RoleManager service
Role (formerly group) API.
Manage OIM roles (formerly user groups)
Tables
Java API
Find roles
Find all roles and print all group attributes:
tcGroupOperationsIntf groupOps = oimClient.getService(tcGroupOperationsIntf.class); tcResultSet rs = groupOps.findGroups(null); for (int i = 0; i < rs.getRowCount(); i++) { rs.goToRow(i); System.out.println("Groups.Group Name: " + rs.getStringValue("Groups.Group Name")); System.out.println("Groups.Role Display Name: " + rs.getStringValue("Groups.Role Display Name")); System.out.println("Groups.Role Name: " + rs.getStringValue("Groups.Role Name")); System.out.println("Groups.Role Description: " + rs.getStringValue("Groups.Role Description")); System.out.println("Groups.Role Owner Key: " + rs.getStringValue("Groups.Role Owner Key")); System.out.println("Groups.Creation Date: " + rs.getStringValue("Groups.Creation Date")); System.out.println("Groups.Update Date: " + rs.getStringValue("Groups.Update Date")); System.out.println("Groups.Role Namespace: " + rs.getStringValue("Groups.Role Namespace")); System.out.println("Groups.Key: " + rs.getStringValue("Groups.Key")); System.out.println("Groups.LDAP GUID: " + rs.getStringValue("Groups.LDAP GUID")); System.out.println("Groups.Updated By: " + rs.getStringValue("Groups.Updated By")); System.out.println("Groups.Role Category Key: " + rs.getStringValue("Groups.Role Category Key")); System.out.println("Groups.System Level: " + rs.getStringValue("Groups.System Level")); System.out.println("Groups.E-mail: " + rs.getStringValue("Groups.E-mail")); System.out.println("Groups.LDAP DN: " + rs.getStringValue("Groups.LDAP DN")); System.out.println("MEMBERTYPE: " + rs.getStringValue("MEMBERTYPE")); System.out.println(); }
Find a particular role by name ("ALL USERS") and print its key:
tcGroupOperationsIntf groupOps = oimClient.getService(tcGroupOperationsIntf.class); Map condition = new HashMap(); condition.put("Groups.Group Name", "ALL USERS"); tcResultSet rs = groupOps.findGroups(condition); System.out.println("Groups.Key: " + rs.getStringValue("Groups.Key"));
Grant role to users
Grant the role "AD User" to the "System Administrator" user:
tcGroupOperationsIntf groupManager = oimClient.getService(tcGroupOperationsIntf.class); Map condition = new HashMap(); condition.put("Groups.Group Name", "AD User"); tcResultSet rs = groupManager.findGroups(condition); String groupKey = rs.getStringValue("Groups.Key"); RoleManager roleManager = oimClient.getService(RoleManager.class); Set userKeys = new HashSet(); userKeys.add("1"); roleManager.grantRole(groupKey, userKeys);
Revoke role from users
Revoke the role "AD User" from the "System Administrator" user:
tcGroupOperationsIntf groupManager = oimClient.getService(tcGroupOperationsIntf.class); Map condition = new HashMap(); condition.put("Groups.Group Name", "AD User"); tcResultSet rs = groupManager.findGroups(condition); String groupKey = rs.getStringValue("Groups.Key"); RoleManager roleManager = oimClient.getService(RoleManager.class); Set userKeys = new HashSet(); userKeys.add("1"); roleManager.revokeRoleGrant(groupKey, userKeys);
Create
Create a new Role and print its key:
tcGroupOperationsIntf groupManager = getService(tcGroupOperationsIntf.class); Map attributes = new HashMap(); attributes.put("Groups.Group Name", "New Group"); attributes.put("Groups.Role Description", "Just for testing"); long groupKey = groupManager.createGroup(attributes); System.out.println("Group key: " + groupKey);
Delete
Delete a Role
long groupKey = 12345L; tcGroupOperationsIntf groupManager = getService(tcGroupOperationsIntf.class); groupManager.deleteGroup(groupKey);
Modify
Note: the following attributes are read-only:
- RoleManagerConstants.ROLE_KEY
- RoleManagerConstants.ROLE_LDAP_DN
- RoleManagerConstants.ROLE_LDAP_GUID
- RoleManagerConstants.RoleAttributeName.DATA_LEVEL
Note: the following attributes can only be changed in the reconciliation context:
- RoleManagerConstants.ROLE_UNIQUE_NAME
- RoleManagerConstants.ROLE_NAMESPACE
Modify a single role
Set the xelsysadm as the new owner for the REPORT ADMINISTRATORS built-in role (key "24")
RoleManager service = getService(RoleManager.class); Role role = new Role("24"); role.setAttribute("Role Owner Key", 1L); RoleManagerResult result = service.modify(role);
Modify roles in a batch
Change two roles in one call.
RoleManager service = getService(RoleManager.class); Set<String> roleKeys = new HashSet<String>(); roleKeys.add("24"); // REPORT ADMINISTRATORS roleKeys.add("25"); // PLUGIN ADMINISTRATORS HashMap<String, Object> attributes = new HashMap<String, Object>(); attributes.put(RoleManagerConstants.ROLE_OWNER_KEY, "1"); // the key of the xelsysadm user Role role = new Role(attributes); RoleManagerResult result = service.modify(roleKeys, role);
page revision: 4, last edited: 08 Jun 2012 15:01