During the past 8 years, our team has created several Oracle ACM Cases, supported by BPM Processes. For these cases and processes, numerous roles have been created to allow fine-grained access to user-groups, both small and large.
After all this time, the requirement came up to remove one of those cases, its corresponding processes and all related roles.
Removing those roles using the GUI in the Oracle BPM Workspace or Enterprise Manager can be a cumbersome task. We calculated that in this instance it would take one person several days to remove them all by hand.
So, in comes scripting!
Oracle offers the Weblogic Scripting Tool (or WLST for short) to run such a script.
On their website you can find several pieces of documentation, describing how to use WLST. For working with BPM roles, this document is relevant: https://docs.oracle.com/cd/E52734_01/oam/STIAM/policy_cred_wlst.htm#STIAM13035
But lo and behold! Exactly the command we need, namely deleteAppRole is not documented.
Luckily, with a bit of logical thinking, the correct syntax is not complicated.
To run the script, a few steps have to be followed.
First, using your favorite tool, connect to the weblogic server terminal.
Then run the following commands to start the WLS console.
sudo su - oracle cd /app/middleware/weblogic/installation/oracle_common/common/bin ./wlst.sh
And finally connect to the Weblogic t3 server using the following command (replace the parts with <> for your own situation).
You are now able to run the deleteAppRole commands. You can choose to do them one by one, or all of them at once.
The syntax is quite straightforward. Add values for the parameters AppStripe and AppRoleName, and that's it.
Here are few examples.
deleteAppRole(appStripe="OracleBPMProcessRolesApp", appRoleName="CompanyCase_1.0.Administrator") deleteAppRole(appStripe="OracleBPMProcessRolesApp", appRoleName="PaymentProcess_2.0.Accountant") deleteAppRole(appStripe="OracleBPMProcessRolesApp", appRoleName="PaymentProcess_2.0.Auditor")
After running these commands, you can check in BPM Workspace or Enterprise Manager if the roles have been deleted.