Roles
The following REST endpoints are used to manage roles in ProcessMaker.
- Roles
- Get Roles List:
GET /roles
- Get Role Information:
GET /role/{rol_uid}
- Create Role:
POST /role
- Update Role:
PUT /role/{rol_uid}
- Delete Role:
DELETE /role/{rol_uid}
- Get Users with Role:
GET /role/{rol_uid}/users
- Available Users for Role:
GET /role/{rol_uid}/available-users
- Assign User to Role:
POST /role/{rol_uid}/user
- Unassign User from Role:
DELETE /role/{rol_uid}/user/{usr_uid}
- Permissions List for Role:
GET /role/{rol_uid}/permissions
- Available Permissions for Role:
GET /role/{rol_uid}/available-permissions
- Assign Permission to Role:
POST /role/{rol_uid}/permission
- Unassign Permission from Role:
DELETE /role/{rol_uid}/permission/{per_uid}
Get Roles List: GET /roles
Get a list of the roles in the workspace.
- GET /api/1.0/{workspace}/roles
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/roles Optional filters filter={text} Case insensitive text to search for in the role codes (but not the role names). Remember to URL encode in UTF-8, if it contains spaces, symbols or non-ASCII characters, using a function such as urlencode() in PHP or encodeURIComponent() in JavaScript. /api/1.0/workflow/roles?filter=reviewer start={number} Integer which indicates the initial position of the role. /api/1.0/workflow/roles?start=20&limit=10 limit={number} Integer which limits the number of roles returned /api/1.0/workflow/roles?start=30&limit=10
Result:
If successful, the HTTP status is200
(OK) and an array of role objects is returned,
such as:
{
"rol_uid": "00000000000000000000000000000002",
"rol_code": "PROCESSMAKER_ADMIN",
"rol_name": "System Administrator",
"rol_status": "ACTIVE",
"rol_system": "00000000000000000000000000000002",
"rol_create_date": "2015-03-19 07:55:48",
"rol_update_date": "",
"rol_total_users": 2
},
{
"rol_uid": "00000000000000000000000000000003",
"rol_code": "PROCESSMAKER_OPERATOR",
"rol_name": "Operator",
"rol_status": "ACTIVE",
"rol_system": "00000000000000000000000000000002",
"rol_create_date": "2015-03-20 08:45:09",
"rol_update_date": "",
"rol_total_users": 0
}
]
PHP example
Print out a list of the roles with "ACTIVE" status and the number of users assigned to each role.
$url = "/api/1.0/workflow/roles";
$oRet = pmRestRequest("GET", $url, $aVars, $oToken->access_token);
if ($oRet->status == 200) {
foreach ($oRet->response as $oRole) {
print "Active Roles:\n";
if ($oRole->rol_status == 'ACTIVE') {
print " {$oRole->rol_name}\t{$oRole->rol_total_users}\n";
}
}
}
Get Role Information: GET /role/{rol_uid}
Get information about a specified role.
- GET /api/1.0/{workspace}/role/{rol_uid}
URL Parameters:
-
Name Type Description workspace String Workspace name rol_uid String Role UID
Result:
If successful, the HTTP status is set to 200
and an object with information about the role is returned, such as
"rol_uid": "00000000000000000000000000000002",
"rol_code": "PROCESSMAKER_ADMIN",
"rol_name": "System Administrator",
"rol_status": "ACTIVE",
"rol_system": "00000000000000000000000000000002",
"rol_create_date": "2015-01-30 23:59:59",
"rol_update_date": "",
"rol_total_users": 2
}
Create Role: POST /role
Create a new role.
Permission:
- The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.
Structure:
- POST /api/1.0/{workspace}/role
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role
POST fields:
-
Name Description rol_code The role code, which is an identifier consisting of letters, numbers and underscores ("_"). It may not contain any spaces or special characters. rol_name The role name, which is any identifier which can contain any type of characters and is displayed in the ProcessMaker. rol_status Optional. Role status, which may be "ACTIVE" or "INACTIVE". If not specified, then set to "ACTIVE" by default. If set to "INACTIVE", any users assigned to the role will not be able to login to ProcessMaker, nor may any cases be assigned to those users.
