Automated commit by github action: 4810365130

2025-12-06 12:27:46 +00:00 · 2023-04-26 15:13:18 +00:00
parent fe0d8e2015
commit c40c33306e
134 changed files with 387 additions and 309 deletions
--- a/static/api-specs/idn/beta/paths/access-profile-entitlements.yaml
+++ b/static/api-specs/idn/beta/paths/access-profile-entitlements.yaml
@@ -84,7 +84,7 @@ get:
      '500':
        $ref: '../../v3/responses/500.yaml'
    security:
-      - oauth2: [idn:access-profile:read]
+      - oauth2: [idn:access-profile:read, idn:access-profile:manage]



--- a/static/api-specs/idn/beta/paths/access-profile.yaml
+++ b/static/api-specs/idn/beta/paths/access-profile.yaml
@@ -36,7 +36,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:access-profile:read]
+    - oauth2: [idn:access-profile:read, idn:access-profile:manage]
 patch:
  operationId: patchAccessProfile
  tags:
--- a/static/api-specs/idn/beta/paths/access-profiles.yaml
+++ b/static/api-specs/idn/beta/paths/access-profiles.yaml
@@ -111,7 +111,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:access-profile:read]
+    - oauth2: [idn:access-profile:read, idn:access-profile:manage]
 post:
  operationId: createAccessProfile
  tags:
--- a/static/api-specs/idn/beta/paths/access-roles-change-segment-assignments.yaml
+++ b/static/api-specs/idn/beta/paths/access-roles-change-segment-assignments.yaml
@@ -2,7 +2,7 @@ post:
  operationId: accessRolesChangeSegmentAssignments
  tags:
    - Segments
-  summary: Change Segment assignments for roles and access-profiles only.
+  summary: Change Segment assignments.
  description: >-
    This API allows to change the Segment assignments for roles and access-profiles.

@@ -38,4 +38,4 @@ post:
      $ref: '../../v3/responses/500.yaml'

  security:
-    - oauth2: [idn:segments:write]
+    - oauth2: [idn:segments:manage]
--- a/static/api-specs/idn/beta/paths/account.yaml
+++ b/static/api-specs/idn/beta/paths/account.yaml
@@ -8,7 +8,7 @@ get:

    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:accounts:read]
+    - oauth2: [idn:accounts:read, idn:accounts:manage]
  parameters:
    - in: path
      name: id
--- a/static/api-specs/idn/beta/paths/accounts.yaml
+++ b/static/api-specs/idn/beta/paths/accounts.yaml
@@ -8,7 +8,7 @@ get:
    
    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:accounts:read]
+    - oauth2: [idn:accounts:read, idn:accounts:manage]
  parameters:
    - in: query
      name: detailLevel
@@ -56,14 +56,15 @@ get:
      content:
        application/json:
          schema:
-            type: array
-            items:
-              oneOf:
-                - $ref: '../schemas/SlimAccount.yaml'
-                - $ref: '../schemas/FullAccount.yaml'
-
+            oneOf:
+              - type: array
+                items:
+                  $ref: '../schemas/SlimAccount.yaml'
+              - type: array
+                items:
+                  $ref: '../schemas/FullAccount.yaml'
          examples:
-            Slim Accounts:
+            SlimAccounts:
              description: List of slim accounts that would result with *detailLevel = SLIM*
              value:
                - "attributes": null
@@ -83,7 +84,7 @@ get:
                  "uuid": "{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}"


-            Full Accounts:
+            FullAccounts:
              description: List of slim accounts that would result with *detailLevel = FULL*  or not specifying it
              value:
                - "attributes": null
--- a/static/api-specs/idn/beta/paths/connector-rule-validate.yaml
+++ b/static/api-specs/idn/beta/paths/connector-rule-validate.yaml
@@ -22,6 +22,8 @@ post:
        application/json:
          schema:
            $ref: '../schemas/ConnectorRuleValidationResponse.yaml'
+    '400':
+      $ref: '../../v3/responses/400.yaml'
    '401':
      $ref: '../../v3/responses/401.yaml'
    '403':
@@ -31,4 +33,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:connector-rule:read]
+    - oauth2: [idn:rule-management-connector:read, idn:rule-management-connector:manage]
--- a/static/api-specs/idn/beta/paths/connector-rule.yaml
+++ b/static/api-specs/idn/beta/paths/connector-rule.yaml
@@ -17,6 +17,7 @@ get:
      explode: false
      schema:
        type: string
+      example: 8c190e6787aa4ed9a90bd9d5344523fb
  responses:
    '200':
      description: Connector rule with the given ID
@@ -24,12 +25,20 @@ get:
        application/json:
          schema:
            $ref: '../schemas/ConnectorRuleResponse.yaml'
+    '400':
+      $ref: '../../v3/responses/400.yaml'
+    '401':
+      $ref: '../../v3/responses/401.yaml'
    '403':
      $ref: '../../v3/responses/403.yaml'
    '404':
      $ref: '../../v3/responses/404.yaml'
+    '429':
+      $ref: '../../v3/responses/429.yaml'
+    '500':
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:connector-rule:read]
+    - oauth2: [idn:rule-management-connector:read, idn:rule-management-connector:manage]

 put:
  tags:
@@ -51,6 +60,7 @@ put:
      explode: false
      schema:
        type: string
+      example: 8c190e6787aa4ed9a90bd9d5344523fb
  requestBody:
    description: >-
      The connector rule with updated data
@@ -67,6 +77,8 @@ put:
            $ref: '../schemas/ConnectorRuleResponse.yaml'
    '400':
      $ref: '../../v3/responses/400.yaml'
+    '401':
+      $ref: '../../v3/responses/401.yaml'
    '403':
      $ref: '../../v3/responses/403.yaml'
    '404':
@@ -76,7 +88,7 @@ put:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:connector-rule:write]
+    - oauth2: [idn:rule-management-connector:manage]

 delete:
  tags:
@@ -97,9 +109,14 @@ delete:
      explode: false
      schema:
        type: string
+      example: 8c190e6787aa4ed9a90bd9d5344523fb
  responses:
    '204':
      $ref: '../../v3/responses/204.yaml'
+    '400':
+      $ref: '../../v3/responses/400.yaml'
+    '401':
+      $ref: '../../v3/responses/401.yaml'
    '403':
      $ref: '../../v3/responses/403.yaml'
    '404':
@@ -109,5 +126,5 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:connector-rule:write]
+    - oauth2: [idn:rule-management-connector:manage]

