Restman roles and Manage Roles from UI do not match
search cancel

Restman roles and Manage Roles from UI do not match

book

Article ID: 142272

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

I have users that appear in the Administrator role via the restman call: https://<GWHostName>:9443/restman/1.0/roles

But they do not appear from the Manage Roles in the UI.

This is problematic since I cannot trust what the UI shows me. Is there a way to fix this?

Environment

Release : 9.2

Component : API GTW ENTERPRISE MANAGER

Cause

 

PM will not show users from external provider that are disabled/not active, RESTMAN implementation only queries all records the result is they could be different 

Resolution

Two options to remove the entries

Active the accounts in AD then delete from PM
OR
Execute mysql query to delete them directly

First get the user DN form identity_id

mysql> SELECT hex(provider_goid), identity_id FROM rbac_assignment;
+----------------------------------+-------------------------------------------------------+
| hex(provider_goid) | identity_id |
+----------------------------------+-------------------------------------------------------+
| 0000000000000000FFFFFFFFFFFFFFFE | 00000000000000000000000000000003 |
| 0000000000000000FFFFFFFFFFFFFFFE | 05bca8219254742b86baf1adb7468bd3 |
| 05BCA8219254742B86BAF1ADB745FBB6 | CN=<userName>, <BaseDN>|
| 05BCA8219254742B86BAF1ADB745FBB6 | CN=<AdminGroup> <BaseDN>|
+----------------------------------+-------------------------------------------------------+
4 rows in set (0.00 sec)

TEST select call for the object to delete

mysql> SELECT hex (goid), identity_id FROM rbac_assignment where identity_id = 'CN=<userName>, <BaseDN>';
+----------------------------------+--------------------------------------------+
| hex (goid) | identity_id |
+----------------------------------+--------------------------------------------+
| 29275AE47C82D6CE3C9ED52AFD077002 | CN=<userName>, <BaseDN> |
+----------------------------------+--------------------------------------------+
1 row in set (0.00 sec)


DELETE from the table rbac_assignment

DELETE from rbac_assignment WHERE identity_id = 'CN=<userName>, <BaseDN>';

My test

mysql> SELECT hex (goid), identity_id FROM rbac_assignment where identity_id = 'CN=<userName>, <BaseDN>';
+----------------------------------+--------------------------------------------+
| hex (goid) | identity_id |
+----------------------------------+--------------------------------------------+
| 29275AE47C82D6CE3C9ED52AFD077002 | CN=<userName>, <BaseDN> |
+----------------------------------+--------------------------------------------+
1 row in set (0.00 sec)

mysql> DELETE from rbac_assignment WHERE identity_id = 'CN=<userName>, <BaseDN>';
Query OK, 1 row affected (0.00 sec)

mysql> SELECT hex (goid), identity_id FROM rbac_assignment where identity_id = 'CN=<userName>, <BaseDN>';
Empty set (0.00 sec)

Powered by Wolken Software