SCIM Role examples
Operations
List all
List all roles.Roles
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Role
Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,4,
"resources"startIndex": 1,
"Resources": [
{
"approvalEnd": "2019-12-09T12:58:23+01:00"2021-02-26 13:19:36",
"ownedRoles": [
{
"informationSystem": "TEST"Operation/Business process/ad",
"ownerRole": 34,63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 5794,393195,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid"ad",
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/1563461",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "TestRole"AD role",
"hasDomain": false,
"id": 1207155,1563461,
"ownerRoleName": "SOFFID_ADMIN",
"status"roleDescription": {"AD role",
"value"status": "A"
}
},
{
"informationSystem": "Operation/Business 2/SOFFID",
"ownerRole": 34,63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 50247,393447,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "test2",
"hasDomain": false,
"id": 2234311,
"ownerRoleName": "SOFFID_ADMIN",
"status": {
"value": "A"
}
}
],
"indirectAssignment": "",
"description": "SOFFID Administrator",
"granteeGroups": [],
"bpmEnforced": false,
"informationSystemName": "SOFFID",
"password": false,
"system": "soffid",
"ownerRoles": []ad",
"meta": {
"location": "http://<domain>/soffid.pat.lab:8080/webservice/scim2/v1/Role/34"RoleGrant/501188",
"resourceType": "Role"RoleGrant"
},
"domain"schemas": {[
"name"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "SENSE_DOMINI"accounting_mgr",
"description"hasDomain": ""
},false,
"name"id": 501188,
"ownerRoleName": "SOFFID_ADMIN",
"approvalStart"roleDescription": "2019-12-09T12:58:23+01:00"Accounting Manager",
"attributes"status": {},
"id": 34,
"enableByDefault": trueA"
},
{
"approvalEnd": "2018-10-23T13:10:12+02:00",
"ownedRoles": [
{
"informationSystem": "TEST"Operation/Business process/ad",
"ownerRole": 5794,63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 50257,391535,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "ad",
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/503759",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "g100",
"hasDomain": false,
"id": 503759,
"ownerRoleName": "SOFFID_ADMIN",
"roleDescription": "Desarrollo Circuito",
"status": "A"
},
{
"informationSystem": "Operation/Business process/ad",
"ownerRole": 63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 391480,
"mandatory": false,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid"ad",
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/501481",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "TestRole2"Group Policy Creator Owners",
"hasDomain": false,
"id": 50262,501481,
"ownerRoleName": "TestRole"SOFFID_ADMIN",
"roleDescription": "Members in this group can modify group policy for the domain",
"status": {
"value": "A"
}
}],
"description": "SOFFID Administrator",
"granteeGroups": [
{
"informationSystem": "SOFFID",
"ownerRole": 5794,
"roleId": 1207022,
"mandatory": false,
"enabled": true,
"ownerSystem"system": "soffid",
"system"informationSystem": "test1"Operation/Business 2/SOFFID",
"roleId": 63,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/503848",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "sudo"SOFFID_ADMIN",
"ownerGroup": "admingroup",
"hasDomain": false,
"id": 1207161,503848,
"ownerRoleName"roleDescription": "TestRole"SOFFID Administrator",
"status"mandatory": {true,
"value"enabled": "A"
}true
}
],
"indirectAssignment": "*",
"description": "Test Role",
"granteeGroups": [],
"bpmEnforced": true,
"informationSystemName": "TEST"Operation/Business 2/SOFFID",
"password": false,
"system": "soffid",
"ownerGroups": [
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Group/91",
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "admingroup",
"obsolete": false,
"description": "Enterprise Administrators Group",
