
- Ad Hoc User
- Clear POV Data
- Copy POV Data
- Create/Edit Rule
- Create Integration
- Create Model
- Create POV
- Create Profit Curve
- Delete Calculation History
- Delete Model
- Delete POV
- Delete Rule
- Drill Through
- Edit POV Status
- Edit Profit Curve
- Mass Edit of Rules
- Run Calculation
- Run Integration
- Run Profit Curve
- Run Rule Balancing
- Run Trace Allocation
- Run Validation
- View Calculation History
- View Model

For a description of these roles, see "Managing Role Assignments at the Application Level" in Administering Access Control.

Payload

Yes

None

users List of user login IDs of the users whose role assignment is to be removed. Payload Yes None

Example URL and Payload

https://<BASE-URL>/interop/rest/security/v2/role/unassign/user

{
  	"rolename": "Service Administrator",
	"users": [
		{
			"userlogin": "jdoe"
        		},
        		{
           	   "userlogin": "chris"
        		}
    	]
}

Response

Supported Media Types: application/json

Table 13-25 Parameters

Name	Description
`links`	Detailed information about the link and HTTP call type
`status`	Identifies the status of the operation 0 - Operation Success 1 - Operation Failed
`error`	Detailed information about the error
`details`	Detailed status of the operation performed. Total number of records processed, succeeded, and failed and reason for why it failed.

Examples of Response Body

Example 1: Job Completes without Errors

{
	"links": {
    		"href": "https://<BASE-URL>/interop/rest/security/v2/role/unassign/user",
    		"action": "PUT"
	},
	"status": 0,
	"error": null,
	"details": {
		"processed": 3,
		"succeeded": 3,
		"failed": 0,
		"faileditems": null
	}
}

Example 2: Job Completes with Errors

{
	"links": {
    		"href": "https://<BASE-URL>/interop/rest/security/v2/role/unassign/user",
    		"action": "PUT"
	},
	"status": 1,
	"error": {
		"errorcode": "EPMCSS-21008",
		"errormessage": "Failed to unassign role. Invalid role name <rolename>. Please provide a valid role name."
	},
	"details": null
}

Example 3: Job Completes with Partial Errors

{
	"links": {
    		"href": "https://<BASE-URL>/interop/rest/security/v2/role/unassign/user",
    		"action": "PUT"
	},
	"status": 0,
	"error": null,
	"details": {
		"processed": 5,
		"succeeded": 3,
		"failed": 2,
		"faileditems": 
		[
			{
				"userlogin": "jdoe",
				"errorcode": "EPMCSS-21010",
				"errormessage": "Failed to unassign role. User jdoe does not exist. Provide a valid userlogin."
			},
			{
				"userlogin": "chris",
				"errorcode": "EPMCSS-21010",
				"errormessage": "Failed to unassign role. User chris does not exist. Provide a valid userlogin."
			}
		]
	}
}

Sample cURL Command Basic Auth Pre-Defined Role

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H 'Content-Type: application/json' -d  '{"rolename":"Power User","users":[{"userlogin":"jdoe1"},{"userlogin":"chris1"}]}' 'https://<BASE-URL>/interop/rest/security/v2/role/unassign/user'

Sample cURL Command Basic Auth Granular Role

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H 'Content-Type: application/json' -d  '{"rolename":"Access Control - Manage","users":[{"userlogin":"jdoe1"},{"userlogin":"chris1"}]}' 'https://<BASE-URL>/interop/rest/security/v2/role/unassign/user'

Sample cURL Command OAuth 2.0 Pre-Defined Role

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/json' -d  '{"rolename":"Power User","users":[{"userlogin":"jdoe1"},{"userlogin":"chris1"}]}' 'https://<BASE-URL>/interop/rest/security/v2/role/unassign/user'

Sample cURL Command OAuth 2.0 Granular Role

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H 'Content-Type: application/json' -d  '{"rolename":"Access Control - Manage","users":[{"userlogin":"jdoe1"},{"userlogin":"chris1"}]}' 'https://<BASE-URL>/interop/rest/security/v2/role/unassign/user'