Manage roles using Graph API

Query all OrganizationRole templates

/graph/OrganizationRole[@templateFor!=null]

Note: Users should not be associated with template role instances. Query an organization’s active roles (see below) to determine the OrganizationRole instances that can be assigned to users.

Query an organization’s active roles

Query the organization roles that can be assigned to users.

/graph/Organization[@id='ORG_ID']/~OneToMany/OrganizationRole

Make an organization role available to be assigned to organization members

This is how you create an OrganizationRole that is assignable to users. The idea is that a template role functions as a single point of truth on what an OrganizationRole allows users to do within an organization’s scope.

The OrganizationRole created by this call relates to a template role by an Implies relation. The end result is that changes to a template role immediately reflect as a change to several OrganizationRole objects that imply the edited template.

POST /graph

{
  "__objType": "OrganizationRole",
  "referenceFields": {
    "__objType": "HashMap",
    "Entries": [{
      "__objType": "KeyValue",
      "value": {
        "__objType": "String",
        "value": "${ORGANIZATION_ID}"
      },
      "key": {
        "__objType": "String",
        "value": "ref_Organization_id"
      }
      }]
	},
  "isBuiltIn": false,
  "name": "CustomerOrgAdmin in ${ORGANIZATION_NAME} (implies template)",
  "id": "${ORGANIZATION_ROLE_ID}",
  "rel_Relations": [{
    "rel_Relation": {
      "__objType": "ObjectRelation",
      "relationType": "com.tenduke.sdk2.types.object.graph.Implies",
      "relatedObjectType": "com.tenduke.sdk2.objectmodel.security.OrganizationRole"
      },
    "rel_RelatedObjectList": {
      "__objType": "RelatedObjectList",
      "rel_RelatedObjects": [{
        "__objType": "OrganizationRole",
        "relationAttributeObject": {
          "__objType": "Implies",
          "referenceFields": {
            "__objType": "HashMap",
            "Entries": [{
              "__objType": "KeyValue",
              "value": {
                "__objType": "UUID",
                "value": "${TEMPLATE_ROLE_ID}"
				      },
              "key": {
                "__objType": "String",
                "value": "ref_OrganizationRole_id2"
				      }
			      }, {
              "__objType": "KeyValue",
              "value": {
                "__objType": "UUID",
                "value": "${ORGANIZATION_ROLE_ID}"
				      },
              "key": {
                "__objType": "String",
                "value": "ref_OrganizationRole_id1"
				      }
			      }]
		      },
          "implieeId": "${TEMPLATE_ROLE_ID}",
          "id": $RANDOM_UUID,
          "implierId": "${ORGANIZATION_ROLE_ID}"
	      },
        "id": "${TEMPLATE_ROLE_ID}"
      }]
      }
	}]
}

Add an organization role to a user

POST /graph

operation=AddToRole&organizationId=$ORGANIZATION_ID&organizationRoleId=$ROLE_ID&profileId=$PROFILE_ID

$ROLE_ID is the value from the call when you make an organization role available to be assigned to organization members (see above).

Alternatively, query concrete OrganizationRole names by querying an organization’s active roles (see further above).