"parentGroup": "enterprise",
"attributes": {},
"id": 91
}
],
"ownerRoles": [
{
"informationSystem": "TEST"Operation/Business 2/SOFFID",
"ownerRole": 34,392727,
"ownerRoleDescription": "Business Services",
"roleId": 5794,63,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid"ad",
"system": "soffid",
"roleName": "TestRole",
"hasDomain": false,
"id": 1207155,
"ownerRoleName": "SOFFID_ADMIN",
"status": {
"value": "A"
}
},
{
"informationSystem": "TEST",
"ownerRole": 1664252,
"roleId": 5794,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "TestRole",
"hasDomain": false,
"id": 1664260,
"ownerRoleName": "Perfil-Gerente",
"status": {
"value": "A"
}
}
],
"meta": {
"location": "http://<domain>soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/501606",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "SOFFID_ADMIN",
"hasDomain": false,
"id": 501606,
"ownerRoleName": "share-15000",
"roleDescription": "SOFFID Administrator",
"status": "A"
}
],
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Role/5794"63",
"resourceType": "Role"
},
"domain"schemas": {[
"name":urn:soffid:com.soffid.iam.api.Role"
"SENSE_DOMINI",
"description": ""
}],
"name": "TestRole"SOFFID_ADMIN",
"approvalStart": "2018-10-23T13:10:12+02:00"2021-02-26 13:19:36",
"attributes": {
"date": [
{}
],
"owner": "admin"
},
"id": 5794,
"category": "Test",63,
"enableByDefault": true
},
{
"approvalEnd": "2019-09-11T16:37:22+02:00",
"ownedRoles": [
{
"ownerRolDomainValue": "enterprise",
"informationSystem": "LINUX",
"ownerRole": 43645,
"roleId": 1624329,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "LinuxHost",
"roleName": "avahi",
"hasDomain": false,
"id": 1750928,
"ownerRoleName": "SOFFID_OU_MANAGER",
"status": {
"value": "A"
}
}
],
"indirectAssignment": "",
"description": "BusinessSoffid unitvault manager"owner",
"granteeGroups": [],
"bpmEnforced": false,
"informationSystemName": "Operation/Business 2/SOFFID",
"password": false,
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"bpmEnabled": true,
"meta": {
"location": "http://<domain>/soffid.pat.lab:8080/webservice/scim2/v1/Role/43645"790961",
"resourceType": "Role"
},
"domain"schemas": {[
"name":urn:soffid:com.soffid.iam.api.Role"
"GRUPS",
"description": "Group domain"
}],
"name": "SOFFID_OU_MANAGER",
"approvalStart": "2019-09-11T16:37:22+02:00",
"attributes": {
"date": [
{}
]
},
"id": 43645,
"enableByDefault": true
}
]
}
Retrieve by id
Retrieve by its id (primary key). For instance, the admin user listed previously.
GET http://<domain>/webservice/scim2/v1/Role/34
HTTP 200
{
"approvalEnd": "2019-12-09T12:58:23+01:00",
"ownedRoles": [
{
"informationSystem": "TEST",
"ownerRole": 34,
"roleId": 5794,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "TestRole",
"hasDomain": false,
"id": 1207155,
"ownerRoleName": "SOFFID_ADMIN",
"status": {
"value": "A"
}
},
{
"informationSystem": "SOFFID",
"ownerRole": 34,
"roleId": 50247,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "test2",
"hasDomain": false,
"id": 2234311,
"ownerRoleName": "SOFFID_ADMIN",
"status": {
"value": "A"
}
}
],
"indirectAssignment": "",
"description": "SOFFID Administrator",
"granteeGroups": [],
"bpmEnforced": false,
"informationSystemName": "SOFFID",
"password": false,
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://<domain>/webservice/scim2/v1/Role/34",
"resourceType": "Role"
},
"domain": {
"name": "SENSE_DOMINI",
"description": ""
},
"name": "SOFFID_ADMIN",
"approvalStart": "2019-12-09T12:58:23+01:00"SOFFID_OWNER",
"attributes": {},
"id": 34,790961,
"enableByDefault": truefalse
},
.............
]
}
List by filter
List all roles with a filter expression.
It example,is oneallowed canto searchuse rolespagination and sort the information, for systemmore SOFFIDinformation visit SCIM Query parameters page.
Request
List all roles with a namefilter ending with "ADMIN"expression.
