REST API update existing Role

Hello
I try to modify existing role with the POST method. At the moment we have to much External Sites assigned to the existing role. When we use POST method ./IEM post NEW_ROLE_CONTENT.xml role/role_id the “Assigned site” section was only updated with the External Sites which did not exist. The issue is that at the moment we have about 36 external sites assigned and we need only 4. Those 4 new external site were added but old ones does not disappear. They still are present. Our work around is to delete the existing role and create new one but it is not a solution that we are looking for. I appreciate any suggestions.

I use POST method described here:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/RESTAPI%20Role

Did you mean the settings of site permission of roles?
If So, set the “None” value against the site which you want to remove site permission in ROLE_CONTENT.xml.
I use PUT Method when updating roles.
Maybe,Post Method will work similarly.

In Addition SitePermissionString is difined in BESAPI.xsd. Please check.

    >   <xs:simpleType name="SitePermissionString">
    >         <xs:restriction base="xs:normalizedString">
    >             <xs:enumeration value="Owner" />
    >             <xs:enumeration value="Reader" />
    >             <xs:enumeration value="Writer" />
    >             <xs:enumeration value="None" />
    >         </xs:restriction>
    >     </xs:simpleType>

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/BESAPI.xsd

Thank You for feedback. Yes, I have tested today the steps:

  1. Get all Roles from the API
  2. Obtein from xml roles which needs to be updated with new external sites
  3. Change Permission section from Reader to None, in external sites which are not longer needed
  4. run ./iem POST NEW_ROLE.XML role/ROLE_ID
  5. External sites which have NONE permssions disappear from the role we want to be updated

the main disadvantage is that we update each role by POST the new actionsite is created.

Have you tried using PUT instead of POST ?

I did not check it, but the POST method is ok for us.