Autonomous Identity 2022.11.8

Roles

The following are Autonomous Identity filtering by roles endpoints:

POST /api/roles

POST /api/roles

Create draft roles and make updates to roles.

Endpoint

/api/roles

Authorization

<Bearer Token JWT-value> OR <API-KEY>
Request Body Parameters
Parameter Type Description

action

string

Action to perform ('create', 'save', 'publish', 'unpublish') (required)

updateAllMetadata

boolean

Update metadata for all related roles regardless of statuus

role

role object

Role object (properties below) (required)

Role Object Properties
Parameter Type Description

role_id

string

Role ID in uuid format (required)

status

string

Status of role ('draft', 'candidate', or 'active') (required)

custom_role

boolean

Role is a custom role

member_count

number

Number of users the roles applies to

assignment_count

number

Number of assignments the role applies to

entitlements

string array

List of entitlement IDs that are part of the role

justifications

string array

List of raw justifications

datasink_status

string

Datasink status ('ack' or 'nack')

role_metadata

role metadata object

Role metadata (properties below)

entitlements_metadata

array of entitlement metadata objects

List of entitlement metadata for each entitlement (object properties below)

Role Metadata Object Properties
Parameter Type Description

role_name

string

Display name of role

description

string

Role description

role_owner_id

string

Role owner ID

role_owner_display_name

string

Role owner display name

Entitlement Metadata Object Properties
Parameter Type Description

ent_id

string

Entitlement ID (required)

ent_name

string

Entitlement name (required)

application

application object

Application metadata (object properties below)

entitlement_owner

owner object

Entitlement owner data (object properties below)

Application Object Properties
Parameter Type Description

app_id

string

Application ID

app_name

string

Application name

application_owner

owner object

Application owner data (object properties below)

Owner Object Properties
Parameter Type Description

usr_id

string

User ID (required)

usr_name

string

User name (required)

usr_manager_id

string

User manager ID (required)

Example Request

curl --location --request POST 'https://autoid-api.forgerock.com/api/roles' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "action": "save",
  "updateAllMetadata": false,
  "role": {
    "role_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "status": "draft",
    "custom_role": false,
    "member_count": 0,
    "assignment_count": 0,
    "entitlements": [
      "string"
    ],
    "entitlements_metadata": [
      {
        "ent_id": "string",
        "ent_name": "string",
        "application": {
          "app_id": "string",
          "app_name": "string",
          "application_owner": {
            "usr_id": "string",
            "usr_name": "string",
            "usr_manager_id": "string"
          }
        },
        "entitlement_owner": {
          "usr_id": "string",
          "usr_name": "string",
          "usr_manager_id": "string"
        }
      }
    ],
    "justifications": [
      "string"
    ],
    "role_metadata": {
      "role_name": "string",
      "description": "string",
      "role_owner_display_name": "string",
      "role_owner_id": "string"
    }
  }
}'

Example Response

204 (No Content)

POST /api/roles/delete

POST /api/roles/delete

Delete roles.

Endpoint

/api/roles/delete

Authorization

<Bearer Token JWT-value>

Body

{
    "role_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "status": "draft" | “active”
}

Example Request

curl --location --request POST 'https://autoid-api.forgerock.com/api/admin/updateSelf' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
    "role_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "status": "draft" | “active”
}'

Example Response

204 (No content)

POST /api/roles/export

POST /api/roles/export

Export role data to json.

Endpoint

/api/roles/export

Authorization

<Bearer Token JWT-value> OR <API-KEY>
Query Parameters
Parameter Type Description

usrId

string

Roles that apply for a particular user ID

entId

string

Roles that apply for a particular entitlement ID

status

string

Status of role ('draft', 'candidate', or 'active')

role_name

string

Role name

description

string

Role description

role_owner_id

string

Role owner ID

role_owner_display_name

string

Role owner name

datasinkStatus

string

Datasink status filter ('ack', 'nack')

timestampThresholds

object

Timestamp threshold object (available properties below)

timestampThresholds Object Properties
Parameter Type Description

gt

string

Greater than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gte.

gte

string

Greater than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gt.

lt

string

Less than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with lte.

lte

string

Less than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with le.

