How do I maintain relationships for a managed user in IDM (All versions) using REST Patch operations?
The purpose of this article is to provide information on maintaining relationships for a managed user in IDM using REST Patch operations (add, replace and remove). This applies to all any-to-many relationships such as roles or members.
Adding relationships
You can add relationships to a managed user using the Patch operation in two ways; add a relationship to the user's existing list of relationships or replace the user's existing list of relationships with a new value. Example curl commands for both these methods are shown below.
The key differences between the curl commands used are:
- for appending, the field value is "/field/-" and the array brackets [ ] are not needed for the value since the special hyphen construct is being used.
- for replacing, the field value is "/field" and the array brackets [ ] are needed.
Add a relationship to the user's existing list of relationships
If you want to add a relationship to the user's existing list of relationships, you can use a curl command such as the following (this example updates the members field):
- IDM 7 and later: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" -d '[ { "operation": "add", "field": "/members/-", "value": {"_ref" : "managed/user/14786a13-33c3-42d4-aadd-675b072339ee"} } ]' "http://localhost:8080/openidm/managed/role/employee"
- IDM 6.x: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" -d '[ { "operation": "add", "field": "/members/-", "value": {"_ref" : "managed/user/14786a13-33c3-42d4-aadd-675b072339ee"} } ]' "http://localhost:8080/openidm/managed/role/employee"
Replace the user's existing list of relationships with a new value
If you want to replace the user's existing list of relationships with a new value, you would use a curl command such as the following (this example updates the roles field):
- IDM 7 and later: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" -d '[ { "operation": "replace", "field": "/roles", "value": [ {"_ref" : "managed/role/employee"} ] } ]' "http://localhost:8080/openidm/managed/user/jdoe"
- IDM 6.x: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" -d '[ { "operation": "replace", "field": "/roles", "value": [ {"_ref" : "managed/role/employee"} ] } ]' "http://localhost:8080/openidm/managed/user/jdoe"
Removing relationships
You can remove a relationship using the Patch operation.
- IDM 7 and later: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-type: application/json" -d '[ { "operation" : "remove", "field" : "/roles", "value" : { "_ref": "managed/role/6bf4701a-7579-43c4-8bb4-7fd6cac552a1", "_refResourceCollection": "managed/role", "_refResourceId": "6bf4701a-7579-43c4-8bb4-7fd6cac552a1", "_refProperties": { "_id": "14786a13-33c3-42d4-aadd-675b072339ee", "_rev": "00000000baa999c1" } } } ]' "http://localhost:8080/openidm/managed/user/jdoe"
- IDM 6.x: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-type: application/json" -d '[ { "operation" : "remove", "field" : "/roles", "value" : { "_ref": "managed/role/6bf4701a-7579-43c4-8bb4-7fd6cac552a1", "_refResourceCollection": "managed/role", "_refResourceId": "6bf4701a-7579-43c4-8bb4-7fd6cac552a1", "_refProperties": { "_id": "14786a13-33c3-42d4-aadd-675b072339ee", "_rev": "00000000baa999c1" } } } ]' "http://localhost:8080/openidm/managed/user/jdoe"
You can also use the Delete operation as noted in Manipulate Roles Over REST and in the UI.
See Also
How do I remove elements of a string array using the REST Patch operation in IDM (All versions)?
Related Training
N/A
Related Issue Tracker IDs
N/A