GET http://<your-domain>/soffid/webservice/scim2/v1/Role?filter=systemname eq "soffid"AD androle"
Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"resources"startIndex": 1,
"Resources": [
{
"approvalEnd": "2019-12-09T12:58:23+01:00"2021-02-04 15:39:05",
"ownedRoles": [],
"description": "AD role",
"granteeGroups": [],
"informationSystemName": "Operation/Business process/ad",
"password": false,
"system": "ad",
"ownerGroups": [],
"ownerRoles": [
{
"informationSystem": "TEST"Operation/Business process/ad",
"ownerRole": 34,63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 5794,393195,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid"ad",
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/1563461",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "TestRole"AD role",
"hasDomain": false,
"id": 1207155,1563461,
"ownerRoleName": "SOFFID_ADMIN",
"status"roleDescription": {"AD role",
"value"status": "A"
}
],
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Role/393195",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "AD role",
"approvalStart": "2021-02-04 15:39:05",
"attributes": {},
"id": 393195,
"enableByDefault": false
}
]
}
Query by id
Query a role by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Role/393195
Response 200 OK
{
"approvalEnd": "2021-02-04 15:39:05",
"ownedRoles": [],
"description": "AD role",
"granteeGroups": [],
"informationSystemName": "Operation/Business process/ad",
"password": false,
"system": "ad",
"ownerGroups": [],
"ownerRoles": [
{
"informationSystem": "SOFFID"Operation/Business process/ad",
"ownerRole": 34,63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 50247,393195,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "test2",
"hasDomain": false,
"id": 2234311,
"ownerRoleName": "SOFFID_ADMIN",
"status": {
"value": "A"
}
}
],
"indirectAssignment": "",
"description": "SOFFID Administrator",
"granteeGroups": [],
"bpmEnforced": false,
"informationSystemName": "SOFFID",
"password": false,
"system": "soffid",
"ownerRoles": []ad",
"meta": {
"location": "http://<domain>/soffid.pat.lab:8080/webservice/scim2/v1/Role/34"RoleGrant/1563461",
"resourceType": "Role"RoleGrant"
},
"domain": {
"name": "SENSE_DOMINI",
"description": ""
},
"name": "SOFFID_ADMIN",
"approvalStart": "2019-12-09T12:58:23+01:00",
"attributes": {},
"id": 34,
"enableByDefault": true
}
]
}
Create
One may create a role. This role will be used for the following examples.
POST http://<domain>/webservice/scim2/v1/Role
Put the user JSON in the body of the request:
{
"approvalEnd": "2019-12-09T12:58:23+01:00",
"ownedRoles"schemas": [
{"urn:soffid:com.soffid.iam.api.RoleGrant"
"informationSystem": "TEST",
"roleId": 5794,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid"],
"roleName": "TestRole"AD role",
"hasDomain": false,
"id": 1207155,1563461,
"ownerRoleName": "SOFFID_OU_OWNER"
}SOFFID_ADMIN",
{
"informationSystem"roleDescription": "SOFFID"AD role",
"roleId": 50247,
"mandatory": true,
"enabled": true,
"ownerSystem"status": "soffid",
"system": "soffid",
"roleName": "test2",
"hasDomain": false,
"id": 2234311,
"ownerRoleName": "SOFFID_OU_OWNER"A"
}
],
"description": "SOFFID test role",
"bpmEnforced": false,
"informationSystemName": "SOFFID",
"password": false,
"system": "soffid",
"ownerRoles": [],
"domain": {
"name": "GRUPS",
"description": ""
},
"name": "SOFFID_OU_OWNER"
}
HTTP 201
{
"approvalEnd": "2019-12-12T09:53:05.928+01:00",
"ownedRoles": [
{
"informationSystem": "SOFFID",
"ownerRole": 2236407,
"roleId": 50247,
"mandatory"bpmEnabled": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "test2",
"hasDomain": false,
"id": 2236411,
"ownerRoleName": "SOFFID_OU_OWNER",
"status": {
"value": "A"
}
},
{
"informationSystem": "TEST",
"ownerRole": 2236407,
"roleId": 5794,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "TestRole",
"hasDomain": false,
"id": 2236408,
"ownerRoleName": "SOFFID_OU_OWNER",
"status": {
"value": "A"
}
}
],
"indirectAssignment": "",
"description": "SOFFID test role",
"granteeGroups": [],
"bpmEnforced": false,
"informationSystemName": "SOFFID",
"password": false,
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://<domain>/soffid.pat.lab:8080/webservice/scim2/v1/Role/2236407"393195",
"resourceType": "Role"
},
"domain"schemas": {[
"name":urn:soffid:com.soffid.iam.api.Role"
"GRUPS",
"description": "Group domain"
}],
"name": "SOFFID_OU_OWNER"AD role",
"approvalStart": "2019-12-12T09:53:05.928+01:00"2021-02-04 15:39:05",
"attributes": {},
"id": 2236407,393195,
"enableByDefault": false
}
Create
To create a role .
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/Role
JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "App Billing Role",
"description": "Role Admin for Billing application",
"informationSystemName": "Operation/Business 2/App Billing",
"system": "test",
"password": false,
"bpmEnabled": false,
"enableByDefault": false,
"granteeGroups": [],
"ownedRoles": [],
"ownerGroups": [],
"ownerRoles": []
}
Response 201 Created
{
"ownedRoles": [],
"description": "Role Admin for Billing application",
"granteeGroups": [],
"informationSystemName": "Operation/Business 2/App Billing",
"password": false,
"system": "test",
"ownerGroups": [],
"ownerRoles": [],
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Role/1976590",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "App Billing Role",
"attributes": {},
"id": 1976590,
"enableByDefault": false
}
Update partial
Update only of the attributes with changes, only these attributesatrributes will be updated in the role,updated, the rest will maintain the same value.
