Use Privileges to Create a Delegated Administrator

You can use the Identity Cloud REST API to create an internal/role with privileges that have object, array, and relationship type attribute access. You can then use that role as a delegated administrator to perform operations on those attributes.

Use the following example to create a delegated administrator:

Note

If you want to experiment with delegated administrators in Postman, download and import this Postman collection.

To ensure a role object exists when roles are requested, you must create a managed role.

curl \
--header "Content-Type: application/json" \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "If-None-Match: *" \
--request PUT \
--data '{
  "name": "testManagedRole",
  "description": "a managed role for test"
}' \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_role/testManagedRole"
{
  "_id": "testManagedRole",
  "_rev": "00000000e0945865",
  "name": "testManagedRole",
  "description": "a managed role for test"
}
curl \
--header "Content-Type: application/json" \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "If-None-Match: *" \
--request PUT \
--data '{
  "userName": "psmith",
  "sn": "Smith",
  "givenName": "Patricia",
  "mail": "psmith@example.com",
  "telephoneNumber": "082082082",
  "password": "Passw0rd"
}' \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/psmith"
{
  "_id": "psmith",
  "_rev": "000000008fefe160",
  "userName": "psmith",
  "sn": "Smith",
  "givenName": "Patricia",
  "mail": "psmith@example.com",
  "telephoneNumber": "082082082",
  "accountStatus": "active",
  "effectiveRoles": [],
  "effectiveAssignments": []
}

In this step, you'll create two users with the following attributes:

  • preferences

  • manager

  • roles

curl \
--header "Content-Type: application/json" \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "If-None-Match: *" \
--request PUT \
--data '{
  "userName": "scarter",
  "sn": "Carter",
  "givenName": "Steven",
  "mail": "scarter@example.com",
  "telephoneNumber": "082082082",
  "password": "Passw0rd",
  "preferences": {
    "updates": true,
    "marketing": false
  },
  "manager": {"_ref" : "managed/realm-name_user/psmith"},
  "roles": [{"_ref" : "managed/realm-name_role/testManagedRole"}]
}' \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/scarter"
{
  "_id": "scarter",
  "_rev": "00000000a8d501f8",
  "userName": "scarter",
  "sn": "Carter",
  "givenName": "Steven",
  "mail": "scarter@example.com",
  "telephoneNumber": "082082082",
  "preferences": {
    "updates": true,
    "marketing": false
  },
  "accountStatus": "active",
  "effectiveRoles": [
    {
      "_ref": "managed/realm-name_role/testManagedRole"
    }
  ],
  "effectiveAssignments": []
}
curl \
--header "Content-Type: application/json" \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "If-None-Match: *" \
--request PUT \
--data '{
  "userName": "jdoe",
  "sn": "Doe",
  "givenName": "John",
  "mail": "jdoe@example.com",
  "telephoneNumber": "082082082",
  "password": "Passw0rd",
  "preferences": {
    "updates": true,
    "marketing": false
  },
  "manager": {"_ref" : "managed/realm-name_user/psmith"},
  "roles": [{"_ref" : "managed/realm-name_role/testManagedRole"}]
}' \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/jdoe"
{
  "_id": "jdoe",
  "_rev": "00000000b174fbd4",
  "userName": "jdoe",
  "sn": "Doe",
  "givenName": "John",
  "mail": "jdoe@example.com",
  "telephoneNumber": "082082082",
  "preferences": {
    "updates": true,
    "marketing": false
  },
  "accountStatus": "active",
  "effectiveRoles": [
    {
      "_ref": "managed/realm-name_role/testManagedRole"
    }
  ],
  "effectiveAssignments": []
}

You will delegate an internal/role with privileges to this user in the next step:

curl \
--header "Content-Type: application/json" \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "If-None-Match: *" \
--request PUT \
--data '{
  "userName": "bjensen",
  "sn": "Jensen",
  "givenName": "Barbara",
  "mail": "bjensen@example.com",
  "telephoneNumber": "082082082",
  "password": "Passw0rd"
}' \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/bjensen"
{
  "_id": "bjensen",
  "_rev": "0000000022fae330",
  "userName": "bjensen",
  "sn": "Jensen",
  "givenName": "Barbara",
  "mail": "bjensen@example.com",
  "telephoneNumber": "082082082",
  "accountStatus": "active",
  "effectiveRoles": [],
  "effectiveAssignments": []
}

This role will have the following privileges:

  • A managed/realm-name_user privilege with accessFlags attributes that are of types: "String", "boolean", and "number"; but also for:

    • An object type that is not a relationship (preferences).