--- a/static/api-specs/idn/beta/paths/connector-rules.yaml
+++ b/static/api-specs/idn/beta/paths/connector-rules.yaml
@@ -28,7 +28,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:connector-rule:read]
+    - oauth2: [idn:rule-management-connector:read, idn:rule-management-connector:manage]
 post:
  tags:
    - Connector Rule Management
@@ -64,4 +64,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:connector-rule:write]
+    - oauth2: [idn:rule-management-connector:manage]
--- a/static/api-specs/idn/beta/paths/ears-entitlement-parents.yaml
+++ b/static/api-specs/idn/beta/paths/ears-entitlement-parents.yaml
@@ -6,7 +6,7 @@ get:
  description: >-
    This API returns a list of all parent entitlements of a given entitlement.
  security:
-      - oauth2: ['idn:entitlement:read']
+      - oauth2: [idn:entitlement:read, idn:entitlement:manage]
  parameters:
    - $ref: '../../v3/parameters/limit.yaml'
    - $ref: '../../v3/parameters/offset.yaml'
--- a/static/api-specs/idn/beta/paths/ears-entitlement.yaml
+++ b/static/api-specs/idn/beta/paths/ears-entitlement.yaml
@@ -6,7 +6,7 @@ get:
  description: >-
    This API returns an entitlement by its ID.
  security:
-    - oauth2: ['idn:entitlement:read']
+    - oauth2: [idn:entitlement:read, idn:entitlement:manage]
  parameters:
    - in: path
      name: id
@@ -85,7 +85,7 @@ patch:

    A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.
  security:
-    - oauth2: ['idn:entitlement:update']
+    - oauth2: [idn:entitlement:manage]
  parameters:
    - name: id
      in: path
@@ -185,4 +185,4 @@ patch:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/entitlement-request-config.yaml
+++ b/static/api-specs/idn/beta/paths/entitlement-request-config.yaml
@@ -6,7 +6,7 @@ get:
  description: >-
    This API returns the entitlement request config for a specified entitlement.
  security:
-    - oauth2: ['idn:entitlement:read']
+    - oauth2: [idn:entitlement:read, idn:entitlement:manage]
  parameters:
    - in: path
      name: id
@@ -67,7 +67,7 @@ put:
  description: >-
    This API replaces the entitlement request config for a specified entitlement.
  security:
-    - oauth2: ['idn:entitlement:update']
+    - oauth2: [idn:entitlement:manage]
  parameters:
    - name: id
      in: path
@@ -125,4 +125,4 @@ put:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/entitlement.yaml
+++ b/static/api-specs/idn/beta/paths/entitlement.yaml
@@ -6,7 +6,7 @@ post:
  description: >-
    This internal endpoint creates an entitlement using the given entitlement payload
  security:
-    - oauth2: ['idn:entitlement:create']
+    - oauth2: [idn:entitlement:manage]
  requestBody:
    required: true
    content:
--- a/static/api-specs/idn/beta/paths/entitlements.yaml
+++ b/static/api-specs/idn/beta/paths/entitlements.yaml
@@ -4,7 +4,7 @@ get:
    - Entitlements
  summary: Gets a list of entitlements.
  security:
-    - oauth2: ['idn:entitlement:read']
+    - oauth2: [idn:entitlement:read, idn:entitlement:manage]
  description: >-
    This API returns a list of entitlements.

--- a/static/api-specs/idn/beta/paths/identity-profile-default-config.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profile-default-config.yaml
@@ -2,7 +2,7 @@ get:
  operationId: getDefaultIdentityAttributeConfig
  tags:
    - Identity Profiles
-  summary: Gets the default identity attribute config
+  summary: Default identity attribute config
  description: >-
    This returns the default identity attribute config

@@ -36,6 +36,6 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile-default-mapping:read]
+    - oauth2: [idn:identity-profile:manage]


--- a/static/api-specs/idn/beta/paths/identity-profile-refresh-identities.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profile-refresh-identities.yaml
@@ -2,7 +2,7 @@ post:
  operationId: refreshIdentityProfile
  tags:
    - Identity Profiles
-  summary: Refreshes all the identities under this profile
+  summary: Refreshes all identities under profile
  description: >-
    This refreshes all identities under the profile

@@ -33,6 +33,6 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:refresh]
+    - oauth2: [idn:identity-profile:manage]


--- a/static/api-specs/idn/beta/paths/identity-profile.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profile.yaml
@@ -36,7 +36,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:read]
+    - oauth2: [idn:identity-profile:read, idn:identity-profile:manage]

 delete:
  operationId: deleteIdentityProfile
@@ -77,7 +77,7 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:delete]
+    - oauth2: [idn:identity-profile:manage]

 patch:
  operationId: updateIdentityProfile
@@ -157,4 +157,4 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:update]
+    - oauth2: [idn:identity-profile:manage]
--- a/static/api-specs/idn/beta/paths/identity-profiles-bulk-delete.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profiles-bulk-delete.yaml
@@ -36,4 +36,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:delete]
+    - oauth2: [idn:identity-profile:manage]
--- a/static/api-specs/idn/beta/paths/identity-profiles-export.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profiles-export.yaml
@@ -27,6 +27,7 @@ get:


        **priority**: *eq, ne*
+      example: id eq 8c190e6787aa4ed9a90bd9d5344523fb
    - in: query
      name: sorters
      schema:
@@ -37,6 +38,7 @@ get:


        Sorting is supported for the following fields: **id**, **name**, **priority**
+      example: name,-priority
  responses:
    '200':
      description: List of export objects with identity profiles.
@@ -59,4 +61,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:read]
+    - oauth2: [idn:identity-profile:read, idn:identity-profile:manage]
--- a/static/api-specs/idn/beta/paths/identity-profiles-id.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profiles-id.yaml
@@ -23,8 +23,12 @@ delete:
          schema:
            $ref: '../../v3/schemas/BaseReferenceDto.yaml'
            description: A DTO with a TaskResult reference of the delete job
+    '400':
+      $ref: '../../v3/responses/400.yaml'
    '401':
      $ref: '../../v3/responses/401.yaml'
+    '403':
+      $ref: '../../v3/responses/403.yaml'
    '404':
      $ref: '../../v3/responses/404.yaml'
    '429':
@@ -32,7 +36,7 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:delete]
+    - oauth2: [idn:identity-profile:manage]

 patch:
  operationId: updateIdentityProfile
@@ -53,7 +57,7 @@ patch:

