Modify Active Directory Groups in a Role
{ changeRoleAdGroupMembership }
Add or Remove Active Directory groups attached to a role.
Method
/API2/access/changeRoleAdGroupMembership
API Section: /API2/access
API Version: 2.0
From Release: 2018.5
Method operates via POST actions only.
Input Parameters
The user object contains all relevant meta-data for the user.
Output Response
Description of Response Type
Generic API response object with success or failure flag and related messages.
Notes
Active Directory must be the authentication provider to use this function
Examples
Create new Active Directory user (JavaScript):
This example demonstrates how to find and add a new user and roles in Pyramid, when using Active Directory authentication.
The example uses API authentication driven from JavaScript. See Authentication APIs for alternatives.
var pyramidURL = "http://mysite.com/api2/";
let token = callApi("auth/authenticateUserWindows",{},false);
log("got token "+token);
let defaultTenantResult = callApi("access/getDefaultTenant",{
"auth": token
});
let tenantId = defaultTenantResult.data;
log("default tenant, id= "+tenantId);
let searchUsers=callApi("access/searchAdUsers",{
"ldapUsersSearch":{
"domainNetBios":"myAdDomain",
"searchValue":"Smith",
"ldapSearchType": 0,
},
"auth": token
});
let adUser = searchUsers.data[0];
log("adUser = "+adUser.firstName);
let createUser = callApi("access/createAdUser",{
"newLdapUser": {
"userName": adUser.userName,
"adminType": 0,
"clientLicenseType": 100,
"statusID": 1,
"tenantId": tenantId,
"adDomainName":"myAdDomain"
},
"auth": token
});
let userId = createUser.data.modifiedList[0].id;
log("created user "+userId);
let updateUser=callApi("access/updateAdUsers",{
"updateLdapUser":[{
"userName": adUser.userName,
"adDomainName":"myAdDomain",
"clientLicenseType": 200,
}],
"auth": token
});
let createRole=callApi("access/createRoles",{
"data": [{
"roleName": "role1",
"tenantId": tenantId,
"isGroupRole": false
},{
"roleName": "role2",
"tenantId": tenantId,
"isGroupRole": false
}],
"auth": token
});
let role1 = createRole.data.modifiedList[0].id;
let role2 = createRole.data.modifiedList[1].id;
log("created roles "+role1+","+role2);
let addUserToRole=callApi("access/addUserToRole",{
"addUserRoleData": {
"userId":userId,
"roleId":role1
},
"auth": token
});
let groups=callApi("access/searchAdGroupsForUser",{
"searchData": {
"domainNetBios":"myAdDomain",
"userName":adUser.userName
},
"auth": token
});
log("groups of " + adUser.userName" + "+JSON.stringify(groups.data));
let selectedGroup=groups.data[0];
let addRoleToAdGroup=callApi("access/changeRoleAdGroupMembership",{
"roleAdGroups": {
"roleId":role2,
"groupsToAdd":[{
"domainNetBios":selectedGroup.domainAddress,
"groupName":selectedGroup.name
}]
},
"auth": token
});
log("addRoleToAdGroup "+JSON.stringify(addRoleToAdGroup));
let groupsFound=callApi("access/getGroupsByRole",{
"roleId":role2,
"auth": token
});
log("found group "+groupsFound.data[0].name);
function log(msg){
document.write(msg);
console.log(msg);
}
function callApi(path,data,parseResult=true){
var xhttp = new XMLHttpRequest();
xhttp.withCredentials = true;
xhttp.open("POST", pyramidURL+path, false);
xhttp.send(JSON.stringify(data));
if(parseResult){
return JSON.parse(xhttp.responseText);
}else{
return xhttp.responseText;
}
}