    • An object type that is a relationship (manager).

    • Array types that are relationships (roles, authzRoles, reports).

  • A managed/realm-name_role privilege for viewing details of the "roles" property of a managed user.

  • An internal/role privilege for viewing the details of the "authzRoles" property of a managed user.

Note

You can populate the privilege filter field to apply a finer level of permissions for what a delegated administrator can see or do with certain objects. The filter field is omitted in this example to allow all.

For properties that are not relationships, such as preferences, you can't specify finer-grained permissions. For example, you can't set permissions on preferences/marketing.

curl \
--header "Content-Type: application/json" \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "If-None-Match: *" \
--request PUT \
--data '{
  "name": "internal_role_with_object_array_and_relationship_privileges",
  "description": "an internal role that has privileges for object & array types and relationships",
  "privileges": [
    {
      "name": "managed_user_privilege",
      "path": "managed/realm-name_user",
      "permissions": [
        "VIEW",
        "CREATE",
        "UPDATE",
        "DELETE"
      ],
      "actions": [],
      "accessFlags": [
        {
          "attribute": "userName",
          "readOnly": false
        },
        {
          "attribute": "password",
          "readOnly": false
        },
        {
          "attribute": "givenName",
          "readOnly": false
        },
        {
          "attribute": "sn",
          "readOnly": false
        },
        {
          "attribute": "mail",
          "readOnly": false
        },
        {
          "attribute": "description",
          "readOnly": false
        },
        {
          "attribute": "accountStatus",
          "readOnly": false
        },
        {
          "attribute": "telephoneNumber",
          "readOnly": false
        },
        {
          "attribute": "postalAddress",
          "readOnly": false
        },
        {
          "attribute": "city",
          "readOnly": false
        },
        {
          "attribute": "postalCode",
          "readOnly": false
        },
        {
          "attribute": "country",
          "readOnly": false
        },
        {
          "attribute": "stateProvince",
          "readOnly": false
        },
        {
          "attribute": "preferences",
          "readOnly": false
        },
        {
          "attribute": "roles",
          "readOnly": false
        },
        {
          "attribute": "manager",
          "readOnly": false
        },
        {
          "attribute": "authzRoles",
          "readOnly": false
        },
        {
          "attribute": "reports",
          "readOnly": false
        }
      ]
    },
    {
      "name": "managed_role_privilege",
      "path": "managed/realm-name_role",
      "permissions": [
        "VIEW"
      ],
      "actions": [],
      "accessFlags": [
        {
          "attribute": "name",
          "readOnly": true
        },
        {
          "attribute": "description",
          "readOnly": true
        }
      ]
    },
    {
      "name": "internal_role_privilege",
      "path": "internal/role",
      "permissions": [
        "VIEW"
      ],
      "actions": [],
      "accessFlags": [
        {
          "attribute": "name",
          "readOnly": true
        },
        {
          "attribute": "description",
          "readOnly": true
        },
        {
          "attribute": "authzMembers",
          "readOnly": true
        }
      ]
    }
  ]
}' \
"https://tenant-name.forgeblocks.com/openidm/internal/role/testInternalRole"
{
  "_id": "testInternalRole",
  "_rev": "0000000079775d19",
  "name": "internal_role_with_object_array_and_relationship_privileges",
  "description": "an internal role that has privileges for object & array types and relationships",
  "temporalConstraints": null,
  "condition": null,
  "privileges": [
    {
      "name": "managed_user_privilege",
      "path": "managed/realm-name_user",
      "permissions": [
        "VIEW",
        "CREATE",
        "UPDATE",
        "DELETE"
      ],
      "actions": [],
      "accessFlags": [
        {
          "attribute": "userName",
          "readOnly": false
        },
        {
          "attribute": "password",
          "readOnly": false
        },
        {
          "attribute": "givenName",
          "readOnly": false
        },
        {
          "attribute": "sn",
          "readOnly": false
        },
        {
          "attribute": "mail",
          "readOnly": false
        },
        {
          "attribute": "description",
          "readOnly": false
        },
        {
          "attribute": "accountStatus",
          "readOnly": false
        },
        {
          "attribute": "telephoneNumber",
          "readOnly": false
        },
        {
          "attribute": "postalAddress",
          "readOnly": false
        },
        {
          "attribute": "city",
          "readOnly": false
        },
        {
          "attribute": "postalCode",
          "readOnly": false
        },
        {
          "attribute": "country",
          "readOnly": false
        },
        {
          "attribute": "stateProvince",
          "readOnly": false
        },
        {
          "attribute": "preferences",
          "readOnly": false
        },
        {
          "attribute": "roles",
          "readOnly": false
        },
        {
          "attribute": "manager",
          "readOnly": false
        },
        {
          "attribute": "authzRoles",
          "readOnly": false
        },
        {
          "attribute": "reports",
          "readOnly": false
        }
      ]
    },
    {
      "name": "managed_role_privilege",
      "path": "managed/realm-name_role",
      "permissions": [
        "VIEW"
      ],
      "actions": [],
      "accessFlags": [
        {
          "attribute": "name",
          "readOnly": true
        },
        {
          "attribute": "description",
          "readOnly": true
        }
      ]
    },
    {
      "name": "internal_role_privilege",
      "path": "internal/role",
      "permissions": [
        "VIEW"
      ],
      "actions": [],
      "accessFlags": [
        {
          "attribute": "name",
          "readOnly": true
        },
        {
          "attribute": "description",
          "readOnly": true
        },
        {
          "attribute": "authzMembers",
          "readOnly": true
        }
      ]
    }
  ]
}

