Restman roles and Manage Roles from UI do not match

ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Restman roles and Manage Roles from UI do not match

book

Article ID: 142272

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

I have users that appear in the Administrator role via the restman call: https://server:9443/restman/1.0/roles

But they do not appear from the Manage Roles in the UI.

This is problematic since I cannot trust what the UI shows me. Is there a way to fix this?

Cause

PM will not show users from external provider that are disabled/not active, RESTMAN implementation only queries all records the result is they could be different

Environment

Release : 9.2

Component : API GTW ENTERPRISE MANAGER

Resolution

Two options to remove the entries

Active the accounts in AD then delete from PM
OR
Execute mysql query to delete them directly

First get the user DN form identity_id

mysql> SELECT hex(provider_goid), identity_id FROM rbac_assignment;
+----------------------------------+-------------------------------------------------------+
| hex(provider_goid) | identity_id |
+----------------------------------+-------------------------------------------------------+
| 0000000000000000FFFFFFFFFFFFFFFE | 00000000000000000000000000000003 |
| 0000000000000000FFFFFFFFFFFFFFFE | 05bca8219254742b86baf1adb7468bd3 |
| 05BCA8219254742B86BAF1ADB745FBB6 | CN=Alan Always,CN=Users,DC=ssosites,DC=com |
| 05BCA8219254742B86BAF1ADB745FBB6 | CN=SWA_APIGatewaySupport,OU=groups,DC=ssosites,DC=com |
+----------------------------------+-------------------------------------------------------+
4 rows in set (0.00 sec)

TEST select call for the object to delete

mysql> SELECT hex (goid), identity_id FROM rbac_assignment where identity_id = 'CN=Alan Always,CN=Users,DC=ssosites,DC=com';
+----------------------------------+--------------------------------------------+
| hex (goid) | identity_id |
+----------------------------------+--------------------------------------------+
| 29275AE47C82D6CE3C9ED52AFD077002 | CN=Alan Always,CN=Users,DC=ssosites,DC=com |
+----------------------------------+--------------------------------------------+
1 row in set (0.00 sec)

DELETE from the table rbac_assignment

DELETE from rbac_assignment WHERE identity_id = 'CN=Alan Always,CN=Users,DC=ssosites,DC=com';

My test

mysql>
mysql> SELECT hex (goid), identity_id FROM rbac_assignment where identity_id = 'CN=Alan Always,CN=Users,DC=ssosites,DC=com';
+----------------------------------+--------------------------------------------+
| hex (goid) | identity_id |
+----------------------------------+--------------------------------------------+
| 29275AE47C82D6CE3C9ED52AFD077002 | CN=Alan Always,CN=Users,DC=ssosites,DC=com |
+----------------------------------+--------------------------------------------+
1 row in set (0.00 sec)

mysql>
mysql>
mysql> DELETE from rbac_assignment WHERE identity_id = 'CN=Alan Always,CN=Users,DC=ssosites,DC=com';
Query OK, 1 row affected (0.00 sec)

mysql> SELECT hex (goid), identity_id FROM rbac_assignment where identity_id = 'CN=Alan Always,CN=Users,DC=ssosites,DC=com';
Empty set (0.00 sec)

Feedback

thumb_up Yes

thumb_down No