    * modified
  security:
-    - oauth2: [idn:identity-profile:update]
+    - oauth2: [idn:identity-profile:manage]
  parameters:
    - in: path
      name: id
@@ -96,4 +100,4 @@ patch:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/identity-profiles-identity-preview.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profiles-identity-preview.yaml
@@ -35,4 +35,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:preview]
+    - oauth2: [idn:identity-profile:manage]
--- a/static/api-specs/idn/beta/paths/identity-profiles-import.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profiles-import.yaml
@@ -32,4 +32,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:create]
+    - oauth2: [idn:identity-profile:manage]
--- a/static/api-specs/idn/beta/paths/identity-profiles.yaml
+++ b/static/api-specs/idn/beta/paths/identity-profiles.yaml
@@ -29,6 +29,7 @@ get:


        **priority**: *eq, ne*
+      example: id eq 8c190e6787aa4ed9a90bd9d5344523fb
    - in: query
      name: sorters
      schema:
@@ -39,6 +40,7 @@ get:


        Sorting is supported for the following fields: **id**, **name**, **priority**
+      example: name,-priority
  responses:
    '200':
      description: List of identityProfiles.
@@ -59,7 +61,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:read]
+    - oauth2: [idn:identity-profile:read, idn:identity-profile:manage]

 post:
  operationId: createIdentityProfile
@@ -94,5 +96,5 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity-profile:create]
+    - oauth2: [idn:identity-profile:manage]

--- a/static/api-specs/idn/beta/paths/managed-client-status.yaml
+++ b/static/api-specs/idn/beta/paths/managed-client-status.yaml
@@ -1,7 +1,7 @@
 get:
  tags:
    - Managed Clients
-  summary: Get a specified Managed Client Status.
+  summary: Specified Managed Client Status.
  description: Retrieve Managed Client Status by ID.
  operationId: getManagedClientStatus
  parameters:
@@ -43,7 +43,7 @@ get:
 post:
  tags:
    - Managed Clients
-  summary: Handle a status request from a client
+  summary: Handle status request from client
  description: Update a status detail passed in from the client
  operationId: updateManagedClientStatus
  parameters:
@@ -80,4 +80,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-client-status:update]
+    - oauth2: [idn:managed-client-status:manage]
--- a/static/api-specs/idn/beta/paths/managed-clients-credentials.yaml
+++ b/static/api-specs/idn/beta/paths/managed-clients-credentials.yaml
@@ -33,4 +33,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-client:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage, idn:managed-client-status:read, idn:managed-client-status:manage]
--- a/static/api-specs/idn/beta/paths/managed-clients-metrics-credentials.yaml
+++ b/static/api-specs/idn/beta/paths/managed-clients-metrics-credentials.yaml
@@ -33,4 +33,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-client:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage, idn:managed-client-status:read, idn:managed-client-status:manage]
--- a/static/api-specs/idn/beta/paths/managed-clients-path.yaml
+++ b/static/api-specs/idn/beta/paths/managed-clients-path.yaml
@@ -33,7 +33,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-client:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage, idn:managed-client-status:read, idn:managed-client-status:manage]
 patch:
  tags:
    - Managed Clients
@@ -76,7 +76,7 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-client:update]
+    - oauth2: [idn:remote-client:manage]
 delete:
  operationId: deleteManagedClient
  tags:
@@ -107,4 +107,4 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-client:delete]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-clients.yaml
+++ b/static/api-specs/idn/beta/paths/managed-clients.yaml
@@ -43,7 +43,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-client:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage]
 post:
  tags:
    - Managed Clients
@@ -79,4 +79,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-client:create]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-cache.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-cache.yaml
@@ -12,16 +12,19 @@ delete:
      schema:
        type: string
      description: The cluster pod. Required
+      example: cluster_pod
    - in: query
      name: org
      schema:
        type: string
      description: The cluster org. Required if the cluster id was set.
+      example: cluster_org
    - in: query
      name: clusterId
      schema:
        type: string
      description: The cluster id
+      example: 8c190e6787aa4ed9a90bd9d5344523fb
  responses:
    '202':
      description: Accepted. Delete request accepted and is in progress.
@@ -39,4 +42,4 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:delete]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-log-config.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-log-config.yaml
@@ -36,7 +36,7 @@ get:
    "500":
      $ref: '../../v3/responses/500.yaml'  
  security:
-    - oauth2: [idn:managed-cluster-log-config:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage]
 put:
  tags:
    - Managed Clusters
@@ -80,4 +80,4 @@ put:
    "500":
      $ref: '../../v3/responses/500.yaml'  
  security:
-    - oauth2: [idn:managed-cluster-log-config:write]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-path-full.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-path-full.yaml
@@ -34,7 +34,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage]
 patch:
  tags:
    - Managed Clusters
@@ -77,7 +77,7 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:update]
+    - oauth2: [idn:remote-client:manage]
 delete:
  operationId: deleteManagedCluster
  tags:
@@ -116,4 +116,4 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:delete]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-path-internal.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-path-internal.yaml
@@ -40,7 +40,7 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:update]
+    - oauth2: [idn:remote-client:manage]
 delete:
  operationId: deleteManagedCluster
  tags:
@@ -79,4 +79,4 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:delete]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-path.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-path.yaml
@@ -23,9 +23,15 @@ get:
            $ref: '../schemas/ManagedCluster.yaml'
    "400":
      $ref: '../../v3/responses/400.yaml'
+    "401":
+      $ref: '../../v3/responses/401.yaml'
    "403":
      $ref: '../../v3/responses/403.yaml'
    "404":
      $ref: '../../v3/responses/404.yaml'
+    "429":
+      $ref: '../../v3/responses/429.yaml'
+    "500":
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-processes.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-processes.yaml
@@ -36,4 +36,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-process:read]
+    - oauth2: [idn:managed-process:read, idn:managed-process:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-reboot.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-reboot.yaml
@@ -37,4 +37,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:update]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-status.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-status.yaml
@@ -1,7 +1,7 @@
 get:
  tags:
    - Managed Clusters
-  summary: Get a specified Managed Cluster Status.
+  summary: Specified Managed Cluster Status.
  description: Retrieve Managed Cluster Status by ID.
  operationId: getManagedClusterStatus
  parameters:
@@ -32,4 +32,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster-status:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-types-path.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-types-path.yaml
@@ -36,7 +36,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster-types:read]
+    - oauth2: [idn:managed-cluster-types:read, idn:managed-cluster-types:manage]
 patch:
  tags:
    - Managed Cluster Types
@@ -82,7 +82,7 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster-types:update]
+    - oauth2: [idn:managed-cluster-types:manage]
 delete:
  operationId: deleteManagedClusterType
  tags:
@@ -116,4 +116,4 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster-types:delete]
+    - oauth2: [idn:managed-cluster-types:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-types.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-types.yaml
@@ -49,7 +49,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster-types:read]
+    - oauth2: [idn:managed-cluster-types:read, idn:managed-cluster-types:manage]
 post:
  tags:
    - Managed Cluster Types
@@ -88,4 +88,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster-types:create]
+    - oauth2: [idn:managed-cluster-types:manage]
--- a/static/api-specs/idn/beta/paths/managed-cluster-upgrade.yaml
+++ b/static/api-specs/idn/beta/paths/managed-cluster-upgrade.yaml
@@ -43,4 +43,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:upgrade]
+    - oauth2: [idn:managed-cluster-upgrade:manage]
--- a/static/api-specs/idn/beta/paths/managed-clusters-create.yaml
+++ b/static/api-specs/idn/beta/paths/managed-clusters-create.yaml
@@ -33,4 +33,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:create]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-clusters-full.yaml
+++ b/static/api-specs/idn/beta/paths/managed-clusters-full.yaml
@@ -17,6 +17,7 @@ get:


