Oracle Identity Manager Role Management With API

Posted by mustafakaya on Oracle Blogs See other posts from Oracle Blogs or by mustafakaya
Published on Tue, 19 Aug 2014 13:08:38 +0000 Indexed on 2014/08/19 16:25 UTC
Read the original article Hit count: 355

Filed under:

As an administrator, you use roles to create and manage the records of a collection of users to whom you want to permit access to common functionality, such as access rights, roles, or permissions.

Roles can be independent of an organization, span multiple organizations, or contain users from a single organization.

Using roles, you can:

  • View the menu items that the users can access through Oracle Identity Manager Administration Web interface.

  • Assign users to roles.

  • Assign a role to a parent role

  • Designate status to the users so that they can specify defined responses for process tasks.

  • Modify permissions on data objects.

  • Designate role administrators to perform actions on roles, such as enabling members of another role to assign users to the current role, revoke members from current role and so on.

  • Designate provisioning policies for a role. These policies determine if a resource object is to be provisioned to or requested for a member of the role.

  • Assign or remove membership rules to or from the role. These rules determine which users can be assigned/removed as direct membership to/from the role.


 In this post, i will share some examples for role management with Oracle Identity Management API.  You can do role operations you can use Thor.API.Operations.tcGroupOperationsIntf interface.

tcGroupOperationsIntf service =  getClient().getService(tcGroupOperationsIntf.class);   

 Assign an user to role : 

  public void assignRoleByUsrKey(String roleName, String usrKey) throws Exception {

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

        String groupKey = role.getStringValue("Groups.Key");

        service.addMemberUser(Long.parseLong(groupKey), Long.parseLong(usrKey));

    }

 Revoke an user from role:

    public void revokeRoleByUsrKey(String roleName, String usrKey) throws Exception {

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

        String groupKey = role.getStringValue("Groups.Key");

        service.removeMemberUser(Long.parseLong(groupKey), Long.parseLong(usrKey));

    }

Get all members of a role : 

    public List<User> getRoleMembers(String roleName) throws Exception {

        List<User> userList = new ArrayList<User>();

        Map<String, String> filter = new HashMap<String, String>();

        filter.put("Groups.Role Name", roleName);

        tcResultSet role = service.findGroups(filter);

      String groupKey = role.getStringValue("Groups.Key");

        tcResultSet members = service.getAllMemberUsers(Long.parseLong(groupKey));

        for (int i = 0; i < members.getRowCount(); i++) {

                members.goToRow(i);

                long userKey = members.getLongValue("Users.Key");

                User member = oimUserManager.findUserByUserKey(String.valueOf(userKey));

                userList.add(member);

        }

       return userList;

    }


About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

© Oracle Blogs or respective owner

Related posts about /Oracle