Marcel_Grafenstein | 2024-01-31 11:08:01 UTC | #1
Hi,
are there some requirements for GET /api/v2/authorization/roles/{leftRoleId}/comparedefault/{rightRoleId}. I tried it in the API-Explorer with the admin role (default) and a custom role (self-created). Everytime I try it the response is: 400. Message: Could not find the role or default role.
Regards,
Marcel
Jerome.Saint-Marc | 2024-01-31 13:16:50 UTC | #2
Hello,
Not that I specifically know how this endpoint works, but I just tried it and managed to make it work.
I think that the confusion is in what you are supposed to set as rightRoleId. leftRoleId takes the id your role. rightRoleId takes a defaultRoleId (this is not an idea but values like qualityEvaluator, scriptDesigner, admin, ...).
If you get your roles with GET /api/v2/authorization/roles, you can find the possible values checking defaultRoleId attribute in a role.
Regards,
Marcel_Grafenstein | 2024-01-31 13:29:22 UTC | #3
Hello,
thank you I now tried it with admin and it works perfect.
Regards,
Marcel
ciwe | 2024-01-31 13:50:42 UTC | #4
Marcel_Grafenstein, post:1, topic:24400
api/v2/authorization/roles/{leftRoleId}/comparedefault/{rightRoleId}
Hello,
does somebody know if it is possible to find out which permissions of a default role are changed? Background is that our customer changed some permissions in their default roles and we want to know which permissions they are changed. So would be good if there is an API possibility to make comparison of a current default role and the same original default role permission settings without the need to reset the current default role to standard.
Thanks and best regards, Christian.
Jerome.Saint-Marc | 2024-01-31 15:47:43 UTC | #5
Hello,
That's what this endpoint does. It will compare the permissions defined in the role (the role with id equal to {leftRoleId}) with the permissions normally associated with a default role ({rightRoleId} equal to: admin, scriptDesigner, qualityEvaluator, ...).
Regards,
ciwe | 2024-02-01 13:25:24 UTC | #6
Hello Jerome,
thanks for your reply. So this shoud even work with comparison of a default role, right? Sorry didn't had time to test it yet...
Means when leftRoleId is e.g. the real role ID of "admin" role and rightRoleId="admin" then I would expect to get the difference permission setting in comparison to original default permission setting of admin role, right?
Thank you and best regards, Christian.
Jerome.Saint-Marc | 2024-02-01 13:34:23 UTC | #7
Hello,
As far as I understand it, it compares the role (identified by id = {rightRoleId}) with what a default role is supposed to contain at the time of the request. It is not comparing to "original settings of the admin role" (if by admin role, you are referring to the "admin" role that exists in your Genesys Cloud org after its creation). It is comparing to the permissions that the default role admin currently contains (if it was recreated, if it was created for a new org).
The reason why I am making a difference is that there are some org settings that determine if new permissions should be automatically added to these default roles or not.
Regards,
ciwe | 2024-02-05 10:34:17 UTC | #8
Hello Jerome,
thanks for that clarification. Yes with "admin" role I mean the default "admin" role after creation of a new Genesys Cloud org.
So when I know that the comparison is made between my custom role and a default role (e.g. admin) with its current permission set right when I made that request I am not really able to find out what customer changed in that default role after its creation.
Only workaround which I see here:
- make a custom copy of current admin role with all permissions and user assignments
- delete default admin role
- make recreation of admin role over API
- compare original default admin role after its recreation with custom copy (permission setting)
- restore default admin role with settings from my custom copy (permission settings, user assigments, settings)
- delete my custom copy of admin role
This should work. What do you think?
Thanks and greets, Christian.
Jerome.Saint-Marc | 2024-02-05 13:44:31 UTC | #9
ciwe, post:8, topic:24400
So when I know that the comparison is made between my custom role and a default role (e.g. admin) with its current permission set right when I made that request I am not really able to find out what customer changed in that default role after its creation.
I am not following your goal. The response of this endpoint will show what is different between leftRoleId role and the default rightRoleId role. You should just compare your custom role with the default role. That would mean some permissions are missing or are in addition (in your custom role - compared to default role). And therefore take action on this (deciding if these permissions should be there or not).
If your goal is to check the custom role with a set of permissions you used to create your role (don't know if you are talking about additional roles defined in your configuration, or the ones created by default when Genesys org is created), make a copy of this set of permissions (in a cfg/json file) and compare it with current permissions in the role.
ciwe, post:8, topic:24400
- delete default admin role
I would clearly NOT do this.
ciwe, post:8, topic:24400
- make a custom copy of current admin role with all permissions and user assignments
- delete default admin role
- make recreation of admin role over API
- compare original default admin role after its recreation with custom copy (permission setting)
Again, I don't understand why you are doing this. The endpoint we are discussing is giving you the difference between your custom admin role (leftRoleId) and the default admin role (rightRoleId equal to keynames like: admin, screenshareAgent, ...).
Regards,
ciwe | 2024-02-05 14:59:33 UTC | #10
Hello Jerome,
ok. Background is we don't have really custom roles in the Genesys org of our customer. So mostly customer use the default roles like user, admin and so on. So we are talking about the ones created by default when Genesys org is created.
After org was created we added and deleted some permissions in the default roles to customize the org to the needs and behaviours of customer. Later customer decided to manipulate itself the permission settings in the standard roles. And at least we want to know what he changed there. This is the background of the whole question. So my idea was to use that compare API endpoint for that purpose.
Sorry for that missing information.
As I understood from the last answers here is, that the compare endpoint don't really fit to that needs, right?
Thank you and best regards, Christian.
Jerome.Saint-Marc | 2024-02-05 15:47:42 UTC | #11
ciwe, post:10, topic:24400
After org was created we added and deleted some permissions in the default roles to customize the org to the needs and behaviours of customer.
It would have been necessary for you to record somewhere (in a file, email, word, ...) what you added and deleted from that role. There is no way for Genesys Cloud to be aware of the permissions you had added and removed (before considering this as the base role for your customer). So it can't compare an existing role - to a role you had customized and which was differing from the default role...
Regards,
system | 2024-03-06 15:48:31 UTC | #12
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 24400