1 of 4

Export-import roles

Here, you can learn how to use APIs to export roles and their privileges from one Tuum environment and import them into another. This functionality aims to facilitate smooth replication for testing across different environments.

Tuum offers three API endpoints for exporting and importing roles and their associated privileges.

Export roles endpoint enables you to retrieve all roles or specific roles and their privileges from the source Tuum environment.
Partial import endpoint allows you to add a selected set of roles and their privileges to the target Tuum environment. Any existing roles and privileges in the target environment not included in the import will remain unchanged.
Complete import endpoint lets you delete all existing roles and their privileges in the target environment and replace them with new roles and privileges specified in the payload.

The export and import functionality is restricted to users with the EXPORT_IMPORT_ROLE_PRIVILEGES privilege. Learn here how to assign privileges.

Export selected roles

In this example, you can learn how to retrieve specific roles and their privileges from the source Tuum environment.

To export all roles and privileges, make the same API call with an empty request body.

Use case

In this example, we will export specific roles and privileges.

Use case data

API parameters with values

The role codes we're exporting roles and privileges for are: ACCOUNTANT and TEST_LT.

The system will export only roles and associated privileges with a valid validity range.

Sample API call

To export specific roles and privileges, make the following API call.

https://auth-api.sandbox.tuumplatform.com/api/v1/roles/privileges/export

Learn more about the endpoint in the Tuum developer portal.

Sample request

Below is an example request body of the API call for export roles.

{
  "roleCodes": [
    "ACCOUNTANT",
    "TEST_LT"
  ]
}

curl --location 'https://auth-api.sandbox.tuumplatform.com/api/v1/roles/privileges/export' \
--header 'Accept-Language: en-GB' \
--header 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGF1cmEgVGVlbcOkZ2kiLCJlbXBsb3llZUlkIjoiSUQtMTA1MCIsInRlbmFudENvZGUiOiJNQi5FVSIsImV4cGlyeURUaW1lIjoiMjAyNS0wMy0xOFQxMDo0NjoxMSIsImV4cCI6MTc0MjI5NDc3MSwicm9sZXMiOlsiQURNSU4iXX0.zD1buC7eTHM0cDgGMhThq1II6TUY3DdmfrHzDphcBdE' \
--header 'Content-Type: application/json' \
--data '{
  "roleCodes": [
    "ACCOUNTANT",
    "TEST_LT"
  ]
}'

Sample response

Below you find an example response body to the API call above.

Response

{
    "errors": null,
    "validationErrors": null,
    "data": {
        "rolesWithPrivileges": [
            {
                "roleCode": "ACCOUNTANT",
                "privilegeNames": [
                    "ADD_PERSON",
                    "APPROVE_APPLICATIONS",
                    "DISBURSE_LOAN",
                    "EDIT_CONTRACT",
                    "EDIT_LOAN_PRODUCTS",
                    "EDIT_PERSON",
                    "MANAGE_USERS",
                    "SEARCH_CONTRACT_DOCUMENTS",
                    "VIEW_GL_JOURNAL",
                    "VIEW_LOAN_CONTRACT",
                    "VIEW_LOAN_PRODUCTS",
                    "VIEW_PERSON",
                    "VIEW_PERSON_ADDITIONAL_CONTACT",
                    "VIEW_PERSON_GROUP_TYPE"
                ],
                "valid": true
            },
            {
                "roleCode": "TEST_LT",
                "privilegeNames": [
                    "MANAGE_USERS",
                    "READ_RESTRICTED_DATA",
                    "VIEW_EXTERNAL_CONTRACTS",
                    "VIEW_FOUREYE_REVIEW_RULE",
                    "VIEW_PERSON",
                    "VIEW_PERSON_GROUP_TYPE",
                    "VIEW_REVIEW_APPROVALS_CONFIGURATION"
                ],
                "valid": true
            }
        ]
    }
}

Result

The selected valid roles ACCOUNTANT and TEST_LT with related privileges have been exported.

Use the response content to import roles and privileges into the target environment.

Import selected roles

In this example, you can learn how to add specific roles and their privileges to the target Tuum environment.

If a role code already exists in the target environment, the import process replaces its current privileges with the imported ones.

Use case

We will import specific roles and associated privileges using the data retrieved in the previous export selected roles example.

Use case data

API parameters with values

The role codes we're importing roles and privileges for are: ACCOUNTANT and TEST_LT.

The roles and privileges combination was obtained from the endpoint.

In this example, the role ACCOUNTANT already existed in the target environment, but role TEST_LT is a new role.

The system will import only roles and associated privileges with a valid validity range.

Sample API call

To import specific roles and associated privileges to the target environment, make the following API call.

Ensure the target environment for the import is different from the export environment.

https://auth-api.target-environment.tuumplatform.com/api/v1/roles/privileges/import

Learn more about the endpoint in the Tuum developer portal.

