Manage roles using Graph API
Query all OrganizationRole templates
/graph/OrganizationRole[@templateFor!=null]
Note: Users should not be associated with template role instances. Query an organization’s active roles (see below) to determine the OrganizationRole instances that can be assigned to users.
Query an organization’s active roles
Query the organization roles that can be assigned to users.
/graph/Organization[@id='ORG_ID']/~OneToMany/OrganizationRole
Make an organization role available to be assigned to organization members
This is how you create an OrganizationRole that is assignable to users. The idea is that a template role functions as a single point of truth on what an OrganizationRole allows users to do within an organization’s scope.
The OrganizationRole created by this call relates to a template role by an Implies relation. The end result is that changes to a template role immediately reflect as a change to several OrganizationRole objects that imply the edited template.
POST /graph
{
"__objType": "OrganizationRole",
"referenceFields": {
"__objType": "HashMap",
"Entries": [{
"__objType": "KeyValue",
"value": {
"__objType": "String",
"value": "${ORGANIZATION_ID}"
},
"key": {
"__objType": "String",
"value": "ref_Organization_id"
}
}]
},
"isBuiltIn": false,
"name": "CustomerOrgAdmin in ${ORGANIZATION_NAME} (implies template)",
"id": "${ORGANIZATION_ROLE_ID}",
"rel_Relations": [{
"rel_Relation": {
"__objType": "ObjectRelation",
"relationType": "com.tenduke.sdk2.types.object.graph.Implies",
"relatedObjectType": "com.tenduke.sdk2.objectmodel.security.OrganizationRole"
},
"rel_RelatedObjectList": {
"__objType": "RelatedObjectList",
"rel_RelatedObjects": [{
"__objType": "OrganizationRole",
"relationAttributeObject": {
"__objType": "Implies",
"referenceFields": {
"__objType": "HashMap",
"Entries": [{
"__objType": "KeyValue",
"value": {
"__objType": "UUID",
"value": "${TEMPLATE_ROLE_ID}"
},
"key": {
"__objType": "String",
"value": "ref_OrganizationRole_id2"
}
}, {
"__objType": "KeyValue",
"value": {
"__objType": "UUID",
"value": "${ORGANIZATION_ROLE_ID}"
},
"key": {
"__objType": "String",
"value": "ref_OrganizationRole_id1"
}
}]
},
"implieeId": "${TEMPLATE_ROLE_ID}",
"id": $RANDOM_UUID,
"implierId": "${ORGANIZATION_ROLE_ID}"
},
"id": "${TEMPLATE_ROLE_ID}"
}]
}
}]
}
Add an organization role to a user
POST /graph
operation=AddToRole&organizationId=$ORGANIZATION_ID&organizationRoleId=$ROLE_ID&profileId=$PROFILE_ID
$ROLE_ID
is the value from the call when you make an organization role available to be assigned to organization members (see above).
Alternatively, query concrete OrganizationRole names by querying an organization’s active roles (see further above).