Request
For example we will update the description and the owner users.
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Role/22364071976590
JSON
{
"description"schemas": "SOFFID test role (modified)"
}
HTTP 200
{[
"approvalEnd":urn:soffid:com.soffid.iam.api.Role"
"2019-12-12T09:53:05+01:00"],
"ownedRoles"Operations": [
{
"informationSystem"op": "SOFFID"replace",
"ownerRole": 2236407,
"roleId": 50247,
"mandatory": true,
"enabled": true,
"ownerSystem"path": "soffid"system",
"system": "soffid",
"roleName": "test2",
"hasDomain": false,
"id": 2236411,
"ownerRoleName": "SOFFID_OU_OWNER",
"status": {
"value": "A"
}
},
{
"informationSystem": "TEST",
"ownerRole": 2236407,
"roleId": 5794,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "TestRole",
"hasDomain": false,
"id": 2236408,
"ownerRoleName": "SOFFID_OU_OWNER",
"status": {
"value": "A"
}
}
],
}
Response 200 OK
{
"indirectAssignment"ownedRoles": ""[],
"description": "SOFFIDRole testAdmin rolefor (modified)"Billing application",
"granteeGroups": [],
"bpmEnforced": false,
"informationSystemName": "SOFFID"Operation/Business 2/App Billing",
"password": false,
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"bpmEnabled": false,
"meta": {
"location": "http://<domain>/soffid.pat.lab:8080/webservice/scim2/v1/Role/2236407"1976590",
"resourceType": "Role"
},
"domain"schemas": {[
"name":urn:soffid:com.soffid.iam.api.Role"
"GRUPS",
"description": "Group domain"
}],
"name": "SOFFID_OU_OWNER",App "approvalStart":Billing "2019-12-12T09:53:05+01:00"Role",
"attributes": {},
"id": 2236407,1976590,
"enableByDefault": false
}
Update all
This operation replace all values in the role. For example we will update the information system.roole.
- Note that the attribute id is required to confirm that the resource "...Role/<id>" is the same that the JSON
account.role. - Note that all the attributes not included in the request will be cleared in the role and their data will be lost.
- Note that not all the attributes are updatable, for
example,example tag meta, avoid these tags. For more information see Resource data model
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Role/22364071976590
JSON
{
"approvalEnd"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"id": 1976590,
"name": "2019-12-12T09:53:05+01:00"App Billing",
"description": "Role Admin for Billing application",
"informationSystemName": "Operation/Business 2/App Billing",
"system": "test",
"password": false,
"bpmEnabled": false,
"enableByDefault": false,
"granteeGroups": [],
"ownedRoles": [
{
"informationSystem": "SOFFID",
"ownerRole": 2236407,
"roleId": 50247,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "test2",
"hasDomain": false,
"id": 2236411,
"ownerRoleName": "SOFFID_OU_OWNER",
"status": {
"value": "A"
}
},
{
"informationSystem": "TEST",
"ownerRole": 2236407,
"roleId": 5794,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "TestRole",
"hasDomain": false,
"id": 2236408,
"ownerRoleName": "SOFFID_OU_OWNER",
"status": {
"value": "A"
}
}
],
"indirectAssignment"ownerGroups": [],
"ownerRoles": []
}
Response 200 OK
{
"ownedRoles": [],
"description": "SOFFIDRole testAdmin rolefor (modifiedBilling 2)"application",
"granteeGroups": [],
"bpmEnforced": false,
"informationSystemName": "SOFFID"Operation/Business 2/App Billing",
"password": false,
"system": "soffid"test",
"ownerGroups": [],
"ownerRoles": [],
"domain"bpmEnabled": false,
"meta": {
"name"location": "GRUPS"http://soffid.pat.lab:8080/webservice/scim2/v1/Role/1976590",
"description"resourceType": "Group domain"Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "SOFFID_OU_OWNER",App "approvalStart": "2019-12-12T09:53:05+01:00"Billing",
"attributes": {},
"id": 2236407,1976590,
"enableByDefault": false
}
Delete
Delete a role.