In this step, assign the internal/role from step 5 to the user created in step 4 by creating a relationship:

curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Content-Type: application/json" \
--request POST \
--data '{
  "_ref": "managed/realm-name_user/bjensen",
  "_refProperties": {}
}' \
"https://tenant-name.forgeblocks.com/openidm/internal/role/testInternalRole/authzMembers?_action=create"
{
  "_id": "732d3ab1-4319-41de-801b-80f4f4c97ef2",
  "_rev": "00000000e6dd99e0",
  "_ref": "managed/realm-name_user/bjensen",
  "_refResourceCollection": "managed/realm-name_user",
  "_refResourceId": "bjensen",
  "_refProperties": {
    "_id": "732d3ab1-4319-41de-801b-80f4f4c97ef2",
    "_rev": "00000000e6dd99e0"
  }
}

You can now perform operations as a delegated administrator, such as:

The query results display all users' properties that are allowed by the privileges:

curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--request GET \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user?_queryFilter=true&_pageSize=100&_fields=*,*_ref/*"
{
  "result": [
    {
      "_id": "psmith",
      "_rev": "000000008fefe160",
      "userName": "psmith",
      "sn": "Smith",
      "givenName": "Patricia",
      "mail": "psmith@example.com",
      "telephoneNumber": "082082082",
      "accountStatus": "active",
      "reports": [
        {
          "_ref": "managed/realm-name_user/scarter",
          "_refResourceCollection": "managed/realm-name_user",
          "_refResourceId": "scarter",
          "_refProperties": {
            "_id": "c4e296ba-b0bb-44b8-a3e5-8d7c1656cef2",
            "_rev": "00000000e6f694a4"
          },
          "userName": "scarter",
          "sn": "Carter",
          "givenName": "Steven",
          "mail": "scarter@example.com",
          "telephoneNumber": "082082082",
          "preferences": {
            "updates": true,
            "marketing": false
          },
          "accountStatus": "active",
          "_rev": "00000000a8d501f8",
          "_id": "scarter"
        },
        {
          "_ref": "managed/realm-name_user/jdoe",
          "_refResourceCollection": "managed/realm-name_user",
          "_refResourceId": "jdoe",
          "_refProperties": {
            "_id": "1e3dd17d-a540-4652-984a-60bd60e546d5",
            "_rev": "0000000066ee928d"
          },
          "userName": "jdoe",
          "sn": "Doe",
          "givenName": "John",
          "mail": "jdoe@example.com",
          "telephoneNumber": "082082082",
          "preferences": {
            "updates": true,
            "marketing": false
          },
          "accountStatus": "active",
          "_rev": "00000000b174fbd4",
          "_id": "jdoe"
        }
      ],
      "manager": null,
      "roles": [],
      "authzRoles": [],
      "_notifications": [],
      "_meta": {
        "_ref": "internal/usermeta/0c15f08b-cf2e-4408-b302-4f46a40bf943",
        "_refResourceCollection": "internal/usermeta",
        "_refResourceId": "0c15f08b-cf2e-4408-b302-4f46a40bf943",
        "_refProperties": {
          "_id": "da3e2429-ae6f-4ea6-b5db-d3112f7c9d6a",
          "_rev": "00000000fd019b55"
        },
        "_rev": "000000003d8f5ca1",
        "_id": "0c15f08b-cf2e-4408-b302-4f46a40bf943"
      }
    },
    {
      "_id": "scarter",
      "_rev": "00000000a8d501f8",
      "userName": "scarter",
      "sn": "Carter",
      "givenName": "Steven",
      "mail": "scarter@example.com",
      "telephoneNumber": "082082082",
      "preferences": {
        "updates": true,
        "marketing": false
      },
      "accountStatus": "active",
      "reports": [],
      "manager": {
        "_ref": "managed/realm-name_user/psmith",
        "_refResourceCollection": "managed/realm-name_user",
        "_refResourceId": "psmith",
        "_refProperties": {
          "_id": "c4e296ba-b0bb-44b8-a3e5-8d7c1656cef2",
          "_rev": "00000000e6f694a4"
        },
        "userName": "psmith",
        "sn": "Smith",
        "givenName": "Patricia",
        "mail": "psmith@example.com",
        "telephoneNumber": "082082082",
        "accountStatus": "active",
        "_rev": "000000008fefe160",
        "_id": "psmith"
      },
      "roles": [
        {
          "_ref": "managed/realm-name_role/testManagedRole",
          "_refResourceCollection": "managed/realm-name_role",
          "_refResourceId": "testManagedRole",