        **operational**: *eq*
+      example: operational eq operation
  responses:
    "200":
      description: Responds with a list of ManagedCluster.
@@ -37,7 +38,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage]
 post:
  tags:
    - Managed Clusters
@@ -73,4 +74,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:create]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-clusters-set-encryption-keys.yaml
+++ b/static/api-specs/idn/beta/paths/managed-clusters-set-encryption-keys.yaml
@@ -1,7 +1,7 @@
 post:
  tags:
    - Managed Clusters
-  summary: Set new encryption keys for a Managed Cluster
+  summary: New encryption keys for ManagedCluster
  description: >-
    Set new encryption keys for a Managed Cluster

@@ -43,4 +43,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:update]
+    - oauth2: [idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-clusters.yaml
+++ b/static/api-specs/idn/beta/paths/managed-clusters.yaml
@@ -17,6 +17,7 @@ get:


        **operational**: *eq*
+      example: operational eq operation
  responses:
    "200":
      description: Responds with a list of ManagedCluster.
@@ -37,4 +38,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-cluster:read]
+    - oauth2: [idn:remote-client:read, idn:remote-client:manage]
--- a/static/api-specs/idn/beta/paths/managed-processes-path.yaml
+++ b/static/api-specs/idn/beta/paths/managed-processes-path.yaml
@@ -36,7 +36,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-process:read]
+    - oauth2: [idn:managed-process:read, idn:managed-process:manage]
 patch:
  tags:
    - Managed Processes
@@ -82,7 +82,7 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-process:update]
+    - oauth2: [idn:managed-process:manage]
 delete:
  operationId: deleteManagedProcess
  tags:
@@ -116,4 +116,4 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-process:delete]
+    - oauth2: [idn:managed-process:manage]
--- a/static/api-specs/idn/beta/paths/managed-processes.yaml
+++ b/static/api-specs/idn/beta/paths/managed-processes.yaml
@@ -49,7 +49,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-process:read]
+    - oauth2: [idn:managed-process:read, idn:managed-process:manage]
 post:
  tags:
    - Managed Processes
@@ -88,4 +88,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:managed-process:create]
+    - oauth2: [idn:managed-process:manage]
--- a/static/api-specs/idn/beta/paths/mfa-config-test.yaml
+++ b/static/api-specs/idn/beta/paths/mfa-config-test.yaml
@@ -2,14 +2,14 @@ get:
  operationId: testMFAConfig
  tags:
    - MFA Configuration
-  summary: Test configuration of a MFA method
+  summary: MFA method's test configuration
  description: >-
    This API validates that the configuration is valid and will properly
    authenticate with the MFA provider identified by the method path parameter.

    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:mfa-config:read]
+    - oauth2: [idn:mfa-configuration:read, idn:mfa-configuration:manage]
  parameters:
    - in: path
      name: method
--- a/static/api-specs/idn/beta/paths/mfa-config.yaml
+++ b/static/api-specs/idn/beta/paths/mfa-config.yaml
@@ -2,12 +2,12 @@ get:
  operationId: getMFAConfig
  tags:
    - MFA Configuration
-  summary: Get configuration of a MFA method
+  summary: Configuration of a MFA method
  description: >-
    This API returns the configuration of a given MFA method.
    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:mfa-config:read]
+    - oauth2: [idn:mfa-configuration:read, idn:mfa-configuration:manage]
  parameters:
    - in: path
      name: method
@@ -47,12 +47,12 @@ put:
  operationId: setMFAConfig
  tags:
    - MFA Configuration
-  summary: Set configuration of a MFA method
+  summary: Set MFA method configuration
  description: >-
    This API sets the configuration of a given MFA method.
    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:mfa-config:write]
+    - oauth2: [idn:mfa-configuration:manage]
  parameters:
    - in: path
      name: method
--- a/static/api-specs/idn/beta/paths/non-employee-record.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-record.yaml
@@ -8,10 +8,6 @@ get:
  description: >-
    This gets a non-employee record.

