How to retrieve a list of IQ Server roles and associated users?


#1

Is there an API that allows me to retrieve a list of IQ Server roles and associated users for e.g. Auditing purposes?


#2

Although best practice is to manage users from LDAP, especially through the use of Groups, there may still be a need to know which users are associated with which roles and at what container in the IQ Server hierarchy (especially when Groups are not utilized). To retrieve a list of roles and it’s associated users for the Root Organization or any given Organization or Application, we can use (and extend) the Application REST API.

Command Format

curl -u username:password <IQ Server URL>/api/v2/<container type (i.e. organizations or applications)>/<Internal ID>/roleMembers

Organization and Application ID

To retrieve a listing of Organization or Application Internal ID’s:

  • curl -u username:password <IQ Server URL>/api/v2/organizations
  • curl -u username:password <IQ Server URL>/api/v2/applications

To retrieve the exact Application ID desired, it will require that you input the Application Public ID:

  • curl -u username:password <IQ Server URL>/api/v2/applications?publicId={YourPublicId}

Command Examples

Root Organization

curl -u admin:admin123 http://localhost:8070/api/v2/organizations/ROOT_ORGANIZATION_ID/roleMembers

Note: The Root Organization ID is literally “ROOT_ORGANIZATION_ID”. So, this will remain constant in the command.

Organization

curl -u admin:admin123 http://localhost:8070/api/v2/organizations/9d357efeee8c493f88bdee10a8d8d522/roleMembers

Application

curl -u admin:admin123 http://localhost:8070/api/v2/applications/c091053714ec4b0fa46a2a866a2ba1e2/roleMembers

Note: CLM-8424 prevents the application command from retrieving inherited roles and users from it’s parent Organization or Root Organization. As a workaround, you can execute each of the above commands for a given application (i.e. For it’s applicable parent Organization) and aggregate the results to determine the application’s local users and inherited users.