Result:
If the role was created, then the HTTP status code is set to 201
(Created) and an object containing information about the new role is returned, such as:
"rol_uid": "55625662755e0e42fe83f41018778834",
"rol_code": "Case_Reviewer",
"rol_name": "Case Reviewer",
"rol_status": "ACTIVE",
"rol_system": "00000000000000000000000000000002",
"rol_create_date": "2015-11-18 22:45:52",
"rol_update_date": "",
"rol_total_users": 0
}
Update Role: PUT /role/{rol_uid}
Update information about a specified role.
Permission:
- The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.
Structure:
- PUT /api/1.0/{workspace}/role/{rol_uid}
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/14539701455e9bf5e9dfc40009566988 rol_uid Unique ID of role /api/1.0/workflow/role/14539701455e9bf5e9dfc40009566988
POST fields:
-
Name Description rol_code Optional. The role code, which is an identifier consisting of letters, numbers and underscores ("_"). It may not contain any spaces or special characters. rol_name Optional. The role name, which is any identifier which can contain any type of characters and is displayed in the ProcessMaker. rol_status Optional. Role status, which may be "ACTIVE" or "INACTIVE". If set to "INACTIVE", any users assigned to the role will not be able to login to ProcessMaker, nor may any cases be assigned to those users.
Result:
If the information about a case has been updated, then the HTTP status is set to 200
(OK) and there is no return object.
PHP example:
$roleId = '92775102755E9beea04c394090645988';
$aVars = array(
'rol_code' => 'Consultant',
'rol_name' => 'Consultant',
'rol_status' => 'INACTIVE'
);
$url = "/api/1.0/workflow/role/$roleId";
$oRet = pmRestRequest("PUT", $url, $aVars, $oToken->access_token);
if ($oRet->status == 200) {
print "Role changed to 'Consultant'.\n";
}
Delete Role: DELETE /role/{rol_uid}
Delete a specified role. Note that it is not possible to delete a role which still has assigned users, so all users must be assigned to different roles before deleting the role.
Permission:
- The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.
Structure:
- DELETE /api/1.0/{workspace}/role/{rol_uid}
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/14539701455e9bf5e9dfc40009566988 rol_uid Unique ID of role /api/1.0/workflow/role/14539701455e9bf5e9dfc40009566988
Result:
If the role is deleted, the HTTP status code is set to 200 and there is no return object. If the HTTP status code is 300 or greater than an error occurred and a error object will usually be returned, such as:"error": {
"code": 400,
"message": "Bad Request: This role cannot be deleted while it still has some assigned users."
}
}
PHP example:
$roleId = '92775102755E9beea04c394090645988';
$url = "/api/1.0/workflow/role/$roleId";
$oRet = pmRestRequest("DELETE", $url, null, $oToken->access_token);
if ($oRet->status == 200) {
print "Role deleted.\n";
}
ROLES - USERS
Get Users with Role: GET /role/{rol_uid}/users
Get a list of the users assigned to a role.
- GET /api/1.0/{workspace}/role/{rol_uid}/users
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/00000000000000000000000000000003/users rol_uid Unique ID of role /api/1.0/workflow/role/00000000000000000000000000000003/users Optional filters: filter={text} Case insensitive text to search for users in their first name, last name or username. Remember to URL encode in UTF-8, if it contains spaces, symbols or non-ASCII characters, using a function such as urlencode() in PHP or encodeURIComponent() in JavaScript. /api/1.0/workflow/role/00000000000000000000000000000003/users?filter=mary start={number} Integer which indicates the initial position of the user in the list. /api/1.0/workflow/role/00000000000000000000000000000003/users?start=20&limit=10 limit={number} Integer which limits the number of users returned. /api/1.0/workflow/role/00000000000000000000000000000003/users?start=30&limit=10
Result:
If successful, the HTTP status code is set to 200
(OK) and an array of user objects is returned, such as:
{
"usr_uid": "93284375552975187b60962076613156",
"usr_username": "jdoe",
"usr_firstname": "Jane",
"usr_lastname": "Doe",
"usr_status": "ACTIVE"
},
{
"usr_uid": "548562415529751a1e28ed0037315520",
"usr_username": "bsmith",
"usr_firstname": "Bob",
"usr_lastname": "Smith",
"usr_status": "ACTIVE"
}
]
If no users are assigned to the role, then an empty array will be returned.
