How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I remove elements of a string array using the REST Patch operation in IDM (All versions)?

Last updated Jan 12, 2023

The purpose of this article is to provide information on removing elements of a string array using the REST Patch operation in IDM. Alternatives using REST Delete operations are also given.

Removing elements of a string array

It is not possible to remove elements of a string array by relationship map. However, you can use one of the following approaches to remove elements instead:

Patch operations

For the following example managed user object:

{ "_id": "f3796bd2-1ec5-4220-bb69-8be34a83de4c", "_rev": "10", "userName": "jdoe", "givenName": "Joe", "sn": "Doe", "mail": "", "accountStatus": "active", "groups": [ "employee", "contractor" ], "authzRoles" : [ { "_ref" : "internal/role/openidm-admin" }, { "_ref" : "internal/role/openidm-authorized" } ] }
  • You can remove an element by value; for example to remove employee from the groups array: $ curl -X PATCH -H 'Content-type:application/json' -u openidm-admin:openidm-admin -d '[{"operation":"remove","field":"/groups","value":"employee"}]' http://localhost:8080/openidm/managed/user/f3796bd2-1ec5-4220-bb69-8be34a83de4c
  • You can remove an element by the array index of the element; for example to remove the first value from the authzRoles array ("_ref" : "internal/role/openidm-admin"): $ curl -X PATCH -H 'Content-type:application/json' -u openidm-admin:openidm-admin -d '[{"operation":"remove","field":"/authzRoles/0"}]' http://localhost:8080/openidm/managed/user/f3796bd2-1ec5-4220-bb69-8be34a83de4c

The _ref values shown for authzRoles use the endpoint applicable for IDM 6.5 and later. In previous versions, the endpoint was prefixed with repo/, for example: "repo/internal/role/openidm-admin".

Delete operations

  • You can remove an element by the ID of the relationship, for example: $ curl -X DELETE -H 'Content-type:application/json' -u openidm-admin:openidm-admin http://localhost:8080/openidm/managed/user/f3796bd2-1ec5-4220-bb69-8be34a83de4c/authzRoles/eedb8c82-6041-4493-b877-266931ff4c76
  • You can remove an element by removing the managed user from the role by specifying the relationship reference (f81f6bec-8712-4fe6-a7f8-a767d57a2016 in the following example): $ curl -X DELETE -H 'Content-type:application/json' -u openidm-admin:openidm-admin http://localhost:8080/openidm/managed/role/059b3554-807d-454a-9b11-c3a7085c6c4c/members/f81f6bec-8712-4fe6-a7f8-a767d57a2016

If you are attempting to remove elements from a managed object property, you must ensure the string array is correctly defined in the managed.json file (this is located in the /path/to/idm/conf directory).

See Also

How do I maintain relationships for a managed user in IDM (All versions) using REST Patch operations?


Using the REST API in IDM

Managed Objects

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.