Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Operations Manager i10.62

Develop > Web Service Interfaces > User Management Web Services Interface > Examples

Examples

This section describes the recommended workflow for creating a role and assigning permissions to the role. In addition, the example creates user groups based on LDAP groups:

Optional. Set up event categories to fine tune permissions on events not assigned to users:
Example:

POST - https://<server>:<port>/opr-web/admin/rest/10.01/event_category_list
```
<event_category xmlns="http://www.hp.com/2009/software/opr/data_model">
   <category>MyEvtentCategory</category>
</event_category>
```
Get all available resources and operations:

Example:

GET - https://<server>:<port>/opr-web/admin/rest/10.01/auth_resource_list

For each permission you want to assign to a role, select the resource key and the operation key from the output. For example, to assign permissions to the User Group Assignments manager, the Content Pack manager, and the RTSM view All My Windows Servers, identify the following keys:

Example:

<auth_resource_list …>
<auth_resource>
   <key>omi-event-to-group</key>
   …
   <auth_operation_list>
      <auth_operation>
         <key>full-control</key>
<auth_resource>
   <key>omi-content-mgr</key>
   …
   <auth_operation_list>
      <auth_operation>
         <key>full-control</key>
<auth_resource>
   <key>rtsm-view</key>
   …
   <key>view</key>
   …
<auth_resource>
   <key>rtsm-view.All My Windows Servers</key>
…

Note If the <auth_resource> is part of <child_auth_resource_list>, it might not directly specify all operations. Instead, search at the parent <auth_resource> item.

Create a role and configure the permissions identified in the previous step:

Example:

POST – https://<server>:<port>/opr-web/admin/rest/10.01/role_list

<role xmlns="http://www.hp.com/2009/software/opr/data_model">
   <name>Role with RTSM views REST API</name>
   <permission>
      <resource_key>rtsm-view.All My Windows Servers</resource_key>
      <operation_key>view</operation_key>
   </permission>
   <permission>
      <resource_key>omi-event-to-group</resource_key>
      <operation_key>full-control</operation_key>
   </permission>
   <permission>
      <resource_key>omi-content-mgr</resource_key>
      <operation_key>full-control</operation_key>
   </permission>
   <permission>
      <resource_key>omi-event.unassigned-event.MyEventCategory</resource_key>
      <operation_key>assign-to</operation_key>
   </permission>
   <permission>
      <resource_key>omi-event.assigned-event</resource_key>
      <operation_key>launch-automatic-action</operation_key>
   </permission>
   <permission>
      <resource_key>omi-tool.Database_Operational_Tools</resource_key>
      <operation_key>execute</operation_key>
    </permission>
   <permission>
      <resource_key>omi-tool.MyToolCategory</resource_key>
      <operation_key>execute</operation_key>
   </permission>
</role>

Tip Get the role ID from the output for later use, for example:

<id>61a2d926-b9ab-42dd-99da-8ebe2a09c82c</id

Create a user group and assign the previously created role to the group:

Example: Grant permissions to users that are members of specific LDAP groups

Prerequisite. LDAP mapping settings must be configured with “Synchronize LDAP groups with OMi groups”.
List all available LDAP groups.

Example:

GET - https://<server>:<port>/opr-web/admin/rest/10.01/ldap_group_list

Identify the LDAP groups in the output to which you want to assign to the role.

Submit the following POST request:

Example:

POST – https://<server>:<port>/opr-web/admin/rest/10.01/user_group_list

<user_group xmlns="http://www.hp.com/2009/software/opr/data_model">
   <name>Group Name</name>
   <description>Group with LDAP mapping and Role for LDAP users</description>
   <event_assignment>true</event_assignment>
   <ldap_auto_assignment>false</ldap_auto_assignment>
   <user_group_to_role_list>
      <user_group_to_role>
         <role>
            <id>61a2d926-b9ab-42dd-99da-8ebe2a09c82c</id>
         </role>
      </user_group_to_role>
   </user_group_to_role_list>
   <ldap_group_list>
       <ldap_group>
         <name>EMEA Operators</name>
         <domain>emea</domain>
         <ldap_server>YourLDAPServer</ldap_server>
      </ldap_group>
      <ldap_group>
         <name>EMEA Administors</name>
         <domain>emea</domain>
         <ldap_server>YourLDAPServer</ldap_server>
      </ldap_group>
   </ldap_group_list>
</user_group>

Query to which groups a user belongs:

