How to retrieve a list of IQ Server roles and associated users?

Is there an API that allows me to retrieve a list of IQ Server roles and associated users for e.g. Auditing purposes?


Although best practice is to manage users from LDAP, especially through the use of Groups, there may still be a need to know which users are associated with which roles and at what container in the IQ Server hierarchy (especially when Groups are not utilized). To retrieve a list of roles and it’s associated users for the Root Organization or any given Organization or Application, we can use (and extend) the Application REST API.

Command Format

curl -u username:password <IQ Server URL>/api/v2/<container type (i.e. organizations or applications)>/<Internal ID>/roleMembers

Organization and Application ID

To retrieve a listing of Organization or Application Internal ID’s:

  • curl -u username:password <IQ Server URL>/api/v2/organizations
  • curl -u username:password <IQ Server URL>/api/v2/applications

To retrieve the exact Application ID desired, it will require that you input the Application Public ID:

  • curl -u username:password <IQ Server URL>/api/v2/applications?publicId={YourPublicId}

Command Examples

Root Organization

curl -u admin:admin123 http://localhost:8070/api/v2/organizations/ROOT_ORGANIZATION_ID/roleMembers

Note: The Root Organization ID is literally “ROOT_ORGANIZATION_ID”. So, this will remain constant in the command.


curl -u admin:admin123 http://localhost:8070/api/v2/organizations/9d357efeee8c493f88bdee10a8d8d522/roleMembers


curl -u admin:admin123 http://localhost:8070/api/v2/applications/c091053714ec4b0fa46a2a866a2ba1e2/roleMembers

Note: CLM-8424 prevents the application command from retrieving inherited roles and users from it’s parent Organization or Root Organization. As a workaround, you can execute each of the above commands for a given application (i.e. For it’s applicable parent Organization) and aggregate the results to determine the application’s local users and inherited users.