Automated commit by github action: 3649855136

2025-12-10 12:27:48 +00:00 · 2022-12-08 15:50:02 +00:00
parent 7c8f49e20c
commit ec0ce0bc2e
13 changed files with 38 additions and 12 deletions
--- a/idn/beta/paths/access-profile.yaml
+++ b/idn/beta/paths/access-profile.yaml
@@ -45,22 +45,23 @@ patch:
  description: >-
    This API updates an existing Access Profile. The following fields are patchable:

-
    **name**, **description**, **enabled**, **owner**, **requestable**,
    **accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria**

-
-    > You can only add or replace **entitlements** that exist on the source that the access profile is attached to.  
-    You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.
-    
-    
-    >  Patching the value of the **requestable** field is only supported for customers enabled with the new Request 
-    Center. Otherwise, attempting to modify this field results in a 400 error.
-
-
    A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a
    SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to
    administer.
+
+    >  The maximum supported length for the description field is 2000 characters.
+    Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
+
+
+    > You can only add or replace **entitlements** that exist on the source that the access profile is attached to.
+    You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.
+
+
+    >  Patching the value of the **requestable** field is only supported for customers enabled with the new Request
+    Center. Otherwise, attempting to modify this field results in a 400 error.
  parameters:
    - name: id
      in: path
--- a/idn/beta/paths/access-profiles.yaml
+++ b/idn/beta/paths/access-profiles.yaml
@@ -119,11 +119,13 @@ post:
  summary: Create an Access Profile
  description: >-
    This API creates an Access Profile.
-    

    A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to
    call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the
    Access Profile's Source.
+
+    The maximum supported length for the description field is 2000 characters.
+    Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
  requestBody:
    required: true
    content:
--- a/idn/beta/paths/role.yaml
+++ b/idn/beta/paths/role.yaml
@@ -51,10 +51,12 @@ patch:
    **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**,
    **accessRequestConfig**, **revokeRequestConfig**, **segments**

-
    A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a
    token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated
    to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
+
+    The maximum supported length for the description field is 2000 characters.
+    Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
  parameters:
    - name: id
      in: path
--- a/idn/beta/paths/roles.yaml
+++ b/idn/beta/paths/roles.yaml
@@ -109,6 +109,9 @@ post:
    A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to
    call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile
    is associated with a Source with which the ROLE_SUBADMIN is not themselves associated.
+
+    The maximum supported length for the description field is 2000 characters.
+    Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
  requestBody:
    required: true
    content:
--- a/idn/v3/schemas/access/AccessProfile.yaml
+++ b/idn/v3/schemas/access/AccessProfile.yaml
@@ -11,6 +11,7 @@ properties:
    example: Employee-database-read-write
  description:
    type: string
+    nullable: true
    description: Information about the Access Profile
    example: Collection of entitlements to read/write the employee database
  created:
@@ -48,13 +49,16 @@ properties:
    example: true
  accessRequestConfig:
    $ref: './Requestability.yaml'
+    nullable: true
    description: Access request configuration for this object
  revocationRequestConfig:
    $ref: './Revocability.yaml'
+    nullable: true
    description: >-
      Revocation request configuration for this object.
  segments:
    type: array
+    nullable: true
    items:
      type: string
    description: List of IDs of segments, if any, to which this Access Profile is assigned.
--- a/idn/v3/schemas/access/ApprovalScheme.yaml
+++ b/idn/v3/schemas/access/ApprovalScheme.yaml
@@ -3,6 +3,7 @@ properties:
  approverType:
    type: string
    enum:
+      - APP_OWNER
      - OWNER
      - SOURCE_OWNER
      - MANAGER
@@ -10,6 +11,8 @@ properties:
    description: >-
      Describes the individual or group that is responsible for an approval step. Values are as follows.

+      **APP_OWNER**: The owner of the Application
+

      **OWNER**: Owner of the associated Access Profile or Role

@@ -25,6 +28,7 @@ properties:
    example: GOVERNANCE_GROUP
  approverId:
    type: string
+    nullable: true
    description: Id of the specific approver, used only when approverType is GOVERNANCE_GROUP
    example: 46c79819-a69f-49a2-becb-12c971ae66c6
  
--- a/idn/v3/schemas/access/ApprovalSchemeForRole.yaml
+++ b/idn/v3/schemas/access/ApprovalSchemeForRole.yaml
@@ -21,6 +21,7 @@ properties:
    example: GOVERNANCE_GROUP
  approverId:
    type: string
+    nullable: true
    description: Id of the specific approver, used only when approverType is GOVERNANCE_GROUP
    example: 46c79819-a69f-49a2-becb-12c971ae66c6
  
--- a/idn/v3/schemas/access/ProvisioningCriteriaLevel1.yaml
+++ b/idn/v3/schemas/access/ProvisioningCriteriaLevel1.yaml
@@ -1,4 +1,5 @@
 type: object
+nullable: true
 description: Defines matching criteria for an Account to be provisioned with a specific Access Profile
 properties:
    operation:
@@ -12,6 +13,7 @@ properties:
        nullable: true
    value:
        type: string
+        nullable: true
        description: >-
            String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS,
            NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is
--- a/idn/v3/schemas/access/ProvisioningCriteriaLevel2.yaml
+++ b/idn/v3/schemas/access/ProvisioningCriteriaLevel2.yaml
@@ -12,6 +12,7 @@ properties:
        nullable: true
    value:
        type: string
+        nullable: true
        description: >-
            String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS,
            NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is
--- a/idn/v3/schemas/access/RoleCriteriaKey.yaml
+++ b/idn/v3/schemas/access/RoleCriteriaKey.yaml
@@ -1,4 +1,5 @@
 type: object
+nullable: true
 description: Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
 properties:
    type:
--- a/idn/v3/schemas/access/RoleCriteriaLevel1.yaml
+++ b/idn/v3/schemas/access/RoleCriteriaLevel1.yaml
@@ -1,4 +1,5 @@
 type: object
+nullable: true
 description: Defines STANDARD type Role membership
 properties:
    operation:
@@ -7,6 +8,7 @@ properties:
        $ref: './RoleCriteriaKey.yaml'
    stringValue:
        type: string
+        nullable: true
        description: >-
            String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t
            the specified operation. If this criteria is a leaf node, that is, if the operation is one of
--- a/idn/v3/schemas/access/RoleCriteriaLevel2.yaml
+++ b/idn/v3/schemas/access/RoleCriteriaLevel2.yaml
@@ -1,4 +1,5 @@
 type: object
+nullable: true
 description: Defines STANDARD type Role membership
 properties:
    operation:
@@ -7,6 +8,7 @@ properties:
        $ref: './RoleCriteriaKey.yaml'
    stringValue:
        type: string
+        nullable: true
        description: >-
            String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t
            the specified operation. If this criteria is a leaf node, that is, if the operation is one of
--- a/idn/v3/schemas/access/RoleMembershipSelector.yaml
+++ b/idn/v3/schemas/access/RoleMembershipSelector.yaml
@@ -1,4 +1,5 @@
 type: object
+nullable: true
 description: >-
        When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or
        which are members of a given list of Identities.