Available Users for Role: GET /role/{rol_uid}/available-users
Get a list of users who currently are assigned to other roles and are available to be reassigned to the specified role.
- GET /api/1.0/{workspace}/role/{rol_uid}/available-users
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/00000000000000000000000000000003/available-users rol_uid Unique ID of role /api/1.0/workflow/role/00000000000000000000000000000003/available-users Optional filters: filter={text} Case insensitive text to search for in the first name, last name or username of users. Remember to URL encode in UTF-8, if it contains spaces, symbols or non-ASCII characters, using a function such as urlencode() in PHP or encodeURIComponent() in JavaScript. /api/1.0/workflow/role/00000000000000000000000000000003/available-users?filter=mary start={number} Integer which indicates the initial position of the user in the list. /api/1.0/workflow/role/00000000000000000000000000000003/available-users?start=20&limit=10 limit={number} Integer which limits the number of users returned. /api/1.0/workflow/role/00000000000000000000000000000003/available-users?start=30&limit=10
Result:
If successful, the HTTP status code is set to 200
(OK) and an array of user objects is returned, such as:
{
"usr_uid": "93284375552975187b60962076613156",
"usr_username": "jdoe",
"usr_firstname": "Jane",
"usr_lastname": "Doe",
"usr_status": "ACTIVE"
},
{
"usr_uid": "548562415529751a1e28ed0037315520",
"usr_username": "bsmith",
"usr_firstname": "Bob",
"usr_lastname": "Smith",
"usr_status": "ACTIVE"
}
]
If no users are assigned to other roles, then an empty array will be returned.
Assign User to Role: POST /role/{rol_uid}/user
Assign a user to a role.
Permission:
- The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.
Structure:
- POST /api/1.0/{workspace}/role/{rol_uid}/user
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/00000000000000000000000000000003/user rol_uid Unique ID of role. The 3 predefined roles in ProcessMaker are Administrator '00000000000000000000000000000002'
, Operator'00000000000000000000000000000003'
, and Manager'00000000000000000000000000000004'
./api/1.0/workflow/role/00000000000000000000000000000003/user
POST Fields:
-
Name Type Description usr_uid String Unique ID of user to be assigned to a role.
Result:
If the user has been successfully assigned to a role, then the HTTP status is set to 201
(Created) and there is no return object.
Note that the "admin" user may not be reassigned to a different role, which generates the following error:
"error": {
"code": 400,
"message": "Bad Request: The role of the administrator can not be changed!"
}
}
PHP example
$userId = '55625662755e0e42fe83f41018778834';
$roleId = '00000000000000000000000000000003'; //Operator role
$aVars = array(
'usr_uid' => $userId
);
$url = "/api/1.0/workflow/role/$roleId/user";
$oRet = pmRestRequest("POST", $url, $aVars, $oToken->access_token);
if ($oRet->status == 201) {
print "User $userId reassigned to Operator role.\n";
}
Unassign User from Role: DELETE /role/{rol_uid}/user/{usr_uid}
Unassign (remove) a user from a role. It is not recommended to call this endpoint, unless wishing for the user to have no role and be unable to login or be used in any capacity in ProcessMaker. The user will need to be reassigned to another role in order to have any function inside ProcessMaker.
Permission:
- The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.
Structure:
- DELETE /api/1.0/{workspace}/role/{rol_uid}/user/{usr_uid}
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/00000000000000000000000000000003/user/55625662755e0e42fe83f41018778834 rol_uid Unique ID of role. The 3 predefined roles in ProcessMaker are Administrator '00000000000000000000000000000002'
, Operator'00000000000000000000000000000003'
, and Manager'00000000000000000000000000000004'
./api/1.0/workflow/role/00000000000000000000000000000003/user/55625662755e0e42fe83f41018778834 usr_uid Unique ID of user /api/1.0/workflow/role/00000000000000000000000000000003/user/55625662755e0e42fe83f41018778834
Result:
If unassigned from the role, the HTTP status code is set to 200 (OK) and there is no return object. Otherwise, the HTTP status code is set to 300 or greater and an error object is often returned, such as:"error": {
"code": 400,
"message": "Bad Request: The user with usr_uid: 55625662755e0e42fe83f41018778834 is not assigned to the role."