-    Request will require the following scope:
-
-    'idn:nesr:read'
-
  parameters:
    - in: path
      name: id
@@ -53,6 +49,7 @@ put:
      description: >-
        Non-employee record id (UUID)
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      schema:
        type: string
  requestBody:
@@ -96,6 +93,7 @@ patch:
      description: >-
        Non-employee record id (UUID)
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      schema:
        type: string
  requestBody:
@@ -140,15 +138,13 @@ delete:
  description: >-
    This request will delete a non-employee record.

-    Request will require the following security scope:
-
-    'idn:nesr:delete'
  parameters:
    - in: path
      name: id
      description: >-
        Non-Employee record id (UUID)
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      schema:
        type: string
  responses:
@@ -163,4 +159,4 @@ delete:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/non-employee-request.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-request.yaml
@@ -43,18 +43,14 @@ delete:
    - Non-Employee Lifecycle Management
  summary: Delete Non-Employee Request
  description: >-
-    This request will delete a non-employee request.  
-    
-    Request will require the following scope:
-    
-    'idn:nesr:delete'
-
+    This request will delete a non-employee request.
  parameters:
    - in: path
      name: id
      description: >-
        Non-Employee request id in the UUID format
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      schema:
        type: string
        format: uuid
@@ -72,4 +68,4 @@ delete:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/non-employee-source-aggregate.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-source-aggregate.yaml
@@ -4,17 +4,17 @@ post:
    - oauth2: [idn:nelm:manage]
  tags:
    - Non-Employee Lifecycle Management
-  summary: Aggregate all accounts for a Non-Employee Source
+  summary: Aggregate all Non-Employee Source accounts
  description: >-
    This fetches all the non-employee records related to a non-employee source and publishes an aggregation event for each one.

-    Requires auth scope of 'idn:nesr:create'
  parameters:
    - in: path
      name: sourceId
      description: >-
        Non-Employee sourceId
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      schema:
        type: string
  responses:
@@ -31,4 +31,4 @@ post:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/non-employee-source.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-source.yaml
@@ -44,15 +44,13 @@ patch:
    patch a non-employee source. (Partial Update)  Patchable field: **name,
    description, approvers, accountManagers**

-    Request will require the following security scope:
-
-    'idn:nesr:update'
  parameters:
    - in: path
      name: sourceId
      description: >-
        Source Id
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      schema:
        type: string
  requestBody:
@@ -104,15 +102,13 @@ delete:
  description: >-
    This request will delete a non-employee source.

-    Request will require the following security scope:
-
-    'idn:nesr:delete'
  parameters:
    - in: path
      name: sourceId
      description: >-
        Source Id
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      schema:
        type: string
  responses:
--- a/static/api-specs/idn/beta/paths/non-employee-sources-bulk-upload-status.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-sources-bulk-upload-status.yaml
@@ -4,13 +4,10 @@ get:
    - oauth2: [idn:nelm:read]
  tags:
    - Non-Employee Lifecycle Management
-  summary: Obtain the status of bulk upload on the source
+  summary: Bulk upload status on source
  description: |
    The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.

-    Request will need the following scope:
-
-    'idn:nesr:read'
  parameters:
    - in: path
      example: "2c918085842e69ae018432d22ccb212f"
--- a/static/api-specs/idn/beta/paths/non-employee-sources-export-non-employees.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-sources-export-non-employees.yaml
@@ -1,16 +1,13 @@
 get:
  operationId: exportNonEmployeeRecords
  security:
-    - oauth2: [idn:nelm:read]
+    - oauth2: [idn:nelm:read, idn:nelm:manage]
  tags:
    - Non-Employee Lifecycle Management
  summary: Exports Non-Employee Records to CSV
  description: >-
    This requests a CSV download for all non-employees from a provided source.

-    Request will need the following security scope:
-
-    'idn:nesr:read'
  parameters:
    - in: path
      example: "2c918085842e69ae018432d22ccb212f"
--- a/static/api-specs/idn/beta/paths/non-employee-sources-schema-attribute.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-sources-schema-attribute.yaml
@@ -46,25 +46,24 @@ patch:
    - oauth2: [idn:nelm:manage]
  tags:
    - Non-Employee Lifecycle Management
-  summary: Patch a Schema Attribute for Non-Employee Source
+  summary: Patch Non-Employee Source's Schema Attribute
  description: |
    This end-point patches a specific schema attribute for a non-employee SourceId.

-    Request will require a security scope of:
-
-    'idn:nesr:update'
  parameters:
    - in: path
      name: attributeId
      schema:
        type: string
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      description: The Schema Attribute Id (UUID)
    - in: path
      name: sourceId
      schema:
        type: string
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      description: The Source id
  requestBody:
    description: A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
@@ -105,25 +104,24 @@ delete:
    - oauth2: [idn:nelm:manage]
  tags:
    - Non-Employee Lifecycle Management
-  summary: Delete a Schema Attribute for Non-Employee Source
+  summary: Delete Non-Employee Source's Schema Attribute
  description: | 
    This end-point deletes a specific schema attribute for a non-employee source.
-    
-    Request will require a security scope of:

-    'idn:nesr:delete'
  parameters:
    - in: path
      name: attributeId
      schema:
        type: string
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      description: The Schema Attribute Id (UUID)
    - in: path
      name: sourceId
      schema:
        type: string
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      description: The Source id
  responses:
    '204':
--- a/static/api-specs/idn/beta/paths/non-employee-sources-schema-attributes.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-sources-schema-attributes.yaml
@@ -53,22 +53,20 @@ post:
    - oauth2: [idn:nelm:manage]
  tags:
    - Non-Employee Lifecycle Management
-  summary: Create a new Schema Attribute for Non-Employee Source
+  summary: Create Non-Employee Source Schema Attribute
  description: >-
    This API creates a new schema attribute for Non-Employee Source. The schema technical name must be
    unique in the source. Attempts to create a schema attribute with an existing name will result in a
    "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts
    to create more than 10 will result in a "400.1.4 Limit violation" response.

-    Request requires a security scope of:
-
-    'idn:nesr:create'
  parameters:
    - in: path
      name: sourceId
      schema:
        type: string
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      description: The Source id
  requestBody:
    required: true
@@ -100,19 +98,17 @@ delete:
    - oauth2: [idn:nelm:manage]
  tags:
    - Non-Employee Lifecycle Management
-  summary: Delete all custom schema attributes for Non-Employee Source
+  summary: Delete all custom schema attributes
  description: >-
    This end-point deletes all custom schema attributes for a non-employee source.

