[midPoint] Expression - need a little help with "get role members"

[Stacy Brock]

Try this, via the REST API:

POST /midpoint/ws/rest/users/search HTTP/1.1
Authorization: ***** Hidden credentials *****
Content-Type: application/xml
Host: yourmidpoint.someplace.edu
Connection: close
User-Agent: Paw/3.1.7 (Macintosh; OS X/10.12.6) GCDHTTPRequest
Content-Length: 410

<?xml version="1.0"?>
<q:query xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
     <q:filter>
         <q:ref>
             <q:path>assignment/targetRef</q:path>
             <q:value oid="CHANGETHIS_ROLE_OID"/>
         </q:ref>
     </q:filter>
     <q:paging>
         <q:orderBy>name</q:orderBy>
         <q:offset>0</q:offset>
         <q:maxSize>10</q:maxSize>
	</q:paging>
</q:query>

Change "CHANGETHIS_ROLE_OID" to the OID of the role in question. Change 
path to "roleMembershipRef" for ACTIVE assignments. You'll definitely 
want to keep the paging on unless you only have a handful of users.

The result is a big glob of xml that you'll have to parse on your own, 
but the user OIDs should be in there.

Hope this helps,
-Stacy


On 10/16/18 1:47 PM, Wojciech Staszewski wrote:
> Hello Community!
> 
> I'm currently working on some script expression and I'm stuck for a while.
> I need a method to get a list of user oids - direct members of specified
> role,
> exactly like in the 'query playground' - 'users that have a direct
> assignment of a role' query example.
> Direct and active members would be more than great.
> 
> I was looking for it on midPoint API Distribution page with no success. :(
> Maybe you know if there is a method for this, ready and waiting to be
> used by me?
> 
> Thanks!
> WS
> 

-- 
Stacy Brock, Software Engineer, Identity and Access Management
Oregon State University | University Information and Technology