How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I maintain relationships for a managed user in IDM (All versions) using REST Patch operations?

Last updated Jan 12, 2023

The purpose of this article is to provide information on maintaining relationships for a managed user in IDM using REST Patch operations (add, replace and remove). This applies to all any-to-many relationships such as roles or members.

Adding relationships

You can add relationships to a managed user using the Patch operation in two ways; add a relationship to the user's existing list of relationships or replace the user's existing list of relationships with a new value. Example curl commands for both these methods are shown below.

The key differences between the curl commands used are:

  • for appending, the field value is "/field/-" and the array brackets [ ] are not needed for the value since the special hyphen construct is being used.
  • for replacing, the field value is "/field" and the array brackets [ ] are needed.

Add a relationship to the user's existing list of relationships

If you want to add a relationship to the user's existing list of relationships, you can use a curl command such as the following (this example updates the members field):

  • IDM 7 and later: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" -d '[ { "operation": "add", "field": "/members/-", "value": {"_ref" : "managed/user/14786a13-33c3-42d4-aadd-675b072339ee"} } ]' "http://localhost:8080/openidm/managed/role/employee"
  • IDM 6.x: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" -d '[ { "operation": "add", "field": "/members/-", "value": {"_ref" : "managed/user/14786a13-33c3-42d4-aadd-675b072339ee"} } ]' "http://localhost:8080/openidm/managed/role/employee"

Replace the user's existing list of relationships with a new value

If you want to replace the user's existing list of relationships with a new value, you would use a curl command such as the following (this example updates the roles field):

  • IDM 7 and later: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" -d '[ { "operation": "replace", "field": "/roles", "value": [ {"_ref" : "managed/role/employee"} ] } ]' "http://localhost:8080/openidm/managed/user/jdoe"
  • IDM 6.x: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" -d '[ { "operation": "replace", "field": "/roles", "value": [ {"_ref" : "managed/role/employee"} ] } ]' "http://localhost:8080/openidm/managed/user/jdoe"

Removing relationships

You can remove a relationship using the Patch operation.

The following examples update the roles field and remove the relationship from the array of relationships; you must include the entire relationship object in the value. See Create a Relationship Between Two Objects for further information on the relationship object and values.

  • IDM 7 and later: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-type: application/json" -d '[ { "operation" : "remove", "field" : "/roles", "value" : { "_ref": "managed/role/6bf4701a-7579-43c4-8bb4-7fd6cac552a1", "_refResourceCollection": "managed/role", "_refResourceId": "6bf4701a-7579-43c4-8bb4-7fd6cac552a1", "_refProperties": { "_id": "14786a13-33c3-42d4-aadd-675b072339ee", "_rev": "00000000baa999c1" } } } ]' "http://localhost:8080/openidm/managed/user/jdoe"
  • IDM 6.x: $ curl -X PATCH -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-type: application/json" -d '[ { "operation" : "remove", "field" : "/roles", "value" : { "_ref": "managed/role/6bf4701a-7579-43c4-8bb4-7fd6cac552a1", "_refResourceCollection": "managed/role", "_refResourceId": "6bf4701a-7579-43c4-8bb4-7fd6cac552a1", "_refProperties": { "_id": "14786a13-33c3-42d4-aadd-675b072339ee", "_rev": "00000000baa999c1" } } } ]' "http://localhost:8080/openidm/managed/user/jdoe"

You can also use the Delete operation as noted in Manipulate Roles Over REST and in the UI.

See Also

How do I remove elements of a string array using the REST Patch operation in IDM (All versions)?

Relationships Between Objects

Managed Users

Related Training

N/A

Related Issue Tracker IDs

N/A
Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.