Delete a community
Ontocloak currently has no user interface to delete a community. However, a community can become dormant simply by removing all users from the associated groups. A service desk user will still always have the ability to resurrect the community and appoint new owners even if the owner group is empty.
If a community really must be deleted, this can be performed using a REST request to the authorisation server. To do that, you need to use a set of credentials that have sufficient permissions to create/delete communities such as a Service Desk role.
| Before deleting a community it is prudent to remove the security label for the community from all resources it is on, this process will not alter the labels on the resources. Any resources where the community security label which is being deleted is the only label on the resources, no users will be able to access those resources after this community is deleted. If this occurs a Service Desk user will be required to remove the labels to give access back to the authors who should have access. |
Get a bearer token
The following cURL command gets a bearer token from the authorisation server.
cURL command to get a bearer token
| curl –location –request POST ‘https://authorisation-server/auth/realms/realm-name/protocol/openid-connect/token’ \ –header ‘Content-Type: application/x-www-form-urlencoded’ \ –data-urlencode ‘grant_type=client_credentials’ \ –data-urlencode ‘client_id=XXX’ \ –data-urlencode ‘client_secret=YYY’ |
where the following placeholders require completion for the specific installation
| Placeholder | Required value |
|---|---|
| authorisation-server | host name of the authorisation server for the solution |
| realm-name | realm id for the solution |
| XXX | client_id for the client credentials with appropriate access |
| YYY | client_secret for the client credentials with appropriate access |
The response will include a JSON payload similar to the following
| { “access_token”: “AAA”, “expires_in”: 3600, “refresh_expires_in”: 1800, “refresh_token”: “BBB”, “token_type”: “bearer”, “not-before-policy”: 1601356578, “session_state”: “12bd48fc-5373-410b-a016-f208fc827095”, “scope”: “” } |
Where “AAA” will be a long string of characters. This is the bearer token required in the next step.
List communities
The first step is to list the communities for the server. Without the exact community representation JSON, it is not possible to call the DELETE method to delete the community.
| curl –location –request GET ‘https://authorisation-server/auth/realms/realm-name/communities’ \ –header ‘Authorization: Bearer AAA’ |
Obviously in the above example the authorisation-server host name and the realm-name need to be replaced with the real values for the deployment.
The response is something like the following
| [ { “securityLabel”: “SNOMED”, “communityName”: “SNOMED” }, { “securityLabel”: “NDD”, “communityName”: “NHS Data Dictionary” }, { “securityLabel”: “bird”, “communityName”: “Bird watching” } ] |
Delete community
The list command above provides a way to get the exact details to send to delete a community. The HTTP DELETE request below shows how to delete a specific community.
| curl –location –request DELETE ‘https://authorisation-server/auth/realms/realm-name/communities’ \ –header ‘Authorization: Bearer AAA’ –header ‘Content-Type: application/json’ \ –data-raw ‘ { “securityLabel”: “bird”, “communityName”: “Bird watching” }’ |
This process will delete the following artefacts related to the community
- groups
- roles
- scopes
- underlying database record for the community and security label
No users will be removed when the roles are groups are deleted, any users in those groups or with those roles will simply not be in the groups/roles anymore but are otherwise unaffected.