Retrieve the user's information and search for the related groups in the user_group_list:

GET- https://<server>:<port>/opr-web/admin/rest/10.01/user_object_list/{userID}

<user_object xmlns="http://www.hp.com/2009/software/opr/data_model" xmlns:xs="http://www.w3.org/2001/XMLSchema"> 
   <id>c58e8046-825e-4023-8091-c05d76ef7138</id>
   <version>0</version>
   <login>ingroup</login>
   <name>user in group</name>
   <email_address>example@example.com</email_address>
   <time_zone>America/La_Paz</time_zone>
   <ldap_user>false</ldap_user>
   <super_administrator>false</super_administrator>
   <inactive>false</inactive>
   <user_object_to_role_list>
      <user_object_to_role>
         <role>
            <id>626529a9-6cd2-494d-be64-38833b73ff77</id>
            <version>2</version>
            <name>DB Expert Role</name>
            <description>Expert permission for databases.</description>
         </role>
      </user_object_to_role>
   </user_object_to_role_list>
   <user_group_list>
      <user_group>
         <id>76ac4edb-1d29-4e42-9fee-d14fc732b02f</id>
         <version>1</version>
         <name>MiddleGroup</name>
         <event_assignment>true</event_assignment>
         <ldap_auto_assignment>false</ldap_auto_assignment>
      </user_group>
   </user_group_list>
</user_object>

Retrieve roles assigned to users or groups:

Retrieve all roles assigned to a specific user

GET- https://<server>:<port>/opr-web/admin/rest/10.01/role_list/user_object/{ID}

Retrieve all roles assigned to a specific group

GET- https://<server>:<port>/opr-web/admin/rest/10.01/role_list/user_group/{ID}

Remove a user from a group:

To remove a user from a group, first get the group, then remove the user from the users list of the output, and then send the request to modify the group without the specified user.

1. GET- https://<server>:<port>/opr-web/admin/rest/10.01/user_group_list/{groupID}

<user_group>
<id>00000000-0000-0000-8689-17929130e34a</id>
<version>1</version>
<name>Administrators</name>
<description>OMi Administrators</description>
<event_assignment>false</event_assignment>
<ldap_auto_assignment>false</ldap_auto_assignment>
<user_object_list>
   <user_object>
      <id>00000000-0000-0000-95ac-ae0c2214712b</id>
   </user_object>
   <user_object>
      <id>00000000-0000-0000-b315-65efb9991798</id>
   </user_object>
   <user_object>
      <id>00000000-0000-0000-8593-821aed2d2d52</id>
   </user_object>
   </user_object_list>
<user_group_to_role_list>
   <user_group_to_role>
      <role>
         <id>ca252aa1-11e7-4645-bcee-6757ea6ec2c5</id>
         <version>1</version>
         <name>Administrator Role</name>
         <description>All permissions</description>
      </role>
   </user_group_to_role>
</user_group_to_role_list>
</user_group>

2. Remove the user with ID 00000000-0000-0000-95ac-ae0c2214712b

<user_object>
   <id>00000000-0000-0000-95ac-ae0c2214712b</id>
</user_object>

3. Send the request to modify the group without the specified user(s).

PUT- https://<server>:<port>/opr-web/admin/rest/10.01/user_group_list/{groupID}

<user_group>
<id>00000000-0000-0000-8689-17929130e34a</id>
<user_object_list>
   <user_object>
      <id>00000000-0000-0000-b315-65efb9991798</id> 
   </user_object>
   <user_object>
      <id>00000000-0000-0000-8593-821aed2d2d52</id>
   </user_object>
</user_object_list>
<user_group_to_role_list>
   <user_group_to_role>
      <role>
         <id>ca252aa1-11e7-4645-bcee-6757ea6ec2c5</id>
      </role>
   </user_group_to_role>
</user_group_to_role_list>
</user_group>

Note: If the PUT request does not include the full list of roles assigned to the user, then the group loses the role assignment information as well.

Delete a group or a set of groups:

Delete a single group

DELETE - https://<server>:<port>/opr-web/admin/rest/10.01/user_group_list{groupID}

Delete a set of groups

To delete a set of groups, use the multiMode parameter to specify the group ids in a comma separated list of the id parameter:

https://<server>:<port>/opr-web/admin/rest/10.01/user_group_list/?multiMode=true&id=00000000-0000-0000-83d4-05bbbce8ebf,00000000-0000-0000-8e69-6e14d4d995a9

Send Help Center feedback