}
}
PHP Example
$userId = '55625662755e0e42fe83f41018778834';
$roleId = '00611547a59021abb767b6e63f772ee2';
$url = "/api/1.0/workflow/role/$roleId/user/$userId";
$oRet = pmRestRequest("DELETE", $url, $aVars, $oToken->access_token);
if ($oRet->status == 200) {
print "User's role removed.\n";
}
ROLES - PERMISSIONS
Permissions List for Role: GET /role/{rol_uid}/permissions
Get a list of the permissions assigned to a specified role.
- GET /api/1.0/{workspace}/role/{rol_uid}/permissions
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/00000000000000000000000000000002/permissions rol_uid Unique ID of the Role. The 3 predefined roles in ProcessMaker are Administrator '00000000000000000000000000000002'
, Operator'00000000000000000000000000000003'
, and Manager'00000000000000000000000000000004'
./api/1.0/workflow/role/00000000000000000000000000000002/permissions Optional filters: filter={text} Case-insensitive text to search for in the permission codes. /api/1.0/workflow/role/00000000000000000000000000000002/permissions?filter=setup start={number} Position of the initial permission be returned /api/1.0/workflow/role/00000000000000000000000000000002/permissions?start=5&limit=5 limit={number} Number of permissions to be returned. /api/1.0/workflow/role/00000000000000000000000000000002/permissions?start=5&limit=5
Result:
If successful the HTTP status code is 200 and the response is an array of permission objects for the role, such as:{
"per_uid": "00000000000000000000000000000001",
"per_code": "PM_LOGIN",
"per_name": "Login"
},
{
"per_uid": "00000000000000000000000000000005",
"per_code": "PM_CASES",
"per_name": "Create cases"
}
]
PHP example:
Print out the list of permissions in the PROCESSMAKER_ADMIN role:
$roleId = '00000000000000000000000000000002';
$url = "/api/1.0/workflow/role/$roleId/permissions";
$oRet = pmRestRequest("GET", $url, null, $oToken->access_token);
if ($oRet->status == 200) {
print "Permissions in role $roleId:\n";
foreach ($oRet->response as $oPermission) {
print "\t$oPermission->per_code\n";
}
}
Available Permissions for Role: GET /role/{rol_uid}/available-permissions
Get a list of the available permissions, which can be assigned to a specified role.
- GET /api/1.0/{workspace}/role/{rol_uid}/available-permissions
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/00000000000000000000000000000003/available-permissions rol_uid Unique ID of the Role. The 3 predefined roles in ProcessMaker are Administrator '00000000000000000000000000000002'
, Operator'00000000000000000000000000000003'
, and Manager'00000000000000000000000000000004'
./api/1.0/workflow/role/00000000000000000000000000000003/available-permissions Optional filters: filter={text} Case-insensitive text to search for in the permission codes. /api/1.0/workflow/role/00000000000000000000000000000003/available-permissions?filter=setup start={number} Position of the initial permission be returned /api/1.0/workflow/role/00000000000000000000000000000003/available-permissions?start=5&limit=5 limit={number} Number of permissions to be returned. /api/1.0/workflow/role/00000000000000000000000000000003/available-permissions?start=5&limit=5
Result:
If successful the HTTP status code is 200 and the response is an array of available permission objects for the role, such as:{
"per_uid": "00000000000000000000000000000006",
"per_code": "PM_ALLCASES",
"per_name": "All Cases"
},
{
"per_uid": "00000000000000000000000000000018",
"per_code": "PM_CANCELCASE",
"per_name": "Cancel cases"
}
]
PHP example:
Search through the list of available permissions for the Operator role to see whether it includes the PM_DASHBOARD permission. If available, then assign it to the Operator role:
$roleId = '00000000000000000000000000000003'; //Operator role
$url = "/api/1.0/workflow/role/$roleId/available-permissions";
$oRet = pmRestRequest("GET", $url, null, $oToken->access_token);
if ($oRet->status == 200) {
$dashboardAvailable = false;
foreach ($oRet->response as $oPermission) {
if ($oPermission->per_code == 'PM_DASHBOARD') {
$dashboardAvailable = true;
$permissionId = $oPermission->per_uid;
}
//If PM_DASHBOARD available, then assign it to role
if ($dashboardAvailable) {
$aVars = array(
'per_uid' => $permissionId
);
$url = "/api/1.0/workflow/role/$roleId/permission";
$oRet2 = pmRestRequest("POST", $url, $aVars, $oToken->access_token);
if ($oRet2->status == 201) {
print "PM_DASHBOARD assigned to Operator role.\n";
}
}
else {
print "PM_DASHBOARD is already assigned to the Operator role.\n";
}
}
Assign Permission to Role: POST /role/{rol_uid}/permission
Assign a permission to a role.
