Is there an API that allows me to retrieve a list of IQ Server roles and associated users for e.g. Auditing purposes?
2 Likes
Although best practice is to manage users from LDAP, especially through the use of Groups, there may still be a need to know which users are associated with which roles and at what container in the IQ Server hierarchy (especially when Groups are not utilized). To retrieve a list of roles and it’s associated users for the Root Organization or any given Organization or Application, we can use (and extend) the Application REST API.
Command Format
curl -u username:password <IQ Server URL>/api/v2/<container type (i.e. organizations or applications)>/<Internal ID>/roleMembers
Organization and Application ID
To retrieve a listing of Organization or Application Internal ID’s:
- curl -u username:password <IQ Server URL>/api/v2/organizations
- curl -u username:password <IQ Server URL>/api/v2/applications
To retrieve the exact Application ID desired, it will require that you input the Application Public ID:
- curl -u username:password <IQ Server URL>/api/v2/applications?publicId={YourPublicId}
Command Examples
Root Organization
curl -u admin:admin123 http://localhost:8070/api/v2/organizations/ROOT_ORGANIZATION_ID/roleMembers
Note: The Root Organization ID is literally “ROOT_ORGANIZATION_ID”. So, this will remain constant in the command.
Organization
curl -u admin:admin123 http://localhost:8070/api/v2/organizations/9d357efeee8c493f88bdee10a8d8d522/roleMembers
Application
curl -u admin:admin123 http://localhost:8070/api/v2/applications/c091053714ec4b0fa46a2a866a2ba1e2/roleMembers
Note: CLM-8424 prevents the application command from retrieving inherited roles and users from it’s parent Organization or Root Organization. As a workaround, you can execute each of the above commands for a given application (i.e. For it’s applicable parent Organization) and aggregate the results to determine the application’s local users and inherited users.
2 Likes