mirror of
https://github.com/LukeHagar/api-specs.git
synced 2025-12-09 20:37:50 +00:00
424d2b0bee
* IDNLANAI-8724: Promote role & access profile delete endpoints from /beta to /v3 * IDNLANAI-8724: Promote role & access profile delete endpoints from /beta to /v3' by github action: 6535095067
243 lines
7.6 KiB
YAML
243 lines
7.6 KiB
YAML
get:
|
|
operationId: getAccessProfile
|
|
tags:
|
|
- Access Profiles
|
|
summary: Get an Access Profile
|
|
description: >-
|
|
This API returns an Access Profile by its ID.
|
|
|
|
|
|
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to
|
|
call this API.
|
|
parameters:
|
|
- in: path
|
|
name: id
|
|
required: true
|
|
schema:
|
|
type: string
|
|
description: >-
|
|
ID of the Access Profile
|
|
example: 2c9180837ca6693d017ca8d097500149
|
|
responses:
|
|
'200':
|
|
description: An AccessProfile
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '../../v3/schemas/access/AccessProfile.yaml'
|
|
'400':
|
|
$ref: '../../v3/responses/400.yaml'
|
|
'401':
|
|
$ref: '../../v3/responses/401.yaml'
|
|
'403':
|
|
$ref: '../../v3/responses/403.yaml'
|
|
'429':
|
|
$ref: '../../v3/responses/429.yaml'
|
|
'500':
|
|
$ref: '../../v3/responses/500.yaml'
|
|
security:
|
|
- UserContextAuth: [idn:access-profile:read]
|
|
patch:
|
|
operationId: patchAccessProfile
|
|
tags:
|
|
- Access Profiles
|
|
summary: Patch a specified Access Profile
|
|
description: >-
|
|
This API updates an existing Access Profile. The following fields are patchable:
|
|
|
|
|
|
**name**
|
|
|
|
|
|
**description**
|
|
|
|
|
|
**enabled**
|
|
|
|
|
|
**owner**
|
|
|
|
|
|
**requestable**
|
|
|
|
|
|
**accessRequestConfig**
|
|
|
|
|
|
**revokeRequestConfig**
|
|
|
|
|
|
**segments**
|
|
|
|
|
|
**entitlements**
|
|
|
|
|
|
**provisioningCriteria**
|
|
|
|
|
|
**source** (must be updated with entitlements belonging to new source in the same API call)
|
|
|
|
|
|
If you need to change the `source` of the access profile, you can do so only if you update the `entitlements` in the same API call. The new entitlements can only come from the target source that you want to change to. Look for the example "Replace Source" in the examples dropdown.
|
|
|
|
|
|
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a
|
|
SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to
|
|
administer.
|
|
|
|
> The maximum supported length for the description field is 2000 characters.
|
|
Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
|
|
|
|
|
|
> You can only add or replace **entitlements** that exist on the source that the access profile is attached to.
|
|
You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.
|
|
|
|
|
|
> Patching the value of the **requestable** field is only supported for customers enabled with the new Request
|
|
Center. Otherwise, attempting to modify this field results in a 400 error.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
description: ID of the Access Profile to patch
|
|
required: true
|
|
schema:
|
|
type: string
|
|
example: 2c91808a7813090a017814121919ecca
|
|
requestBody:
|
|
content:
|
|
application/json-patch+json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '../schemas/JsonPatchOperation.yaml'
|
|
examples:
|
|
Add Entitlements:
|
|
description: Add one or more entitlements to the end of the list
|
|
value:
|
|
- op: add
|
|
path: /entitlements
|
|
value:
|
|
- id: 2c9180857725c14301772a93bb77242d
|
|
type: ENTITLEMENT
|
|
name: AD User Group
|
|
Insert Entitlement:
|
|
description: Add an entitlement at the beginning of the entitlement list
|
|
value:
|
|
- op: add
|
|
path: /entitlements/0
|
|
value:
|
|
id: 2c9180857725c14301772a93bb77242d
|
|
type: ENTITLEMENT
|
|
name: AD User Group
|
|
Replace Entitlements:
|
|
description: Replace all entitlements with a new list of entitlements
|
|
value:
|
|
- op: replace
|
|
path: /entitlements
|
|
value:
|
|
- id: 2c9180857725c14301772a93bb77242d
|
|
type: ENTITLEMENT
|
|
name: AD User Group
|
|
Remove Entitlement:
|
|
description: Remove the first entitlement in the list
|
|
value:
|
|
- op: remove
|
|
path: /entitlements/0
|
|
Replace Source:
|
|
description: Change the source and the entitlements of the access profile
|
|
value: [
|
|
{
|
|
"op": "replace",
|
|
"path": "/source",
|
|
"value": {
|
|
"id": "2c9180887671ff8c01767b4671fb7d5e",
|
|
"type": "SOURCE",
|
|
"name": "Employees"
|
|
}
|
|
},
|
|
{
|
|
"op": "replace",
|
|
"path": "/entitlements",
|
|
"value": [
|
|
{
|
|
"id": "2c9180877677453d01767b4b08f63386",
|
|
"type": "ENTITLEMENT",
|
|
"name": "DevRel"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
required: true
|
|
responses:
|
|
'200':
|
|
description: Responds with the Access Profile as updated.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '../../v3/schemas/access/AccessProfile.yaml'
|
|
'400':
|
|
$ref: '../../v3/responses/400.yaml'
|
|
'401':
|
|
$ref: '../../v3/responses/401.yaml'
|
|
'403':
|
|
$ref: '../../v3/responses/403.yaml'
|
|
'429':
|
|
$ref: '../../v3/responses/429.yaml'
|
|
'500':
|
|
$ref: '../../v3/responses/500.yaml'
|
|
security:
|
|
- UserContextAuth: [idn:access-profile:manage]
|
|
delete:
|
|
operationId: deleteAccessProfile
|
|
tags:
|
|
- Access Profiles
|
|
summary: Delete the specified Access Profile
|
|
description: >-
|
|
This API deletes an existing Access Profile.
|
|
|
|
|
|
The Access Profile must not be in use, for example, Access Profile can not be deleted if they belong to an Application, Life Cycle State or a Role. If it is, a 400 error is returned.
|
|
|
|
|
|
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition,
|
|
a SOURCE_SUBADMIN token must be able to administer the Source associated with the Access Profile.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
description: ID of the Access Profile to delete
|
|
required: true
|
|
schema:
|
|
type: string
|
|
example: 2c91808a7813090a017814121919ecca
|
|
responses:
|
|
'204':
|
|
$ref: "../../v3/responses/204.yaml"
|
|
'400':
|
|
description: Returned when an access profile cannot be deleted as it's being used.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '../../v3/schemas/ErrorResponseDto.yaml'
|
|
examples:
|
|
400.2.1.0 Object in use by another:
|
|
description: Returned when an access profile cannot be deleted as it's being used
|
|
value:
|
|
detailCode: 400.2.1.0 Object in use by another
|
|
trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3
|
|
messages:
|
|
- locale: en-US
|
|
localeOrigin: DEFAULT
|
|
text: The "testAccessProfile" access profile can't be deleted because it's in use.
|
|
'401':
|
|
$ref: '../../v3/responses/401.yaml'
|
|
'403':
|
|
$ref: '../../v3/responses/403.yaml'
|
|
'429':
|
|
$ref: '../../v3/responses/429.yaml'
|
|
'500':
|
|
$ref: '../../v3/responses/500.yaml'
|
|
security:
|
|
- UserContextAuth: [idn:access-profile:manage]
|
|
|