Sample request

Below is an example request body of the API call for import roles.

curl --location --request PATCH 'https://target-environemnt.tuumaplatform.com/api/v1/roles/privileges/import' \
--header 'Accept-Language: en-GB' \
--header 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGF1cmEgVGVlbcOkZ2kiLCJlbXBsb3llZUlkIjoiSUQtMTM0OCIsInRlbmFudENvZGUiOiJNQiIsImV4cGlyeURUaW1lIjoiMjAyNS0wMy0yMFQxMzoxODowMCIsImV4cCI6MTc0MjQ3NjY4MCwicm9sZXMiOlsiQURNSU4iXX0.FsBEnzSkQdNXqBcl3C2BuPs1OsyYyIBT-efAXyr8sqk' \
--header 'Content-Type: application/json' \
--data '{
        "rolesWithPrivileges": [
            {
                "roleCode": "ACCOUNTANT",
                "privilegeNames": [
                    "ADD_PERSON",
                    "APPROVE_APPLICATIONS",
                    "DISBURSE_LOAN",
                    "EDIT_CONTRACT",
                    "EDIT_LOAN_PRODUCTS",
                    "EDIT_PERSON",
                    "MANAGE_USERS",
                    "SEARCH_CONTRACT_DOCUMENTS",
                    "VIEW_GL_JOURNAL",
                    "VIEW_LOAN_CONTRACT",
                    "VIEW_LOAN_PRODUCTS",
                    "VIEW_PERSON",
                    "VIEW_PERSON_ADDITIONAL_CONTACT",
                    "VIEW_PERSON_GROUP_TYPE"
                ],
                "valid": true
            },
            {
                "roleCode": "TEST_LT",
                "privilegeNames": [
                    "MANAGE_USERS",
                    "READ_RESTRICTED_DATA",
                    "VIEW_EXTERNAL_CONTRACTS",
                    "VIEW_FOUREYE_REVIEW_RULE",
                    "VIEW_PERSON",
                    "VIEW_PERSON_GROUP_TYPE",
                    "VIEW_REVIEW_APPROVALS_CONFIGURATION"
                ],
                "valid": true
            }
        ]
}
'

Sample response

Below you find an example response body to the API call above.

Response

{
    "errors": null,
    "validationErrors": null,
    "data": null
}

Result

The selected valid roles ACCOUNTANT and TEST_LT with related privileges have been imported.

Import all roles

In this example, you can learn how to replace all roles and their privileges in the target Tuum environment.

This endpoint is disabled for the Prod (Live) environment and is available only for non-Prod environments like DEV, TEST, or similar ones.

As a precondition to import, first export all roles and associated privileges by making the API call, as shown in the example of exporting selected roles with an empty request body.

Use case

In this example, we showcase the steps to replace all roles and associated privileges in the target environment using the data retrieved in your export roles request.

Use case data

API parameters with values

We want to import all roles to the target environment and thus we have to use the roles and privileges from the response of the export done before.

The system will import only roles and privileges with a valid validity range.

Sample API calls

To import all roles and privileges, make the following API call with the roles and associated privileges (exported before) in the request body.

https://auth-api.{another-environment}.tuumplatform.com/api/v1/roles/privileges/import

Learn more about the endpoint in the Tuum developer portal.

Result

All valid roles and their privileges in the target environment have been replaced with roles and associated privileges exported from the source environment.

Import selected roles

In this example, you can learn how to add specific roles and their privileges to the target Tuum environment.

If a role code already exists in the target environment, the import process replaces its current privileges with the imported ones.

Use case

We will import specific roles and associated privileges using the data retrieved in the previous export selected roles example.

Use case data

API parameters with values

The role codes we're importing roles and privileges for are: ACCOUNTANT and TEST_LT.

The roles and privileges combination was obtained from the endpoint.

In this example, the role ACCOUNTANT already existed in the target environment, but role TEST_LT is a new role.

The system will import only roles and associated privileges with a valid validity range.

Sample API call

To import specific roles and associated privileges to the target environment, make the following API call.

Ensure the target environment for the import is different from the export environment.

https://auth-api.target-environment.tuumplatform.com/api/v1/roles/privileges/import

Learn more about the endpoint in the Tuum developer portal.