          "_refProperties": {
            "_id": "352d7864-3143-4c56-ae11-8f75c96e980a",
            "_rev": "00000000b9ef9689"
          },
          "name": "testManagedRole",
          "description": "a managed role for test",
          "_rev": "00000000e0945865",
          "_id": "testManagedRole"
        }
      ],
      "authzRoles": [],
      "_notifications": [],
      "_meta": {
        "_ref": "internal/usermeta/6677aad2-def9-4507-9ea0-edd95da8da43",
        "_refResourceCollection": "internal/usermeta",
        "_refResourceId": "6677aad2-def9-4507-9ea0-edd95da8da43",
        "_refProperties": {
          "_id": "cc32ab82-084a-455c-bf97-3f2f2a71f848",
          "_rev": "00000000f4819bb6"
        },
        "_rev": "0000000090ae5c88",
        "_id": "6677aad2-def9-4507-9ea0-edd95da8da43"
      }
    },
    {
      "_id": "jdoe",
      "_rev": "00000000b174fbd4",
      "userName": "jdoe",
      "sn": "Doe",
      "givenName": "John",
      "mail": "jdoe@example.com",
      "telephoneNumber": "082082082",
      "preferences": {
        "updates": true,
        "marketing": false
      },
      "accountStatus": "active",
      "reports": [],
      "manager": {
        "_ref": "managed/realm-name_user/psmith",
        "_refResourceCollection": "managed/realm-name_user",
        "_refResourceId": "psmith",
        "_refProperties": {
          "_id": "1e3dd17d-a540-4652-984a-60bd60e546d5",
          "_rev": "0000000066ee928d"
        },
        "userName": "psmith",
        "sn": "Smith",
        "givenName": "Patricia",
        "mail": "psmith@example.com",
        "telephoneNumber": "082082082",
        "accountStatus": "active",
        "_rev": "000000008fefe160",
        "_id": "psmith"
      },
      "roles": [
        {
          "_ref": "managed/realm-name_role/testManagedRole",
          "_refResourceCollection": "managed/realm-name_role",
          "_refResourceId": "testManagedRole",
          "_refProperties": {
            "_id": "a3f6be90-3009-4e87-af46-257306617bd9",
            "_rev": "00000000b8f69498"
          },
          "name": "testManagedRole",
          "description": "a managed role for test",
          "_rev": "00000000e0945865",
          "_id": "testManagedRole"
        }
      ],
      "authzRoles": [],
      "_notifications": [],
      "_meta": {
        "_ref": "internal/usermeta/5b844d7e-c200-4b67-9fad-fa346740c79d",
        "_refResourceCollection": "internal/usermeta",
        "_refResourceId": "5b844d7e-c200-4b67-9fad-fa346740c79d",
        "_refProperties": {
          "_id": "42aa7cf0-6726-461b-92f9-1a22dab0b3c3",
          "_rev": "000000003aa1993e"
        },
        "_rev": "000000003e4f5bba",
        "_id": "5b844d7e-c200-4b67-9fad-fa346740c79d"
      }
    },
    {
      "_id": "bjensen",
      "_rev": "0000000022fae330",
      "userName": "bjensen",
      "sn": "Jensen",
      "givenName": "Barbara",
      "mail": "bjensen@example.com",
      "telephoneNumber": "082082082",
      "accountStatus": "active",
      "reports": [],
      "manager": null,
      "roles": [],
      "authzRoles": [
        {
          "_ref": "internal/role/testInternalRole",
          "_refResourceCollection": "internal/role",
          "_refResourceId": "testInternalRole",
          "_refProperties": {
            "_id": "732d3ab1-4319-41de-801b-80f4f4c97ef2",
            "_rev": "00000000e6dd99e0"
          },
          "_id": "testInternalRole",
          "name": "internal_role_with_object_array_and_relationship_privileges",
          "description": "an internal role that has privileges for object & array types and relationships",
          "_rev": "0000000079775d19"
        }
      ],
      "_notifications": [],
      "_meta": {
        "_ref": "internal/usermeta/0fbeb220-5e95-42b4-9bdd-0464e23194d4",
        "_refResourceCollection": "internal/usermeta",
        "_refResourceId": "0fbeb220-5e95-42b4-9bdd-0464e23194d4",
        "_refProperties": {
          "_id": "cbdb3794-1629-424d-8d7a-9e9b0c93287f",
          "_rev": "000000002b5199f1"
        },
        "_rev": "000000002fbc5b92",
        "_id": "0fbeb220-5e95-42b4-9bdd-0464e23194d4"
      }
    }
  ],
  "resultCount": 4,
  "pagedResultsCookie": null,
  "totalPagedResultsPolicy": "NONE",
  "totalPagedResults": -1,
  "remainingPagedResults": -1
}
curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--request GET \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/jdoe?_fields=preferences"
