You are here:

Get Active Directory Groups for a Role

{ getGroupsByRole }

Returns AD security groups used in a role

Method

/API2/access/getGroupsByRole

API Section: /API2/access

API Version: 2.0

From Release: 2018.5

Method operates via POST actions only.

Input Parameters

Name

roleId

Type

string

Description

The system role ID

Output Response

Successful Result Code

200

Response List Type

LdapGroupDetails[]

Description of Response Type

LDAP Group object with details of the groups found in the role. Note that the response is returned as a list of items of this object type.

Notes

Only applies if the Active Directory is used as the authentication provider

Examples

Create new Active Directory user (JavaScript):

This example demonstrates how to find and add a new user and roles in Pyramid, when using Active Directory authentication.

The example uses API authentication driven from JavaScript. See Authentication APIs for alternatives.

// URL of the Pyramid installation and the path to the API 2.0 REST methods
var pyramidURL = "http://mysite.com/api2/";

// step 1: authenticate admin account and get token. 
//This assumes authentication with Windows Authentication SSO. Therefore the account logging on is an admin account.
// NOTE: callApi method is a generic REST method shown below. And inside it, xhttp.withCredentials = true;
				
let token = callApi("auth/authenticateUserWindows",{},false); 
log("got token "+token);

//step 2: Get the defult tenant.
let defaultTenantResult = callApi("access/getDefaultTenant",{
	"auth": token // admin token generated above
});
let tenantId = defaultTenantResult.data;
log("default tenant, id= "+tenantId);

//step 3: search for an active directory user in the AD itself
let searchUsers=callApi("access/searchAdUsers",{
	"ldapUsersSearch":{
		"domainNetBios":"myAdDomain",
		"searchValue":"Smith",
		"ldapSearchType": 0, //search type enumeriation. 0 = exact
	},
	"auth": token // admin token generated above
});


let adUser = searchUsers.data[0];
log("adUser = "+adUser.firstName);

//step 4: creating a user using the results from the search in step 3
let createUser = callApi("access/createAdUser",{
	"newLdapUser": {
	"userName": adUser.userName, //using the search result from step 3 above
	"adminType": 0, //admin type
	"clientLicenseType": 100,//ClientLicenseType.Viewer
	"statusID": 1,
	"tenantId": tenantId, //tenant Id from above
	"adDomainName":"myAdDomain" 
	},
	"auth": token // admin token generated above
});
let userId = createUser.data.modifiedList[0].id;
log("created user "+userId);


//step 5: optional, changing the user from Viewer to Professional
let updateUser=callApi("access/updateAdUsers",{
	"updateLdapUser":[{
		"userName": adUser.userName,
		"adDomainName":"myAdDomain",
		"clientLicenseType": 200,//ClientLicenseType.Professional
	}],
	"auth": token
});


//step 6: creating 2 roles
let createRole=callApi("access/createRoles",{
	"data": [{
		"roleName": "role1",
		"tenantId": tenantId,
		"isGroupRole": false
	},{
		"roleName": "role2",
		"tenantId": tenantId,
		"isGroupRole": false
	}],
	"auth": token
});

let role1 = createRole.data.modifiedList[0].id;
let role2 = createRole.data.modifiedList[1].id;
log("created roles "+role1+","+role2);

//step 7: binding user to role1 from step 6
let addUserToRole=callApi("access/addUserToRole",{
	"addUserRoleData": {
		"userId":userId,
		"roleId":role1
	},
	"auth": token
});


//step 8: searchAdGroupsForUser, searching for AD groups of the given user in the given domain
let groups=callApi("access/searchAdGroupsForUser",{
	"searchData": {
		"domainNetBios":"myAdDomain",
		"userName":adUser.userName
	},
	"auth": token
});
log("groups of " + adUser.userName" + "+JSON.stringify(groups.data));
let selectedGroup=groups.data[0];


//step 9: add role2 to the AD security group from step 8
let addRoleToAdGroup=callApi("access/changeRoleAdGroupMembership",{
	"roleAdGroups": {
		"roleId":role2,
		"groupsToAdd":[{
			"domainNetBios":selectedGroup.domainAddress,
			"groupName":selectedGroup.name
		}]
	},
	"auth": token
});
log("addRoleToAdGroup "+JSON.stringify(addRoleToAdGroup));

//step 10: optional get all groups by role - this will find the selected Group from step 9
let groupsFound=callApi("access/getGroupsByRole",{
	"roleId":role2,
	"auth": token
});
log("found group "+groupsFound.data[0].name);

// ##### optional generic logging method for debugging ##############
function log(msg){
	document.write(msg);
	console.log(msg);
}

// ##### generic REST API calling method ##############
function callApi(path,data,parseResult=true){
	var xhttp = new XMLHttpRequest();
	
	//notice we changed callApi and added xhttp.withCredentials = true; to pass the windows credentials
	xhttp.withCredentials = true;
	
	xhttp.open("POST", pyramidURL+path, false);
	xhttp.send(JSON.stringify(data));
	if(parseResult){
		return JSON.parse(xhttp.responseText);
	}else{
		return xhttp.responseText;
	}
}

Feedback

Couldn't find what I was looking for

Help was confusing, unclear or incomplete

Instructions didn't work