Retrieve an application role

Retrieves the attributes of an application role.

Request

GET /GmaApi/ss/role/{roleUuID}

Example cURL request

curl -v -i -X GET -H "Authorization: Bearer 73d2039d-7767-495f-b40c-f766fcf8f0e2" -H "Accept: application/json,application/xml,text/html,application/atom+xml,text/xhtml" http://hostname/GmaApi/ss/role/1111111-1111-1111-1111-111111111111

Resource URI

https://hostname/GmaApi/ss/role/{roleUuID}

Authorization header

For information about obtaining an access token, see Request an access token.

Request parameters

Table 1. Path parameters
Parameter Type Required Description
roleUuID String Yes The roleUuID of the application role to retrieve.

Example response

{"status":{"success":true,"apiError":false,"message":"Success","errors":{}},"defau
ltRole":"22222222-2222-2222-2222-222222222222",roles:[]}

Response parameters

Table 2. Response parameters
Parameter Description
status Returns whether the request was successful. Returns an error when the request is unsuccessful. For more information about errors, see Errors.
roles An array of roles.
instanceId ID of the parent Cloud Identity Service instance.
name The name of the role.
description The description of the role.
uuid The universally unique identifier (UUID) of the role.
applicationSuites An array of Self Service applications that the role grants access to.
applicationId The ID of the application. The following possible application IDs are available.
  • 1. Profile management. Access for users to manage their own profile of user information.
  • 2. Self-registration. Access for users to the self-registration application.
  • 3. User name lookup. Access for users to the user name recovery application.
  • 4. Password reset. Access for users to the password reset application.
allowAccess A value of true gives access to the application.
viewPrefs Object containing Self Service profile application sections that the role grants access to.
reports Object containing the parameter and parameter values for the reports section of the Self Service profile application.
requests Object containing the parameter and parameter values for the requests section of the Self Service profile application.
services Object containing the parameter and parameter values for the services section of the Self Service profile application.
users Object containing the parameter and parameter values for the users section of the Self Service profile application.
appSectionCode The application section code for the Self Service profile application section.
  • reports. Access for users to manage the profiles of users that are their direct reports.
  • requests. Access for users to manage pending approval and recertification requests.
  • services. Access for users to view a list of services to which they belong, and the ability to request services.
  • users. Access for users to view profile information of other users.
show A value of true gives access to the Self Service profile application section.
defaultRole Specifies whether the role is the default role for the instance. A value of true indicates it is the default role.
preferences An object that contains manager preferences for managing users.
checkUsernameButton Specifies whether the role can use the check user name facility when a user is added.
demoteHelpDesk Specifies whether the role can demote a help desk user.
demoteManager Specifies whether the role can demote user accounts.
expirePwdHelpDesk Specifies whether the role can expire help desk user passwords.
expirePwdManager Specifies whether the role can expire user passwords.
filterOptions Object containing user and service filter options.
userFilter An array of objects that specify user filter options. Users are excluded from a search when a user attribute matches a specified value.
serviceFilter An array of objects that specify service filter options. Services are excluded from a search when a service attribute matches a specified value.
attributeName Name of attribute to be used as a filter to exclude users or services.
attributeValue The value of the attribute.
includeInResult  
searchOptions An object that contains the priorities by which attributes are sorted and displayed when a search for a user or a service is made in the Self Service profile application and other Self Service applications.
userSearch An array of objects. Each object contains details of an attribute and its search and display priority in user searches.
serviceSearch An array of objects. Each object contains details of an attribute and its search and display priority in service searches.
id  
name The name of the attribute.
mapping  
rank Specifies the order in which the attribute appears in any search. 1 for first, 2 for second, and so on.
viewPermissions An array of objects that specify view and edit permissions for identity attributes for different user profiles.
attributeName Name of the attribute to apply permissions to.
editable Indicates whether the attribute is editable.
visible Indicates whether the attribute is visible.
subjectType Details of the user profile to apply permissions to.
id The ID of the user profile.
  • 1. Any user.
  • 2. User own.
  • 3. Direct reports.
  • 4. Group membership.
  • 5. Service membership.
  • 6. Role membership.
subjectTypeSubjectId Only applicable when the ID is role membership. The ID of the role.
name Only applicable when the ID is service or group membership. Name of the service or group.
defaultRole The UUID of the default role for the instance.