Access right problems while using RestAPI

Question

We are working with RestAPI to make our own request system and 1IM (ver 7.1.2) works together. 
 3 tables - Person, ITShopOrg and PersonWantsOrg - will be will be read by request system, and write access is required for data insert on table 'PersonWantsOrg'. 
 There seems to be 2 ways to solve: 
 1. Create a system account with access rights to those 3 tables. 
 2. Create an AD account to do the same thing. 
 But we are not managed to get it work, because: 
 For option 1, system accounts do not have write access to PersonWantsOrg, an Employee account is required. 
 For option 2, Employee / AD accounts do not seem to be able to grant access to read or write tables directly via RestAPI. 
 Could anyone advise if we did anything wrong, or there are any other ways to achieve?

Robert Byrne · Answer

Hi, 
 You need to create a permission group with rights to those tables (Designer->Permissions->...). Then assign it to a One Identity Manager Application role. Then assign that role to your System User. These last steps are done in Manager. Then you will authenticate to the REST API using the DialogUser module. You can also authenticate to the REST API using an AD account, in this case specify the RoleBasedADSAccount Module in your AuthString when authenticating to the REST API and assign the Application role to the Person to whom the ADSAccount is linked. All the different authentication modules are documented in the REST API reference document. 
 If you have trouble with this, it will help if you watch the One Identity Manager you tube channel on permissions: https://www.youtube.com/playlist?list=PL242czeZwlAl46Xv0UnBDwTm-8VN5p4qI 
 hth, 
 Rob.

Endpoint Privilege Management

Access right problems while using RestAPI

Top Replies