-    Request requires a security scope of:
-
-    'idn:nesr:delete'
  parameters:
    - in: path
      name: sourceId
      schema:
        type: string
      required: true
+      example: 2c91808b6ef1d43e016efba0ce470904
      description: The Source id
  responses:
    '204':
@@ -127,4 +123,4 @@ delete:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/org-config.yaml
+++ b/static/api-specs/idn/beta/paths/org-config.yaml
@@ -4,7 +4,7 @@ get:
        - Org Config
    summary: Get Org configuration settings
    security:
-        - oauth2: [ idn:org-configs:read]
+        - oauth2: [ idn:org-configs:read, idn:org-configs:manage]
    description: >-
        Get org configuration with only external (org admin) accessible properties for the current org.
    responses:
--- a/static/api-specs/idn/beta/paths/role-access-profiles.yaml
+++ b/static/api-specs/idn/beta/paths/role-access-profiles.yaml
@@ -80,4 +80,4 @@ get:
      '500':
        $ref: '../../v3/responses/500.yaml'
    security:
-      - oauth2: [idn:role:read,idn:role-checked:read]
+      - oauth2: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read]
--- a/static/api-specs/idn/beta/paths/role-assigned-identities.yaml
+++ b/static/api-specs/idn/beta/paths/role-assigned-identities.yaml
@@ -2,7 +2,7 @@ get:
    operationId: getRoleAssignedIdentities
    tags:
      - Roles
-    summary: Get a list of Identities assigned a Role
+    summary: Identities assigned a Role
    parameters:
      - in: path
        name: id
@@ -68,5 +68,5 @@ get:
      '500':
        $ref: '../../v3/responses/500.yaml'
    security:
-      - oauth2: [idn:role:read,idn:role-checked:read]
+      - oauth2: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read]

--- a/static/api-specs/idn/beta/paths/role-bulk-delete.yaml
+++ b/static/api-specs/idn/beta/paths/role-bulk-delete.yaml
@@ -76,4 +76,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:role:delete,idn:role-checked:delete]
+    - oauth2: [idn:role-unchecked:manage, idn:role-checked:manage]
--- a/static/api-specs/idn/beta/paths/role.yaml
+++ b/static/api-specs/idn/beta/paths/role.yaml
@@ -37,7 +37,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:role:read,idn:role-checked:read]
+    - oauth2: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read]
 patch:
  operationId: patchRole
  tags:
@@ -192,7 +192,7 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:role:update,idn:role-checked:update]
+    - oauth2: [idn:role-unchecked:manage,idn:role-checked:manage]
 delete:
  operationId: deleteRole
  tags:
@@ -227,4 +227,4 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:role:delete,idn:role-checked:delete]
+    - oauth2: [idn:role-unchecked:manage,idn:role-checked:manage]
--- a/static/api-specs/idn/beta/paths/roles-by-identity.yaml
+++ b/static/api-specs/idn/beta/paths/roles-by-identity.yaml
@@ -2,7 +2,7 @@ get:
  operationId: getRolesByIdentity
  tags:
    - Roles
-  summary: Get a list of Roles assigned to Identity
+  summary: Roles assigned to Identity
  description: >-
    This API returns a list of Roles assigned to Identity.

@@ -38,4 +38,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:identity:read,idn:identity-self:read]
+    - oauth2: [idn:identity:read, idn:identity:manage, idn:identity-account-read, idn:identity-self:read]
--- a/static/api-specs/idn/beta/paths/roles.yaml
+++ b/static/api-specs/idn/beta/paths/roles.yaml
@@ -95,7 +95,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:role:read,idn:role-checked:read]
+    - oauth2: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read]
 post:
  operationId: createRole
  tags:
@@ -136,4 +136,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:role:create,idn:role-checked:create]
+    - oauth2: [idn:role-unchecked:manage, idn:role-checked:manage]
--- a/static/api-specs/idn/beta/paths/s3-proxy.yaml
+++ b/static/api-specs/idn/beta/paths/s3-proxy.yaml
@@ -11,8 +11,8 @@ get:
    If the bucket type is shared, no further validation is needed.  If the bucket type is org, the information in the JWT
    is validated against the path query parameter.  A token with API authority is required to access this endpoint..

-    security:
-      - oauth2: [idn:s3-proxy:read]
+  security:
+    - oauth2: [idn:s3-proxy:read]
  parameters:
    - in: query
      name: path
@@ -48,4 +48,4 @@ get:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/service-desk-integration-configuration.yaml
+++ b/static/api-specs/idn/beta/paths/service-desk-integration-configuration.yaml
@@ -1,7 +1,7 @@
 get:
  tags:
    - Service Desk Integration
-  summary: Get the time check configuration of queued SDIM tickets
+  summary: Get the time check configuration
  description: Get the time check configuration of queued SDIM tickets.  A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
  operationId: getStatusCheckDetails
  responses:
@@ -24,12 +24,12 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:service-desk-admin:read,idn:service-desk-integration:read]
+    - oauth2: [idn:service-desk-admin:read, idn:service-desk-admin:manage, idn:service-desk-integration:read, idn:service-desk-integration:manage]

 put:
  tags:
    - Service Desk Integration
-  summary: Update the time check configuration of queued SDIM tickets
+  summary: Update the time check configuration
  description: Update the time check configuration of queued SDIM tickets.  A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
  operationId: updateStatusCheckDetails
  requestBody:
@@ -59,4 +59,4 @@ put:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:service-desk-admin:write,idn:service-desk-integration:write]
+    - oauth2: [idn:service-desk-admin:manage ,idn:service-desk-integration:manage]
--- a/static/api-specs/idn/beta/paths/service-desk-integration-types.yaml
+++ b/static/api-specs/idn/beta/paths/service-desk-integration-types.yaml
@@ -26,4 +26,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:service-desk-admin:read,idn:service-desk-integration:read]
+    - oauth2: [idn:service-desk-admin:read, idn:service-desk-admin:manage, idn:service-desk-integration:read, idn:service-desk-integration:manage]
--- a/static/api-specs/idn/beta/paths/service-desk-integration.yaml
+++ b/static/api-specs/idn/beta/paths/service-desk-integration.yaml
@@ -1,7 +1,7 @@
 get:
  tags:
    - Service Desk Integration
-  summary: Get a Service Desk integration by ID
+  summary: Get a Service Desk integration
  description: Get an existing Service Desk integration by ID.  A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
  operationId: getServiceDeskIntegration
  parameters:
@@ -39,7 +39,7 @@ get:
 put:
  tags:
    - Service Desk Integration
-  summary: Update a Service Desk integration by ID
+  summary: Update a Service Desk integration
  description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body.  A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
  operationId: updateServiceDeskIntegration
  parameters:
@@ -79,12 +79,12 @@ put:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:service-desk-admin:write,idn:service-desk-integration:write]
+    - oauth2: [idn:service-desk-admin:manage,idn:service-desk-integration:manage]

