1. REST API for Oracle Enterprise Performance Management Cloud
  2. Managing Users
  3. Assign Users to a Predefined Role or Application Role (v2)

Assign Users to a Predefined Role or Application Role (v2)

The Assign Users to a Predefined Role or Application Role (v2) REST API assigns a pre-defined or an application role to users provided in the REST API payload. To assign a user to an application role, that user should already have a pre-defined role assigned to them.

This topic describes the simplified v2 version of this REST API. This version contains all parameters in the payload and does not require URL encoding while calling the REST APIs. This makes the v2 API easier to use.

The API is synchronous and returns the outcome of the operation in the response. Any non-zero status indicates that assigning users to roles failed. With this API, you can see which records failed and the reason why they failed, in addition to how many records passed and failed.

This API is version v2.

Required Roles

For predefined roles:

Classic environments: Identity Domain Administrator and any predefined role (Service Administrator, Power User, User, or Viewer)

OCI environments: Service Administrator, or Identity Domain Administrator and any predefined role (Power User, User, or Viewer)

For application roles:

Service Administrator or Access Control Manager

Table 12-17 Tasks for Assign Users to Roles

Task Request REST Resource
Assign role PUT /interop/rest/security/v2/role/assign/user

REST Resource

PUT /interop/rest/security/v2/role/assign/user

Supported Media Types: application/json

Note:

Before using the REST resources, you must understand how to access the REST resources and other important concepts. See Implementation Best Practices for EPM Cloud REST APIs. Using this REST API requires prerequisites. See Prerequisites.

The following table summarizes the PUT request parameters.

Table 12-18 Parameters

Name Description Type Required Default
rolename

The name of a pre-defined or application role applicable to the service. An incorrect role name will result in an error.

It identifies one of the following:
  • If you are assigning users to a pre-defined role, roleName should identify a pre-defined role applicable to the service. See "Understanding Predefined Roles" in Getting Started with Oracle Enterprise Performance Management Cloud for Administrators.
  • Acceptable values for services other than Oracle Enterprise Data Management Cloud:
    • Service Administrator
    • Power User
    • User (do not use Planner, which was used in earlier versions of the service)
    • Viewer
  • Acceptable values for Oracle Enterprise Data Management Cloud:
    • Service Administrator
    • User
  • If you are assigning users to an application role, roleName should identify an application role listed in the tab of Access Control.

    Acceptable values for FreeForm, Planning, Planning Modules, Sales Planning, Strategic Workforce Planning, Financial Consolidation and Close, and Tax Reporting applications:

    • Approvals Administrator
    • Approvals Ownership Assigner
    • Approvals Supervisor
    • Approvals Process Designer
    • Ad Hoc Grid Creator
    • Ad Hoc User
    • Ad Hoc Read Only User
    • Calculation Manager Administrator
    • Create Integration
    • Drill Through
    • Run Integration
    • Mass Allocation
    • Task List Access Manager

    Acceptable values for Account Reconciliation:

    • Manage Alert Types
    • Manage Announcements
    • Manage Data Loads
    • Manage Organizations
    • Manage Periods
    • Manage Profiles and Reconciliations
    • Reconciliation Manage Currencies
    • Reconciliation Manage Public Filters and Lists
    • Reconciliation Manage Reports
    • Reconciliation Manage Teams
    • Reconciliation Manage Users
    • Reconciliation Commentator
    • Reconciliation Preparer
    • Reconciliation Reviewer
    • Reconciliation View Jobs
    • Reconciliation View Profiles
    • View Audit
    • View Periods
  • Acceptable values for Oracle Enterprise Data Management Cloudapplications:
    • Application Creator
    • Auditor
    • View Creator
  • Acceptable values for Enterprise Profitability and Cost Management applications:
    • Ad Hoc Grid Creator
    • Ad Hoc Read Only User
    • Ad Hoc User
    • Clear POV Data
    • Copy POV Data
    • Create/Edit Rule
    • Create Integration
    • Create Model
    • Create POV
    • Create Profit Curve
    • Delete Calculation History
    • Delete Model
    • Delete POV
    • Delete Rule
    • Drill Through
    • Edit POV Status
    • Edit Profit Curve
    • Mass Edit of Rules
    • Run Calculation
    • Run Integration
    • Run Profit Curve
    • Run Rule Balancing
    • Run Trace Allocation
    • Run Validation
    • View Calculation History
    • View Model

For a description of these roles, see "Managing Role Assignments at the Application Level" in Administering Access Control for Oracle Enterprise Performance Management Cloud .

Payload Yes None
users List of user login IDs of the users whose role assignment is to be modified. Payload Yes None

Example URL and Payload

https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/v2/role/assign/user
{
  	"rolename": "Service Administrator",
	"users": [
		{
			"userlogin": "jdoe"
        		},
        		{
      "userlogin": "chris"
        		}
    	]
}

Response

Supported Media Types: application/json

Table 12-19 Parameters

Name Description
links Detailed information about the link and HTTP call type
status

Identifies the status of the operation

  • 0: Operation Success

  • 1: Operation Failed
error Detailed information about the error
details Detailed status of the operation performed. Total number of records processed, succeeded, and failed and reason for why it failed.

Example of Response Body

The following examples show the contents of the response body in JSON format:

Example 1: REST API Completes without Errors

{
	"links": {
    		"href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/v2/role/assign/user",
    		"action": "PUT"
	},
	"status": 0,
	"error": null,
	"details": {
		"processed": 3,
		"succeeded": 3,
		"failed": 0,
		"faileditems": null
	}
}

Example 2: REST API Completes with Errors

{
	"links": {
    		"href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/v2/role/assign/user",
    		"action": "PUT"
	},
	"status": 1,
	"error": {
		"errorcode": "EPMCSS-21000",
		"errormessage": "Failed to assign role. Invalid role name <rolename>. Please provide a valid role name."
	},
	"details": null
}

Example 3: REST API Completes with Partial Errors

{
	"links": {
    		"href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/v2/role/assign/user",
    		"action": "PUT"
	},
	"status": 0,
	"error": null,
	"details": {
		"processed": 5,
		"succeeded": 3,
		"failed": 2,
		"faileditems": 
		[
			{
				"userlogin": "jdoe",
				"errorcode": "EPMCSS-21002",
				"errormessage": "Failed to assign role. User jdoe does not exist. Provide a valid userlogin."
			},
			{
				"userlogin": "chris",
				"errorcode": "EPMCSS-21002",
				"errormessage": "Failed to assign role. User chris does not exist. Provide a valid userlogin."
			}
		]
	}
}

Sample cURL Command Basic Auth

curl -X PUT -s -u '<USERNAME>:<PASSWORD>' -H
'Content-Type: application/json' -d  '{"rolename":"<ROLENAME>","users":
[{"userlogin":"<USERLOGIN>"},{"userlogin":"<USERLOGIN>"}]}'
'https://<EPM-CLOUD-BASE-URL>/interop/rest/security/v2/role/assign/user'

Sample cURL Command OAuth 2.0

curl -X PUT --header "Authorization: Bearer <OAUTH_ACCESS_TOKEN>" -H
'Content-Type: application/json' -d  '{"rolename":"<ROLENAME>","users":
[{"userlogin":"<USERLOGIN>"},{"userlogin":"<USERLOGIN>"}]}'
'https://<EPM-CLOUD-BASE-URL>/interop/rest/security/v2/role/assign/user'