Listing users and their roles HOWTO
Last modified 22 Apr 2021 17:31 +02:00

This is a very basic HOWTO showing how could one obtain a list of users and their roles via a REST call.

Basically, there are two ways: via bulk actions and via simple query.

Bulk actions (midPoint scripting)

This method is the most powerful, but also quite complex.

Execute this command:

Command to return users and their information
curl.exe --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "http://localhost:8080/midpoint/ws/rest/rpc/executeScript" -d @query-all-users-bulk.xml
query-all-users-bulk.xml file
<?xml version="1.0"?>
<s:executeScript xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
    <s:pipeline>
        <s:search>
            <s:type>c:UserType</s:type>
            <s:options>
                <c:option>
                    <c:selector>
                        <c:path>roleMembershipRef</c:path>
                    </c:selector>
                    <c:options>
                        <c:resolveNames>true</c:resolveNames>
                    </c:options>
                </c:option>
            </s:options>
        </s:search>
        <s:filterContent>
            <s:remove>metadata</s:remove>
            <s:remove>assignment/metadata</s:remove>
            <s:remove>operationExecution</s:remove>
            <s:remove>credentials/password/value</s:remove>
        </s:filterContent>
    </s:pipeline>
    <s:options>
        <s:hideOperationResults>true</s:hideOperationResults>
    </s:options>
</s:executeScript>

Simple query

This is not so powerful and flexible as bulk actions, but may suffice on many occassions.

Execute this command:

Command to return users and their information; with all references resolved to object names
curl.exe --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "http://localhost:8080/midpoint/ws/rest/users/search?options=resolveNames&exclude=metadata&exclude=operationExecution&exclude=credentials/password/value&exclude=assignment/metadata" -d @query-all-users.xml

Referencing this file:

Query to select users (all users in this case)
<?xml version="1.0"?>
<q:query xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
    <!-- empty query = return all records -->
</q:query>
Was this page helpful?
YES NO
Thanks for your feedback