{
  "_id": "jdoe",
  "_rev": "00000000b174fbd4",
  "preferences": {
    "updates": true,
    "marketing": false
  }
}
curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--request GET \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/scarter/roles?_queryFilter=true&_fields=*"
{
  "result": [
    {
      "_id": "352d7864-3143-4c56-ae11-8f75c96e980a",
      "_rev": "00000000b9ef9689",
      "_refResourceCollection": "managed/realm-name_role",
      "_refResourceId": "testManagedRole",
      "_refResourceRev": "00000000e0945865",
      "name": "testManagedRole",
      "description": "a managed role for test",
      "_ref": "managed/realm-name_role/testManagedRole",
      "_refProperties": {
        "_id": "352d7864-3143-4c56-ae11-8f75c96e980a",
        "_rev": "00000000b9ef9689"
      }
    }
  ],
  "resultCount": 1,
  "pagedResultsCookie": null,
  "totalPagedResultsPolicy": "NONE",
  "totalPagedResults": -1,
  "remainingPagedResults": -1
}
curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--request GET \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/scarter/manager?_fields=*"
{
  "_id": "c4e296ba-b0bb-44b8-a3e5-8d7c1656cef2",
  "_rev": "00000000e6f694a4",
  "_refResourceCollection": "managed/realm-name_user",
  "_refResourceId": "psmith",
  "_refResourceRev": "000000008fefe160",
  "userName": "psmith",
  "sn": "Smith",
  "givenName": "Patricia",
  "mail": "psmith@example.com",
  "telephoneNumber": "082082082",
  "accountStatus": "active",
  "_ref": "managed/realm-name_user/psmith",
  "_refProperties": {
    "_id": "c4e296ba-b0bb-44b8-a3e5-8d7c1656cef2",
    "_rev": "00000000e6f694a4"
  }
}
curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--header "Content-Type: application/json" \
--request PATCH \
--data '[ {
   "operation" : "replace",
   "field" : "reports",
   "value" : [{"_ref" : "managed/realm-name_user/scarter"}]
} ]' \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/psmith"
{
  "_id": "psmith",
  "_rev": "000000008fefe160",
  "userName": "psmith",
  "sn": "Smith",
  "givenName": "Patricia",
  "mail": "psmith@example.com",
  "telephoneNumber": "082082082",
  "accountStatus": "active"
}
curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--header "Content-Type: application/json" \
--request PATCH \
--data '[
  {
    "operation": "add",
    "field": "manager",
    "value": {"_ref" : "managed/realm-name_user/psmith"}
  }
]' \
https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/jdoe
{
  "_id": "jdoe",
  "_rev": "00000000b174fbd4",
  "userName": "jdoe",
  "sn": "Doe",
  "givenName": "John",
  "mail": "jdoe@example.com",
  "telephoneNumber": "082082082",
  "preferences": {
    "updates": true,
    "marketing": false
  },
  "accountStatus": "active"
}
curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--header "Content-Type: application/json" \
--request PATCH \
--data '[
  {
     "operation": "remove",
     "field": "manager"
  }
]' \
https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/jdoe
{
  "_id": "jdoe",
  "_rev": "00000000b174fbd4",
  "userName": "jdoe",
  "sn": "Doe",
  "givenName": "John",
  "mail": "jdoe@example.com",
  "telephoneNumber": "082082082",
  "preferences": {
    "updates": true,
    "marketing": false
  },
  "accountStatus": "active"
}
curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--header "Content-Type: application/json" \
--request PATCH \
--data '[
  {
    "operation": "replace",
    "field": "manager",
    "value": {"_ref" : "managed/realm-name_user/jdoe"}
  }
]' \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/scarter"
{
  "_id": "scarter",
  "_rev": "00000000a8d501f8",
  "userName": "scarter",
  "sn": "Carter",
  "givenName": "Steven",
  "mail": "scarter@example.com",
  "telephoneNumber": "082082082",
  "preferences": {
    "updates": true,
    "marketing": false
  },
  "accountStatus": "active"
}
curl \
--header "X-OpenIDM-Username: bjensen" \
--header "X-OpenIDM-Password: Passw0rd" \
--header "Content-Type: application/json" \
--request DELETE \
"https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/psmith"
{
  "_id": "psmith",
  "_rev": "000000008fefe160",
  "userName": "psmith",
  "sn": "Smith",
  "givenName": "Patricia",
  "mail": "psmith@example.com",
  "telephoneNumber": "082082082",
  "accountStatus": "active"
}
  • Using POST:

