Sample SOAP requests to create a Provisioning Role via TEWS

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

For bulk / automated way of creating Provisioning Roles, TEWS can be used

Environment

Release:
Component: IDMGR

Resolution

Execute the following request in SOAP UI, using credentials and values appropriate to your environment:

This will create a provisioning role with no account template, basically a birthright role to create global users.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
<soapenv:Header/>
<soapenv:Body>
<wsdl:TaskContext>
<wsdl:admin_id>imadmin</wsdl:admin_id>
<wsdl:admin_password>test</wsdl:admin_password>
</wsdl:TaskContext>
<wsdl:CreateProvisioningRole>
<wsdl:CreateProvisioningRoleSearch>
<wsdl:CreateNew>true</wsdl:CreateNew>
</wsdl:CreateProvisioningRoleSearch>
<wsdl:CreateProvisioningRoleProfileTab>
<wsdl:Name>test_prov6</wsdl:Name>
</wsdl:CreateProvisioningRoleProfileTab>

<wsdl:CreateProvisioningRoleOwnersTab>
<wsdl:Policy>
<wsdl:add index="0">
<wsdl:Owner>
<![CDATA[<MemberRule><AttributeExpression attribute="%USER_ID%" comparator="EQUALS" value="imadmin"/></MemberRule>]]>
</wsdl:Owner>
</wsdl:add>
</wsdl:Policy>
</wsdl:CreateProvisioningRoleOwnersTab>
</wsdl:CreateProvisioningRole>
</soapenv:Body>
</soapenv:Envelope>

This will create a provisioning role, with an account template that already exists:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<TaskContext>
<admin_id>uid=im_admin_id,ou=imcd,dc=ca,dc=com</admin_id>
<admin_password>MY_PASSWORD</admin_password>
</TaskContext>
<CreateProvisioningRole xmlns="http://tews6/wsdl">
<CreateProvisioningRoleSearch>
<CreateNew>True</CreateNew>
</CreateProvisioningRoleSearch>
<CreateProvisioningRoleProfileTab>
<Name>MY_NEW_PROV_ROLE_NAME</Name>
</CreateProvisioningRoleProfileTab>
<CreateProvisioningRoleAccountTemplatesTab>
<Policies>
<add index="0">
<Name>MY_EXISTING_TEMPLATE</Name>
<EndpointType>Oracle Server</EndpointType>
</add>
</Policies>
</CreateProvisioningRoleAccountTemplatesTab>
<CreateProvisioningRoleAdministratorsTab>
<AddChange><![CDATA[<ChangeActions></ChangeActions>]]></AddChange>
<AdminsManageAdmins>1</AdminsManageAdmins>
<Policy>
<add index="0">
<Admin><![CDATA[<MemberRule><RoleMember><AdminRole name="Group Manager"/></RoleMember></MemberRule>]]></Admin>
<ManageAdmins>0</ManageAdmins>
<ManageMembers>1</ManageMembers>
<User><![CDATA[<ScopeRule object="USER" purpose="*"><All/></ScopeRule>]]></User>
</add>
<add index="1">
<Admin><![CDATA[<MemberRule><RoleMember><AdminRole name="System Manager"/></RoleMember></MemberRule>]]></Admin>
<ManageAdmins>0</ManageAdmins>
<ManageMembers>1</ManageMembers>
<User><![CDATA[<ScopeRule object="USER" purpose="*"><All/></ScopeRule>]]></User>
</add>
</Policy>
<RemoveChange><![CDATA[<ChangeActions></ChangeActions>]]></RemoveChange>
</CreateProvisioningRoleAdministratorsTab>
<CreateProvisioningRoleOwnersTab>
<Policy>
<add index="0">
<Owner><![CDATA[<MemberRule><RoleMember><AdminRole name="System Manager"/></RoleMember></MemberRule>]]></Owner>
</add>
</Policy>
</CreateProvisioningRoleOwnersTab>
</CreateProvisioningRole>
</soapenv:Body>
</soapenv:Envelope>

Additional Information

The SOAP response will be the transaction ID number, for example:

<soapenv:Envelope xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns="http://tews6/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<soapenv:Body>

</ImsStatus>

</soapenv:Body>

</soapenv:Envelope>