Sample SOAP requests to create Access Role in IAM.
search cancel

Sample SOAP requests to create Access Role in IAM.

book

Article ID: 260432

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Sample SOAP requests to create Access Role in IAM.

Environment

Release : Any

Component : Identity Manager

Resolution

This sample creates a new Access Role named AR6 with different examples for specific members / administrators / owners

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
  <soapenv:Header/>
  <soapenv:Body>
    <wsdl:TaskContext>
      <wsdl:admin_id>Enter Username Here</wsdl:admin_id>
      <wsdl:admin_password>Enter Password Here</wsdl:admin_password>
    </wsdl:TaskContext>
    <wsdl:CreateAccessRole>
      <wsdl:CreateAccessRoleSearch>
        <wsdl:CreateNew>true</wsdl:CreateNew>
      </wsdl:CreateAccessRoleSearch>
      <wsdl:CreateAccessRoleProfileTab>
        <wsdl:Name>AR6</wsdl:Name>
        <wsdl:Enabled>true</wsdl:Enabled>
      </wsdl:CreateAccessRoleProfileTab>
      <wsdl:CreateAccessRoleMembersTab>
        <wsdl:AdminsManageMembers>true</wsdl:AdminsManageMembers>
        <wsdl:AddChange><![CDATA[<ChangeActions><AddValue attribute="%ACCESS_ROLES%" value="AR6"/><SetValue attribute="%DEPARTMENT%" value="AR6"/></ChangeActions>]]></wsdl:AddChange>
        <wsdl:RemoveChange><![CDATA[<ChangeActions><RemoveValue attribute="%ACCESS_ROLES%" value="AR6"/><SetValue attribute="%DEPARTMENT%" value=""/></ChangeActions>]]></wsdl:RemoveChange>
        <wsdl:Policy>
          <wsdl:add index="?">
            <wsdl:Member><![CDATA[<MemberRule><AttributeExpression attribute="%DEPARTMENT%" comparator="EQUALS" value="AR6"/></MemberRule>]]></wsdl:Member>
          </wsdl:add>
        </wsdl:Policy>
      </wsdl:CreateAccessRoleMembersTab>
      <wsdl:CreateAccessRoleAdministratorsTab>
        <wsdl:AdminsManageAdmins>true</wsdl:AdminsManageAdmins>
        <wsdl:Policy>
          <wsdl:add index="0">
            <wsdl:Admin><![CDATA[<MemberRule><AttributeExpression attribute="%USER_ID%" comparator="EQUALS" value="imadmin"/></MemberRule>]]></wsdl:Admin>
            <wsdl:ManageMembers>true</wsdl:ManageMembers>
            <wsdl:User><![CDATA[<ScopeRule object="USER" purpose="*"><All/></ScopeRule>]]></wsdl:User>
          </wsdl:add>
        </wsdl:Policy>
      </wsdl:CreateAccessRoleAdministratorsTab>
      <wsdl:CreateAccessRoleOwnersTab>
        <wsdl:Policy>
          <wsdl:add index="0">
            <wsdl:Owner><![CDATA[<MemberRule><AttributeExpression attribute="%USER_ID%" comparator="EQUALS" value="imadmin"/></MemberRule>]]></wsdl:Owner>
          </wsdl:add>
        </wsdl:Policy>
      </wsdl:CreateAccessRoleOwnersTab>
    </wsdl:CreateAccessRole>
  </soapenv:Body>
</soapenv:Envelope>

This sample creates a new Access Role named AR2 as a copy of an existing Access Role named AR1. Since it is a copy of an existing Access Role, all the settings, including membership, administrators, and owners rules will be copied to the new role.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
  <soapenv:Header/>
    <soapenv:Body>
      <wsdl:TaskContext>
        <wsdl:admin_id>Enter Username Here</wsdl:admin_id>
        <wsdl:admin_password>Enter Password Here</wsdl:admin_password>
      </wsdl:TaskContext>
      <wsdl:CreateAccessRole>
         <wsdl:CreateAccessRoleSearch>
            <wsdl:CreateCopy>true</wsdl:CreateCopy>
            <wsdl:Subject index="?">
               <wsdl:FriendlyName>AR1</wsdl:FriendlyName>
            </wsdl:Subject>
         </wsdl:CreateAccessRoleSearch>
         <wsdl:CreateAccessRoleProfileTab>
            <wsdl:Name>AR2</wsdl:Name>
         </wsdl:CreateAccessRoleProfileTab>
      </wsdl:CreateAccessRole>
   </soapenv:Body>
</soapenv:Envelope>

Powered by Wolken Software