Sample request

Below is an example request body of the API call for import roles.

curl --location --request PATCH 'https://target-environemnt.tuumaplatform.com/api/v1/roles/privileges/import' \
--header 'Accept-Language: en-GB' \
--header 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGF1cmEgVGVlbcOkZ2kiLCJlbXBsb3llZUlkIjoiSUQtMTM0OCIsInRlbmFudENvZGUiOiJNQiIsImV4cGlyeURUaW1lIjoiMjAyNS0wMy0yMFQxMzoxODowMCIsImV4cCI6MTc0MjQ3NjY4MCwicm9sZXMiOlsiQURNSU4iXX0.FsBEnzSkQdNXqBcl3C2BuPs1OsyYyIBT-efAXyr8sqk' \
--header 'Content-Type: application/json' \
--data '{
        "rolesWithPrivileges": [
            {
                "roleCode": "ACCOUNTANT",
                "privilegeNames": [
                    "ADD_PERSON",
                    "APPROVE_APPLICATIONS",
                    "DISBURSE_LOAN",
                    "EDIT_CONTRACT",
                    "EDIT_LOAN_PRODUCTS",
                    "EDIT_PERSON",
                    "MANAGE_USERS",
                    "SEARCH_CONTRACT_DOCUMENTS",
                    "VIEW_GL_JOURNAL",
                    "VIEW_LOAN_CONTRACT",
                    "VIEW_LOAN_PRODUCTS",
                    "VIEW_PERSON",
                    "VIEW_PERSON_ADDITIONAL_CONTACT",
                    "VIEW_PERSON_GROUP_TYPE"
                ],
                "valid": true
            },
            {
                "roleCode": "TEST_LT",
                "privilegeNames": [
                    "MANAGE_USERS",
                    "READ_RESTRICTED_DATA",
                    "VIEW_EXTERNAL_CONTRACTS",
                    "VIEW_FOUREYE_REVIEW_RULE",
                    "VIEW_PERSON",
                    "VIEW_PERSON_GROUP_TYPE",
                    "VIEW_REVIEW_APPROVALS_CONFIGURATION"
                ],
                "valid": true
            }
        ]
}
'

Sample response

Below you find an example response body to the API call above.

Response

{
    "errors": null,
    "validationErrors": null,
    "data": null
}

Result

The selected valid roles ACCOUNTANT and TEST_LT with related privileges have been imported.

Export selected roles

In this example, you can learn how to retrieve specific roles and their privileges from the source Tuum environment.

To export all roles and privileges, make the same API call with an empty request body.

Use case

In this example, we will export specific roles and privileges.

Use case data

API parameters with values

The role codes we're exporting roles and privileges for are: ACCOUNTANT and TEST_LT.

The system will export only roles and associated privileges with a valid validity range.

Sample API call

To export specific roles and privileges, make the following API call.

https://auth-api.sandbox.tuumplatform.com/api/v1/roles/privileges/export

Learn more about the endpoint in the Tuum developer portal.

Sample request

Below is an example request body of the API call for export roles.

{
  "roleCodes": [
    "ACCOUNTANT",
    "TEST_LT"
  ]
}

curl --location 'https://auth-api.sandbox.tuumplatform.com/api/v1/roles/privileges/export' \
--header 'Accept-Language: en-GB' \
--header 'x-auth-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiTGF1cmEgVGVlbcOkZ2kiLCJlbXBsb3llZUlkIjoiSUQtMTA1MCIsInRlbmFudENvZGUiOiJNQi5FVSIsImV4cGlyeURUaW1lIjoiMjAyNS0wMy0xOFQxMDo0NjoxMSIsImV4cCI6MTc0MjI5NDc3MSwicm9sZXMiOlsiQURNSU4iXX0.zD1buC7eTHM0cDgGMhThq1II6TUY3DdmfrHzDphcBdE' \
--header 'Content-Type: application/json' \
--data '{
  "roleCodes": [
    "ACCOUNTANT",
    "TEST_LT"
  ]
}'

Sample response

Below you find an example response body to the API call above.

Response

{
    "errors": null,
    "validationErrors": null,
    "data": {
        "rolesWithPrivileges": [
            {
                "roleCode": "ACCOUNTANT",
                "privilegeNames": [
                    "ADD_PERSON",
                    "APPROVE_APPLICATIONS",
                    "DISBURSE_LOAN",
                    "EDIT_CONTRACT",
                    "EDIT_LOAN_PRODUCTS",
                    "EDIT_PERSON",
                    "MANAGE_USERS",
                    "SEARCH_CONTRACT_DOCUMENTS",
                    "VIEW_GL_JOURNAL",
                    "VIEW_LOAN_CONTRACT",
                    "VIEW_LOAN_PRODUCTS",
                    "VIEW_PERSON",
                    "VIEW_PERSON_ADDITIONAL_CONTACT",
                    "VIEW_PERSON_GROUP_TYPE"
                ],
                "valid": true
            },
            {
                "roleCode": "TEST_LT",
                "privilegeNames": [
                    "MANAGE_USERS",
                    "READ_RESTRICTED_DATA",
                    "VIEW_EXTERNAL_CONTRACTS",
                    "VIEW_FOUREYE_REVIEW_RULE",
                    "VIEW_PERSON",
                    "VIEW_PERSON_GROUP_TYPE",
                    "VIEW_REVIEW_APPROVALS_CONFIGURATION"
                ],
                "valid": true
            }
        ]
    }
}

Result

The selected valid roles ACCOUNTANT and TEST_LT with related privileges have been exported.

Use the response content to import roles and privileges into the target environment.