 delete:
  tags:
    - Service Desk Integration
-  summary: Delete a Service Desk integration by ID
+  summary: Delete a Service Desk integration
  description: Delete an existing Service Desk integration by ID.  A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
  operationId: deleteServiceDeskIntegration
  parameters:
@@ -113,13 +113,13 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:service-desk-admin:write,idn:service-desk-integration:write]
+    - oauth2: [idn:service-desk-admin:manage,idn:service-desk-integration:manage]

 patch:
  operationId: patchServiceDeskIntegration
  tags:
    - Service Desk Integration
-  summary: Service Desk Integration Update - PATCH
+  summary: Service Desk Integration Update PATCH
  description: Update an existing ServiceDeskIntegration by ID with a PATCH request.
  parameters:
    - name: id
@@ -164,4 +164,4 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:service-desk-admin:write,idn:service-desk-integration:write]
+    - oauth2: [idn:service-desk-admin:manage,idn:service-desk-integration:manage]
--- a/static/api-specs/idn/beta/paths/service-desk-integrations.yaml
+++ b/static/api-specs/idn/beta/paths/service-desk-integrations.yaml
@@ -19,6 +19,7 @@ get:


        Sorting is supported for the following fields: **name**
+      example: name
    - name: filters
      in: query
      required: false
@@ -44,6 +45,7 @@ get:


        **cluster**: *eq, in*
+      example: id eq 2c91808b6ef1d43e016efba0ce470904
    - $ref: '../../v3/parameters/count.yaml'
  responses:
    "200":
@@ -71,7 +73,7 @@ get:
 post:
  tags:
    - Service Desk Integration
-  summary: Create a new Service Desk integration
+  summary: Create new Service Desk integration
  description: Create a new Service Desk Integrations.  A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
  operationId: createServiceDeskIntegration
  requestBody:
@@ -101,4 +103,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:service-desk-admin:write,idn:service-desk-integration:write]
+    - oauth2: [idn:service-desk-admin:manage,idn:service-desk-integration:manage]
--- a/static/api-specs/idn/beta/paths/sod/arm-risk.yaml
+++ b/static/api-specs/idn/beta/paths/sod/arm-risk.yaml
@@ -2,14 +2,14 @@ get:
  operationId: getArmRiskById
  tags:
    - SOD Policy
-  summary: This API gets the specified ARM risk.
+  summary: Gets the specified ARM risk.
  description: >-
    This API gets the specified ARM risk.


    Any authenticated token can call this API.
  security:
-    - oauth2: [idn:sod-policy:read]
+    - oauth2: [idn:sod-policy:read, idn:sod-policy:manage]
  parameters:
    - in: path
      name: id
@@ -38,4 +38,4 @@ get:
    '429':
      $ref: '../../../v3/responses/429.yaml'
    '500':
-      $ref: '../../../v3/responses/500.yaml'
+      $ref: '../../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/source-accounts-schema.yaml
+++ b/static/api-specs/idn/beta/paths/source-accounts-schema.yaml
@@ -30,7 +30,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:source-schema:read]
+    - oauth2: [idn:source-schema:read, idn:source-schema:manage]
 post:
  tags:
    - Sources
@@ -74,4 +74,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:source-schema:update]
+    - oauth2: [idn:source-schema:manage]
--- a/static/api-specs/idn/beta/paths/source-connector-check-connection.yaml
+++ b/static/api-specs/idn/beta/paths/source-connector-check-connection.yaml
@@ -2,14 +2,14 @@ post:
  operationId: testSourceConnection
  tags:
    - Sources
-  summary: Check connection for the source connector.
+  summary: Check connection for source connector.
  description: >-
    This endpoint validates that the configured credentials are valid and will properly authenticate with the source
    identified by the sourceId path parameter.

    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:source-connector:write]
+    - oauth2: [idn:source-connector:manage]
  parameters:
    - in: path
      name: sourceId
@@ -25,6 +25,8 @@ post:
        application/json:
          schema:
            $ref: '../schemas/StatusResponse.yaml'
+    '400':
+      $ref: '../../v3/responses/400.yaml'
    '401':
      $ref: '../../v3/responses/401.yaml'
    '403':
--- a/static/api-specs/idn/beta/paths/source-connector-initiate-extract.yaml
+++ b/static/api-specs/idn/beta/paths/source-connector-initiate-extract.yaml
@@ -8,7 +8,7 @@ post:

    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:source-connector:write]
+    - oauth2: [idn:source-connector:manage]
  parameters:
    - in: path
      name: sourceId
--- a/static/api-specs/idn/beta/paths/source-connector-peek-resource-objects.yaml
+++ b/static/api-specs/idn/beta/paths/source-connector-peek-resource-objects.yaml
@@ -2,13 +2,13 @@ post:
  operationId: peekResourceObjects
  tags:
    - Sources
-  summary: Peek resource objects from the source connector
+  summary: Peek source connector's resource objects
  description: >-
    Retrieves a sample of data returned from account and group aggregation requests.

    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:source-connector:write]
+    - oauth2: [idn:source-connector:manage]
  parameters:
    - in: path
      name: sourceId
--- a/static/api-specs/idn/beta/paths/source-connector-ping-cluster.yaml
+++ b/static/api-specs/idn/beta/paths/source-connector-ping-cluster.yaml
@@ -2,13 +2,13 @@ post:
  operationId: pingCluster
  tags:
    - Sources
-  summary: Ping cluster for the source connector
+  summary: Ping cluster for source connector
  description: >-
    This endpoint validates that the cluster being used by the source is reachable from IdentityNow.