Body

{
  "usrId": "john.doe",
  "datasinkStatus": "nack"
}

Example Request (Datasink Filter)

curl -k -X POST \
'https://autoid-ui.forgerock.com/api/roles/export' \
--header 'Content-type: application/json' \
--header 'Authorization: Bearer <token>' <OR> -H 'X-API-KEY: <api-key-value>' \
--data-raw '{
	"usrId": "john.doe",
	"datasinkStatus": "nack"
}'

Example Response (Datasink Filter)

{
  "roles": [
    	{
	  "temp_role_name": "Role J0-R21",
	  "normalized_role_name": "role j0-r21",
	  "member_count": 1,
	  "assignment_count": 1,
	  "entitlement_count": 1,
	  "role_id": "4aaf81db-2f8c-42b4-b954-1018a71743de",
	  "status": "candidate",
	  "entitlements": [
		"Ent_1"
	  ],
	  "entitlements_metadata": [
		{
		  "ent_criticality": "Essential",
		  "ent_id": " Ent_1",
		  "ent_name": " Ent_1",
		  "ent_risk_level": "Low",
		  "application":
		  {
			"app_criticality": "Essential",
			"app_id": "Active Directory",
			"app_name": "Active Directory",
			"app_risk_level": "High",
			"application_owner":
			{
			  "chief_yes_no": "Yes",
			  "city": "Kansas City",
			  "cost_center": "CON_SD9",
			  "department": "Facilities Area A",
			  "is_active": "Y",
			  "job_description": "Facilities Area A",
			  "jobcode_name": "Operating Clerk",
			  "line_of_business": "Transmission Operations",
			  "line_of_business_subgroup": "Real Estate",
			  "manager_name": "Thomas Shawyer",
			  "usr_department_name": "Facilities Area A",
			  "usr_display_name": "Derick Hui",
			  "usr_emp_type": "Non-Employee",
			  "usr_id": "derick.hui",
			  "usr_manager_id": "thomas.shawyer",
			  "usr_name": "Derick Hui"
			}
		  },
		  "entitlement_owner":
		  {
			"chief_yes_no": "No",
			"city": "Saint Paul",
			"cost_center": "OP_TT4",
			"department": "InfoSYS Power Gen",
			"is_active": "Y",
			"job_description": "InfoSYS Power Gen",
			"jobcode_name": "Lineman",
			"line_of_business": "Ethics and Compliance",
			"line_of_business_subgroup": "System Operations",
			"manager_name": "James Bosch",
			"usr_department_name": "InfoSYS Power Gen",
			"usr_display_name": "Carolyn Latanafrancia",
			"usr_emp_type": "Non-Employee",
			"usr_id": "carolyn.latanafrancia",
			"usr_manager_id": "james.bosch",
			"usr_name": "Carolyn Latanafrancia"
		  }
		}
	  ],
	  "justifications": [
		"0B_COST_CENTER_SOL_ER2 19_LINE_OF_BUSINESS_SUBGROUP_Energy%20Solutions"
	  ],
	  "users": [
		{
		  "usr_id": "aaron.lozada",
		  "usr_display_name": "Aaron Lozada",
		  "attributes": [
			"13_USR_DEPARTMENT_NAME_Operations%20SUP",
			"0F_JOB_DESCRIPTION_Operations_%20SUP",
			"0C_JOBCODE_NAME_Apprentice",
			"0C_MANAGER_NAME_Gary%20Amelio",
			"09_IS_ACTIVE_Y",
			"10_LINE_OF_BUSINESS_Distribution%20Operations",
			"10_USR_DISPLAY_NAME_Aaron%20Lozada",
			"0B_COST_CENTER_SOL_ER2",
			"08_USR_NAME_Aaron%20Lozada",
			"0C_CHIEF_YES_NO_No",
			"0C_USR_EMP_TYPE_Employee",
			"19_LINE_OF_BUSINESS_SUBGROUP_Energy%20Solutions",
			"04_CITY_Kansas%20City"
		  ]
		}
	  ]
     }
  ]
}