RoleManager service

Role (formerly group) API.

Manage OIM roles (formerly user groups)

Tables

  1. UGP

Java API

  1. RoleManager
  2. tcGroupOperationsIntf

Find roles

Find all roles and print all group attributes:

tcGroupOperationsIntf groupOps = oimClient.getService(tcGroupOperationsIntf.class);
tcResultSet rs = groupOps.findGroups(null);
for (int i = 0; i < rs.getRowCount(); i++) {
  rs.goToRow(i);
  System.out.println("Groups.Group Name: " + rs.getStringValue("Groups.Group Name"));
  System.out.println("Groups.Role Display Name: " + rs.getStringValue("Groups.Role Display Name"));
  System.out.println("Groups.Role Name: " + rs.getStringValue("Groups.Role Name"));
  System.out.println("Groups.Role Description: " + rs.getStringValue("Groups.Role Description"));
  System.out.println("Groups.Role Owner Key: " + rs.getStringValue("Groups.Role Owner Key"));
  System.out.println("Groups.Creation Date: " + rs.getStringValue("Groups.Creation Date"));
  System.out.println("Groups.Update Date: " + rs.getStringValue("Groups.Update Date"));
  System.out.println("Groups.Role Namespace: " + rs.getStringValue("Groups.Role Namespace"));
  System.out.println("Groups.Key: " + rs.getStringValue("Groups.Key"));
  System.out.println("Groups.LDAP GUID: " + rs.getStringValue("Groups.LDAP GUID"));
  System.out.println("Groups.Updated By: " + rs.getStringValue("Groups.Updated By"));
  System.out.println("Groups.Role Category Key: " + rs.getStringValue("Groups.Role Category Key"));
  System.out.println("Groups.System Level: " + rs.getStringValue("Groups.System Level"));
  System.out.println("Groups.E-mail: " + rs.getStringValue("Groups.E-mail"));
  System.out.println("Groups.LDAP DN: " + rs.getStringValue("Groups.LDAP DN"));
  System.out.println("MEMBERTYPE: " + rs.getStringValue("MEMBERTYPE"));
  System.out.println();
}

Find a particular role by name ("ALL USERS") and print its key:

tcGroupOperationsIntf groupOps = oimClient.getService(tcGroupOperationsIntf.class);
Map condition = new HashMap();
condition.put("Groups.Group Name", "ALL USERS");
tcResultSet rs = groupOps.findGroups(condition);
System.out.println("Groups.Key: " + rs.getStringValue("Groups.Key"));

Grant role to users

Grant the role "AD User" to the "System Administrator" user:

tcGroupOperationsIntf groupManager = oimClient.getService(tcGroupOperationsIntf.class);
Map condition = new HashMap();
condition.put("Groups.Group Name", "AD User");
tcResultSet rs = groupManager.findGroups(condition);
String groupKey = rs.getStringValue("Groups.Key");
 
RoleManager roleManager = oimClient.getService(RoleManager.class);
Set userKeys = new HashSet();
userKeys.add("1");
roleManager.grantRole(groupKey, userKeys);

Revoke role from users

Revoke the role "AD User" from the "System Administrator" user:

tcGroupOperationsIntf groupManager = oimClient.getService(tcGroupOperationsIntf.class);
Map condition = new HashMap();
condition.put("Groups.Group Name", "AD User");
tcResultSet rs = groupManager.findGroups(condition);
String groupKey = rs.getStringValue("Groups.Key");
 
RoleManager roleManager = oimClient.getService(RoleManager.class);
Set userKeys = new HashSet();
userKeys.add("1");
roleManager.revokeRoleGrant(groupKey, userKeys);

Create

Create a new Role and print its key:

tcGroupOperationsIntf groupManager = getService(tcGroupOperationsIntf.class);
Map attributes = new HashMap();
attributes.put("Groups.Group Name", "New Group");
attributes.put("Groups.Role Description", "Just for testing");
long groupKey = groupManager.createGroup(attributes);
System.out.println("Group key: " + groupKey);

Delete

Delete a Role

long groupKey = 12345L;
tcGroupOperationsIntf groupManager = getService(tcGroupOperationsIntf.class);
groupManager.deleteGroup(groupKey);

Modify

Note: the following attributes are read-only:

  1. RoleManagerConstants.ROLE_KEY
  2. RoleManagerConstants.ROLE_LDAP_DN
  3. RoleManagerConstants.ROLE_LDAP_GUID
  4. RoleManagerConstants.RoleAttributeName.DATA_LEVEL

Note: the following attributes can only be changed in the reconciliation context:

  1. RoleManagerConstants.ROLE_UNIQUE_NAME
  2. RoleManagerConstants.ROLE_NAMESPACE

Modify a single role

Set the xelsysadm as the new owner for the REPORT ADMINISTRATORS built-in role (key "24")

RoleManager service = getService(RoleManager.class);
Role role = new Role("24");
role.setAttribute("Role Owner Key", 1L);
RoleManagerResult result = service.modify(role);

Modify roles in a batch

Change two roles in one call.

RoleManager service = getService(RoleManager.class);
Set<String> roleKeys = new HashSet<String>();
roleKeys.add("24"); // REPORT ADMINISTRATORS
roleKeys.add("25"); // PLUGIN ADMINISTRATORS
 
HashMap<String, Object> attributes = new HashMap<String, Object>();
attributes.put(RoleManagerConstants.ROLE_OWNER_KEY, "1"); // the key of the xelsysadm user
Role role = new Role(attributes);
 
RoleManagerResult result = service.modify(roleKeys, role);
grouprolerolemanagertcgroupoperationsintf
page revision: 4, last edited: 08 Jun 2012 15:01
Edit Rate (0) Tags History Files Print Site tools + Options
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License