    curl \
    --header "Content-Type: application/json" \
    --header "X-OpenIDM-Username: bjensen" \
    --header "X-OpenIDM-Password: Passw0rd" \
    --request POST \
    --data '{
      "userName": "psmith",
      "sn": "Smith",
      "givenName": "Patricia",
      "mail": "psmith@example.com",
      "telephoneNumber": "082082082",
      "password": "Passw0rd"
    }' \
    "https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user"
    {
      "_id": "e5f6a856-9f3c-49fd-904c-c5f87004b682",
      "_rev": "000000004bbde938",
      "userName": "psmith",
      "sn": "Smith",
      "givenName": "Patricia",
      "mail": "psmith@example.com",
      "telephoneNumber": "082082082",
      "accountStatus": "active"
    }
  • Using PUT:

    curl \
    --header "Content-Type: application/json" \
    --header "X-OpenIDM-Username: bjensen" \
    --header "X-OpenIDM-Password: Passw0rd" \
    --header "If-None-Match: *" \
    --request PUT \
    --data '{
      "userName": "psmith",
      "sn": "Smith",
      "givenName": "Patricia",
      "mail": "psmith@example.com",
      "telephoneNumber": "082082082",
      "password": "Passw0rd"
    }' \
    "https://tenant-name.forgeblocks.com/openidm/managed/realm-name_user/psmith"
    {
      "_id": "psmith",
      "_rev": "00000000658fe17a",
      "userName": "psmith",
      "sn": "Smith",
      "givenName": "Patricia",
      "mail": "psmith@example.com",
      "telephoneNumber": "082082082",
      "accountStatus": "active"
    }

Note

For more examples, including working with filters, see the Postman collection.

Note

All patches are done with a PATCH request. Delegated administrator operations do not currently support using POST actions for patch requests (POST _action=patch will not work).

Read a different version of :