roles/
Role Type REST Endpoint
Role Type REST Endpoint
Here we are describing the Role object type in relation to midPoints REST API. The Role objects are a part of the REST API web resources.
Operations And Examples
The Role web resource is a part of the Create-Read-Update-Delete (CRUD) web resources present in midPoint. This is apparent in the operations which are available for this type of object.
In our examples we are authenticating with the credentials, name "administrator" and password "y0uR_P455woR*d" on a localhost instance running on port 8080. |
For some help regarding the REST examples please see this link:
Create Role Objects
curl --user administrator:y0uR_P455woR*d \
-H "Content-Type: application/json" \
-X POST http://localhost:8080/midpoint/ws/rest/roles \
-v \
--data-binary @./samples/rest/role-employee.json
Show data source example for "Create a new Role object in MidPoint" | GitHub
{
"role": {
"name": "employee",
"displayName": "Basic Employee"
}
}
The response is an HTTP 201 code in case of success without a response body. Also, the response contains a Location Header pointing to the location of the created user.
Location: http://localhost:8080/midpoint/ws/rest/roles/76fcec3e-7224-435e-8c9b-7532f081d8b0
Get Role Objects
Get operation for fetching a single specific object.
curl --user administrator:y0uR_P455woR*d \
-H "Accept: application/json" \
-X GET http://localhost:8080/midpoint/ws/rest/roles/00000000-0000-0000-0000-000000000008?options=raw \
-v
The response is an HTTP 200 code in case of success with a response body containing the queried item.
Example Output of "Get Role" example
The example is simplified, some properties were removed to keep the example output "short". This example does not contain all possible properties of this object type.
{
"role": {
"oid": "00000000-0000-0000-0000-000000000008",
"version": "1",
"name": "End user",
"description": "Role authorizing end users to log in, change their passwords and review assigned accounts. Note: This role definition is just an example. It should be tailored for each specific deployment.",
"metadata": {
},
"operationExecution": {
},
"iteration": 0,
"iterationToken": "",
"activation": {
},
"authorization": [],
"adminGuiConfiguration": {}
}
}
Search for Role Objects
Search operation usable for fetching the full list of objects or a list based on filter.
curl --user administrator:y0uR_P455woR*d \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-X POST http://localhost:8080/midpoint/ws/rest/roles/search \
-v \
--data-binary @./samples/rest/query-gen-name.json
Show data source example for "Search for name starting with 'a'" | GitHub
{
"query": {
"filter": {
"text": "name startsWith \"a\""
}
}
}
The response is an HTTP 200 code in case of success with a response body containing the queried items.
Example Output is a list of objects.
{
"@ns" : "http://prism.evolveum.com/xml/ns/public/types-3",
"object" : {
"@type" : "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3#ObjectListType",
"object" : [ {
"@type" : "",
"oid" : "",
"version" : "",
"name" : "",
"metadata" : {},
"operationExecution": {},
"indestructible": ,
"iteration" : ,
"iterationToken" : "",
"archetypeRef": {},
"roleMembershipRef": {},
"activation": {}
}, {
"@type" : "",
"oid" : "",
"version" : "",
"name" : "",
"metadata" : {},
"operationExecution": {},
"indestructible": ,
"iteration" : ,
"iterationToken" : "",
"archetypeRef": {},
"roleMembershipRef": {},
"activation": {}
} ]
}
}
Modify Role Objects
curl --user administrator:y0uR_P455woR*d \
-H "Content-Type: application/json" \
-X PATCH http://localhost:8080/midpoint/ws/rest/roles/76fcec3e-7224-435e-8c9b-7532f081d8b0 \
-v \
--data-binary @./samples/rest/modify-attribute-gen.json
Show data source example for "Modify attribute value" | GitHub
{
"objectModification": {
"itemDelta": {
"modificationType": "add",
"path": "description",
"value": "Description parameter modified via REST"
}
}
}
The response is an HTTP 204 code in case of success without a response body.
Delete Role Objects
curl --user administrator:y0uR_P455woR*d \
-v \
-X DELETE http://localhost:8080/midpoint/ws/rest/roles/76fcec3e-7224-435e-8c9b-7532f081d8b0
The response is an HTTP 204 code in case of success without a response body.
Generate and Validate Operations for Role Objects
Operations to generate or validate values, here we have an example of a simple identifier generate use-case.
curl --user administrator:y0uR_P455woR*d \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-X POST http://localhost:8080/midpoint/ws/rest/roles/ae660563-11e6-41e1-8920-82725cc77021/generate \
-v \
--data-binary @./samples/rest/policy-items-identifier-generate.json
Show data source example for "Generate identifier for object" | GitHub
{
"policyItemsDefinition": {
"policyItemDefinition": {
"target": {
"path": "identifier"
},
"execute": "true"
}
}
}
The response is an HTTP 200 code in case of success with a response body.
Show example output for "Generate identifier for object"
{
"@ns" : "http://prism.evolveum.com/xml/ns/public/types-3",
"object" : {
"@type" : "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3#PolicyItemsDefinitionType",
"policyItemDefinition" : [ {
"target" : {
"path" : "identifier"
},
"value" : {
"@type" : "xsd:string",
"@value" : "s2cMJrD5^21"
},
"execute" : true
} ]
}
}
Common Use-case Examples
JSON Example
Example output of information regarding a specific object. Some data vas omitted to simplify the example.
Show JSON Example
{
"role" : {
"oid" : "00000000-0000-0000-0000-000000000008",
"version" : "1",
"name" : "End user",
"description" : "Role authorizing end users to log in, change their passwords and review assigned accounts. Note: This role definition is just an example. It should be tailored for each specific deployment.",
"metadata" : {},
"operationExecution" : {},
"iteration" : 0,
"iterationToken" : "",
"activation" : {},
"authorization" : [ {}, {} ],
"adminGuiConfiguration" : {}
}
}