Role Type REST Endpoint
Last modified 13 Mar 2024 13:32 +01:00
Table of Contents

Role Type REST Endpoint

Here we are describing the Role object type in relation to midPoints REST API. The Role objects are a part of the REST API web resources.

Endpoint
roles/

Operations And Examples

The Role web resource is a part of the Create-Read-Update-Delete (CRUD) web resources present in midPoint. This is apparent in the operations which are available for this type of object.

In our examples we are authenticating with the credentials, name "administrator" and password "y0uR_P455woR*d" on a localhost instance running on port 8080.

For some help regarding the REST examples please see this link:

How to use MidPoint REST examples

Create Role Objects

Create a new Role object in MidPoint with file data source
curl --user administrator:y0uR_P455woR*d \
-H "Content-Type: application/json" \
-X POST http://localhost:8080/midpoint/ws/rest/roles \
-v \
--data-binary @./samples/rest/role-employee.json
Show data source example for "Create a new Role object in MidPoint" | GitHub 
{
  "role": {
    "name": "employee",
    "displayName": "Basic Employee"
  }
}

The response is an HTTP 201 code in case of success without a response body. Also, the response contains a Location Header pointing to the location of the created user.

Example location header
Location: http://localhost:8080/midpoint/ws/rest/roles/76fcec3e-7224-435e-8c9b-7532f081d8b0

Get Role Objects

Get operation for fetching a single specific object.

Get Role
curl --user administrator:y0uR_P455woR*d \
-H "Accept: application/json" \
-X GET http://localhost:8080/midpoint/ws/rest/roles/00000000-0000-0000-0000-000000000008?options=raw \
-v

The response is an HTTP 200 code in case of success with a response body containing the queried item.

Example Output of "Get Role" example

The example is simplified, some properties were removed to keep the example output "short". This example does not contain all possible properties of this object type.

{
	"role": {
		"oid": "00000000-0000-0000-0000-000000000008",
		"version": "1",
		"name": "End user",
		"description": "Role authorizing end users to log in, change their passwords and review assigned accounts. Note: This role definition is just an example. It should be tailored for each specific deployment.",
		"metadata": {
		},
		"operationExecution": {
		},
		"iteration": 0,
		"iterationToken": "",
		"activation": {
		},
		"authorization": [],
		"adminGuiConfiguration": {}
	}
}

Search for Role Objects

Search operation usable for fetching the full list of objects or a list based on filter.

Search for All Role With Name That Starts With 'a'
curl --user administrator:y0uR_P455woR*d \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-X POST http://localhost:8080/midpoint/ws/rest/roles/search \
-v \
--data-binary @./samples/rest/query-gen-name.json
Show data source example for "Search for name starting with 'a'" | GitHub 
{
  "query": {
    "filter": {
      "text": "name startsWith \"a\""
    }
  }
}

The response is an HTTP 200 code in case of success with a response body containing the queried items.

Example Output is a list of objects. 
{
  "@ns" : "http://prism.evolveum.com/xml/ns/public/types-3",
  "object" : {
    "@type" : "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3#ObjectListType",
    "object" : [ {
      "@type" : "",
      "oid" : "",
      "version" : "",
      "name" : "",
      "metadata" : {},
      "operationExecution": {},
      "indestructible": ,
      "iteration" : ,
      "iterationToken" : "",
      "archetypeRef": {},
      "roleMembershipRef": {},
      "activation": {}
    }, {
      "@type" : "",
      "oid" : "",
      "version" : "",
      "name" : "",
      "metadata" : {},
      "operationExecution": {},
      "indestructible": ,
      "iteration" : ,
      "iterationToken" : "",
      "archetypeRef": {},
      "roleMembershipRef": {},
      "activation": {}
    } ]
  }
}

Modify Role Objects

Modify Role
curl --user administrator:y0uR_P455woR*d \
-H "Content-Type: application/json" \
-X PATCH http://localhost:8080/midpoint/ws/rest/roles/76fcec3e-7224-435e-8c9b-7532f081d8b0 \
-v \
--data-binary @./samples/rest/modify-attribute-gen.json
Show data source example for "Modify attribute value" | GitHub 
{
	"objectModification": {
		"itemDelta": {
			"modificationType": "add",
			"path": "description",
			"value": "Description parameter modified via REST"
		}
	}
}

The response is an HTTP 204 code in case of success without a response body.

Delete Role Objects

Delete a Role type object
curl --user administrator:y0uR_P455woR*d \
-v \
-X DELETE http://localhost:8080/midpoint/ws/rest/roles/76fcec3e-7224-435e-8c9b-7532f081d8b0

The response is an HTTP 204 code in case of success without a response body.

Generate and Validate Operations for Role Objects

Operations to generate or validate values, here we have an example of a simple identifier generate use-case.

Generate Identifier for Role Type Object
curl --user administrator:y0uR_P455woR*d \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-X POST http://localhost:8080/midpoint/ws/rest/roles/ae660563-11e6-41e1-8920-82725cc77021/generate \
-v \
--data-binary @./samples/rest/policy-items-identifier-generate.json
Show data source example for "Generate identifier for object" | GitHub 
{
	"policyItemsDefinition": {
		"policyItemDefinition": {
			"target": {
				"path": "identifier"
			},
			"execute": "true"
		}
	}
}

The response is an HTTP 200 code in case of success with a response body.

Show example output for "Generate identifier for object" 
{
  "@ns" : "http://prism.evolveum.com/xml/ns/public/types-3",
  "object" : {
    "@type" : "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3#PolicyItemsDefinitionType",
    "policyItemDefinition" : [ {
      "target" : {
        "path" : "identifier"
      },
      "value" : {
        "@type" : "xsd:string",
        "@value" : "s2cMJrD5^21"
      },
      "execute" : true
    } ]
  }
}

Common Use-case Examples

JSON Example

Example output of information regarding a specific object. Some data vas omitted to simplify the example.

Show JSON Example 
{
  "role" : {
    "oid" : "00000000-0000-0000-0000-000000000008",
    "version" : "1",
    "name" : "End user",
    "description" : "Role authorizing end users to log in, change their passwords and review assigned accounts. Note: This role definition is just an example. It should be tailored for each specific deployment.",
    "metadata" : {},
    "operationExecution" : {},
    "iteration" : 0,
    "iterationToken" : "",
    "activation" : {},
    "authorization" : [ {}, {} ],
    "adminGuiConfiguration" : {}
  }
}

See Also

Was this page helpful?
YES NO
Thanks for your feedback