Permission:
- The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.
Structure:
- POST /api/1.0/{workspace}/role/{rol_uid}/permission
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/00000000000000000000000000000003/permission rol_uid Unique ID of the Role. The 3 predefined roles in ProcessMaker are Administrator '00000000000000000000000000000002'
, Operator'00000000000000000000000000000003'
, and Manager'00000000000000000000000000000004'
./api/1.0/workflow/role/00000000000000000000000000000003/permission
POST Fields:
-
Name Type Description per_uid String Unique ID of the permission to assign to a role.
Result:
If the permission is successfully assigned to the role, then the HTTP status code is set to 201
(Created) and there is no response.
PHP example:
This example assigns the PM_REASSIGNCASE permission to the Operator role.
$roleId = '00000000000000000000000000000003'; //Operator role
$permissionId = '00000000000000000000000000000007'; //PM_REASSIGNCASE permission
$aVars = array(
'per_uid' => $permissionId
);
$url = "/api/1.0/workflow/role/$roleId/permission";
$oRet = pmRestRequest("POST", $url, $aVars, $oToken->access_token);
if ($oRet->status == 201) {
print "PM_REASSIGNCASE permission assigned to the Operator role.\n";
}
Unassign Permission from Role: DELETE /role/{rol_uid}/permission/{per_uid}
Unassign (remove) a permission from a role.
Permission:
- The logged-in user needs to have the PM_USERS permission in his/her role in order to be able to perform this action.
Structure:
- DELETE /api/1.0/{workspace}/role/{rol_uid}/permission/{per_uid}
URL Parameters:
-
Name Description Example workspace Workspace name /api/1.0/workflow/role/00000000000000000000000000000003/permission/00000000000000000000000000000007 rol_uid Unique ID of the Role. The 3 predefined roles in ProcessMaker are Administrator '00000000000000000000000000000002'
, Operator'00000000000000000000000000000003'
, and Manager'00000000000000000000000000000004'
./api/1.0/workflow/role/00000000000000000000000000000003/permission/00000000000000000000000000000007 per_uid Unique ID of the permission to unassign from the role. /api/1.0/workflow/role/00000000000000000000000000000003/permission/00000000000000000000000000000007
Result:
If the permission is successfully unassigned from the role, then the HTTP status code is set to 200
(OK) and there is no response.
"error": {
"code": 400,
"message": "Bad Request: The permissions of the "PROCESSMAKER_ADMIN" role can not be changed."
}
}
PHP example:
This example unassigns the PM_REASSIGNCASE permission from the Operator role.
$roleId = '00000000000000000000000000000003'; //Operator role
$permissionId = '00000000000000000000000000000007'; //PM_REASSIGNCASE permission
$url = "/api/1.0/workflow/role/$roleId/permission/$permissionId";
$oRet = pmRestRequest("DELETE", $url, null, $oToken->access_token);
if ($oRet->status == 200) {
print "PM_REASSIGNCASE permission unassigned from the Operator role.\n";
}