Please note after this delete, the account has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Role/1976590
Response 204 No Content
204 No Content
Note: use of roles with domain values
In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:
{
"approvalEnd": "2019-12-12T09:53:05+01:00",
"ownedRoles": [
{
"informationSystem": "SOFFID",
"ownerRole": 2236407,
"roleId": 50247,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "test2",
"hasDomain": false,
"id": 2236411,
"ownerRoleName": "SOFFID_OU_OWNER",
"status": {
"value": "A"
}
},
{
"informationSystem": "TEST",
"ownerRole": 2236407,
"roleId": 5794,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "soffid",
"roleName": "TestRole",
"hasDomain": false,
"id": 2236408,
"ownerRoleName": "SOFFID_OU_OWNER",
"status": {
"value": "A"
}
}
],
"indirectAssignment": "",
"description": "SOFFID test role (modified)",
"granteeGroups"grantedRoles": [],
"bpmEnforced"roles": false,[
{
"informationSystemName": "SOFFID",
"password"roleName": "SOFFID_OU_MANAGER",
"id": 2236442,
"roleDescription": "Business unit manager",
"domainValue": "D2"
},
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236447,
"roleDescription": "Business unit manager",
"domainValue": "enterprise"
}
],
"description": "faith - faith MUYOYO",
"type": {
"value": "U"
},
"lastUpdated": "2019-07-16T10:35:01+02:00",
"ownerGroups": [],
"inheritNewPermissions": false,
"disabled": false,
"id": 1727122,
"grantedGroups": [],
"managerGroups": [],
"passwordPolicy": "I",
"managerRoles": [],
"created": "2019-07-16T10:26:16+02:00",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://<domain>/bubu-thinkpad:8080/webservice/scim2/v1/Role/2236407"scim/Account/1727122",
"resourceType": "Role"
},
"domain": {
"name": "GRUPS",
"description": "Group domain"Account"
},
"name": "SOFFID_OU_OWNER"faith",
"approvalStart"managerUsers": "2019-12-12T09:53:05+01:00"[],
"attributes": {},
"grantedUsers": [],
"ownerUsers": [
{
"lastName": "Smith",
"createdByUser": "csv",
"mailServer": "null",
"nationalID": "",
"multiSession": false,
"modifiedByUser": "admin",
"id": 2236407,1727113,
"enableByDefault"homeServer": false"null",
"primaryGroupDescription": "Entrprise",
"primaryGroup": "enterprise",
"comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
"profileServer": "null",
"active": true,
"fullName": "faith MUYOYO",
"userName": "faith",
"mailAlias": "",
"firstName": "faith",
"createdDate": "2019-07-16T10:26:16+02:00",
"phoneNumber": "",
"modifiedDate": "2019-12-12T17:06:42+01:00",
"userType": "I"
}
]
}
DeleteError response
DeleteFor amore userinfomation andabout itserror relationsresponse (groups,visit accounts, attributes, secondary groups, etc).
Please note that after this delete action, you will need to create again the user to use it in the next examples.
DELETE http:https://<domain>/webservice/scim2/v1/Role/2236407
HTTP 204
bookstack.soffid.com/link/116#bkmrk-error-response
Notes
Notes about role domains
By default, roles have no security domain (sometimes referred to as scope). When a security domain is assigned to a role, each account-role object is tagged with the proper security domain value. It is allowed to assign one role multiple times to the same user, as long as each assignment is tagged with a different security domain value. For instance, one can create the SOFFID_OU_MANAGER role bound to the GROUPS security domain. Then, you can assign the role SOFFID_OU_MANAGER/Group1 to any user.
Four kind of security domains are available:
- SENSE_DOMAIN: No security domain applies
- GROUP: A business unit is bound to each grant of this role
- APLICATION: A information sysstem is bound to each grant of this role
- Custom domain: Each application can have its own security domains with arbitrary meanings.
To set or modify the role domain for a role, one can use the "domain" attribute. This attribute is a complex object composed of a name and a description. Only the name is mandatory.
Notes about role inheritance
Role inheritance is driven by the ownedRoles, ownerRoles and ownedGroups. Each of these attributes is an array of grants. Each grant has the following attributes:
- ownerRole: id of owner role.
- ownerSystem: name of owner role's system.
- ownerRoleName: name of owner role's name.
- ownerRolDomainValue: security domain of the owner role. If a user is granted with the owner role, and the ownerRolDomainValue does not match the grant domain, the inheritance rule does not apply.
- roleId: id of owned role.
- system: name of owned role's system
- roleName: name of owned role's name
- domainValue: security domain of the owned role.
The role inheritance can vary slightly depending on whether the owned role and the owner role are in the same domain or not:
Resulting domain value
|
Owner role has no domain
|
Owner role has a different domain
|
Same domain
|
---|---|---|---|
Domain value not specified | Blank | Blank | Owner role domain value |
Domain value specified | Specified value | Specified value | Specified value |