Hello dstaudt,

Thanks for your feedback.

I have traced the different tables using DB Dictionary hosting the Role function, but it is not easy task to manage that on SQL level (INSERTing records on all interlinked tables to ensure data integrity including UUID generation).

That's why using AXL is the best way.

I will give it a try using SQL, however, is there an example somewhere? The SQL INSERT to add new non-standard Role and link it with some Application with the Access-level on each Application-Process?

Something like the below?

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/8.5">

   <soapenv:Header/>

   <soapenv:Body>

      <ns:executeSQLQuery sequence="?">

        <sql>INSERT INTO ....  </sql>

      </ns:executeSQLQuery>

   </soapenv:Body>

</soapenv:Envelope>

Thanks in advance.

Regards,

Moatassem

Indeed, you may need to do several manipulations to get where you want...perhaps something like:

Create a new role:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">
  <soapenv:Header/>
  <soapenv:Body>
      <ns:executeSQLUpdate>
        <sql>insert into functionrole (pkid,description,name) values (newid(),"New Role Description","New Role Name")</sql>
      </ns:executeSQLUpdate>
  </soapenv:Body>
</soapenv:Envelope>

Add a resource permission to the new role (you will need to somehow retrieve the UUID for the new role, i.e. by querying the functionrole table for the new row you just created:)

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">
  <soapenv:Header/>
  <soapenv:Body>
      <ns:executeSQLUpdate sequence="?">
        <sql>insert into functionroleresourcemap (pkid,fkfunctionrole,tkresource,permission) values (newid(),"[the new role UUID]",1,3)</sql>
      </ns:executeSQLUpdate>
  </soapenv:Body>
</soapenv:Envelope>

From there, you should be able to move back to <addUserGroup> etc., and proceed to actually define new user groups and put people into them.

Thank you so much!

I've made big progress because of you

But now I got stuck in something.

To add a new Role, you must select a certain Application, from which, you assign access permissions for the resources defined in this Application. So a Role can only be linked with one Application.

The BAT CSV export file from CUCM doesn't have any field indicating which Application the resources are in.

But there are duplicate Resources names in different Applications, how to know Application to get its tkapplication when inserting data into functionroleresourcemap table.

Example:

"Called Party Tracing" in both Applications:

- Cisco Call Manager Administration

- Called Party Tracing

This is causing ambiguity  .. I don't know which Application to start looking into the resources and build the INSERT T-SQL to SOAP it out!

Any help on this please?

Format of Role CSV Export:

FUNCTION ROLE DESCRIPTION,FUNCTION ROLE NAME,IS STANDARD FUNCTION ROLE,RESOURCE NAME 1,PERMISSION 1,RESOURCE NAME 2,PERMISSION 2,RESOURCE NAME 3,PERMISSION 3,RESOURCE NAME 4,PERMISSION 4,RESOURCE NAME 5,PERMISSION 5...etc

Hello,

I have built a logic to smartly deduce the Application for each Role.

Whenever I apply the below SOAP request via POST HTTP method:

I get the UserGroup (1TassemUG) created but without the Role whose UUID = 14cf73f9-4444-4f97-a5c1-dd010e4d3f7e?

What is wrong with the below?

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.0">

<soapenv:Header />

<soapenv:Body>

<ns:addUserGroup sequence = ""?"">

<userGroup>

<name>1TassemUG</name>

<userRoles>

<userRole>

<roleName uuid="14cf73f9-4444-4f97-a5c1-dd010e4d3f7e">

</roleName>

</userRole>

</userRoles>

</userGroup>

</ns:addUserGroup>

</soapenv:Body>

</soapenv:Envelope>

Can you please tell me an example of ListUserGroup? I am struggling to get it working:

I keep getting this error (No method found for processing request)

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">

<soapenv:Header />

<soapenv:Body>

<ns:listUserGroup sequence = "?">

<searchCriteria><name>%</name></searchCriteria>

<returnedTags uuid = "?"><name /></returnedTags>

</ns:listUserGroup>

</soapenv:Body>

</soapenv:Envelope>

Regards,

Moatassem

It appears the <roleName> element accepts only an element name, not a UUID attribute:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">    <soapenv:Header/>    <soapenv:Body>       <ns:addUserGroup sequence="1">          <userGroup>             <userRoles>                <userRole>                   <roleName>Standard EM Authentication Proxy Rights</roleName>                </userRole>             </userRoles>             <name>testUserGroup</name>          </userGroup>       </ns:addUserGroup>    </soapenv:Body> </soapenv:Envelope>

It looks like in the table 'typeresource' there is a field 'tkapplication' which maps to the 'typeapplication' table.  You should be able to map resource to application using this info:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">
   <soapenv:Header/>
   <soapenv:Body>
      <ns:addUserGroup sequence="1">
         <userGroup>
            <userRoles>
               <userRole>
                  <roleName>Standard EM Authentication Proxy Rights</roleName>
               </userRole>
            </userRoles>
            <name>testUserGroup</name>
         </userGroup>
      </ns:addUserGroup>
   </soapenv:Body>
</soapenv:Envelope>