    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:source-connector:write]
+    - oauth2: [idn:source-connector:manage]
  parameters:
    - in: path
      name: sourceId
@@ -24,6 +24,8 @@ post:
        application/json:
          schema:
            $ref: '../schemas/StatusResponse.yaml'
+    '400':
+      $ref: '../../v3/responses/400.yaml'
    '401':
      $ref: '../../v3/responses/401.yaml'
    '403':
--- a/static/api-specs/idn/beta/paths/source-connector-test-configuration.yaml
+++ b/static/api-specs/idn/beta/paths/source-connector-test-configuration.yaml
@@ -2,14 +2,14 @@ post:
  operationId: testSourceConfiguration
  tags:
    - Sources
-  summary: Test configuration for the source connector
+  summary: Test configuration for source connector
  description: >-
    This endpoint performs a more detailed validation of the source's configuration that can take longer than the
    lighter weight credential validation performed by the checkConnection API.

    A token with ORG_ADMIN authority is required to call this API.
  security:
-    - oauth2: [idn:source-connector:write]
+    - oauth2: [idn:source-connector:manage]
  parameters:
    - in: path
      name: sourceId
@@ -25,6 +25,8 @@ post:
        application/json:
          schema:
            $ref: '../schemas/StatusResponse.yaml'
+    '400':
+      $ref: '../../v3/responses/400.yaml'
    '401':
      $ref: '../../v3/responses/401.yaml'
    '403':
--- a/static/api-specs/idn/beta/paths/source-entitlements-schema.yaml
+++ b/static/api-specs/idn/beta/paths/source-entitlements-schema.yaml
@@ -36,7 +36,7 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:source-schema:read]
+    - oauth2: [idn:source-schema:read, idn:source-schema:manage]
 post:
  tags:
    - Sources
@@ -86,4 +86,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:source-schema:update]
+    - oauth2: [idn:source-schema:manage]
--- a/static/api-specs/idn/beta/paths/sources-entitlement-request-config.yaml
+++ b/static/api-specs/idn/beta/paths/sources-entitlement-request-config.yaml
@@ -1,6 +1,6 @@
 get:
  security:
-    - oauth2: [ idn:sources:read ]
+    - oauth2: [ idn:sources:read, idn:sources:manage ]
  operationId: getSourceEntitlementRequestConfig
  summary: Get Source Entitlement Request Configuration
  tags:
@@ -91,7 +91,7 @@ get:

 put:
  security:
-    - oauth2: [ idn:sources:update ]
+    - oauth2: [ idn:sources:manage ]
  operationId: updateSourceEntitlementRequestConfig
  summary: Update Source Entitlement Request Configuration
  tags:
@@ -179,4 +179,4 @@ put:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/paths/sp-config-export.yaml
+++ b/static/api-specs/idn/beta/paths/sp-config-export.yaml
@@ -1,17 +1,13 @@
 post:
  operationId: exportSpConfig
  security:
-    - oauth2: [sp:config:export]
+    - oauth2: [sp:config:read, sp:config:manage]
  tags:
    - SP-Config
  summary: Initiates Configuration Objects Export Job.
  description: >-
    This post will export objects from the tenant to a JSON configuration file.

-    Request will need one of the following security scopes:
-
-    - sp:config:read
-    - sp:config:manage
  requestBody:
    description: Export options control what will be included in the export.
    required: true
--- a/static/api-specs/idn/beta/paths/sp-config-objects.yaml
+++ b/static/api-specs/idn/beta/paths/sp-config-objects.yaml
@@ -1,7 +1,7 @@
 get:
  operationId: listSpConfigObjects
  security:
-    - oauth2: [sp:config:export]
+    - oauth2: [sp:config:read, sp:config:manage]
  tags:
    - SP-Config
  summary: Get Config Object details
@@ -9,10 +9,6 @@ get:
    This gets the list of object configurations which are known to the tenant export/import service.
    Object configurations that contain "importUrl" and "exportUrl" are available for export/import.

-    Request will need one of the following security scopes:
-
-    - sp:config:read
-    - sp:config:manage
  responses:
    '200':
      description: >-
--- a/static/api-specs/idn/beta/paths/task-definition.yaml
+++ b/static/api-specs/idn/beta/paths/task-definition.yaml
@@ -4,7 +4,7 @@
 get:
  tags:
    - Task Management
-  summary: Retrieves a task definition summary by task definition ID
+  summary: Retrieves a task definition summary
  description: Get a specified TaskDefinitionSummary.
  operationId: getTaskDefinitionSummary
  parameters:
@@ -24,12 +24,20 @@ get:
        application/json:
          schema:
            $ref: '../schemas/TaskDefinitionSummary.yaml'
+    "400":
+      $ref: '../../v3/responses/400.yaml'
+    "401":
+      $ref: '../../v3/responses/401.yaml'
    "403":
      $ref: '../../v3/responses/403.yaml'
    "404":
      $ref: '../../v3/responses/404.yaml'
+    "429":
+      $ref: '../../v3/responses/429.yaml'
+    "500":
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:task-definition:read]
+    - oauth2: [idn:task-definition:read, idn:task-definition:manage]
 patch:
  tags:
    - Task Management
@@ -61,9 +69,15 @@ patch:
            $ref: '../schemas/TaskDefinitionSummary.yaml'
    "400":
      $ref: '../../v3/responses/400.yaml'
+    "401":
+      $ref: '../../v3/responses/401.yaml'
    "403":
      $ref: '../../v3/responses/403.yaml'
    "404":
      $ref: '../../v3/responses/404.yaml'
+    "429":
+      $ref: '../../v3/responses/429.yaml'
+    "500":
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:task-definition:write]
+    - oauth2: [idn:task-definition:manage]
--- a/static/api-specs/idn/beta/paths/transform.yaml
+++ b/static/api-specs/idn/beta/paths/transform.yaml
@@ -17,6 +17,7 @@ get:
      explode: false
      schema:
        type: string
+      example: 2c9180835d2e5168015d32f890ca1581
  responses:
    "200":
      description: Transform with the given ID
@@ -24,12 +25,20 @@ get:
        application/json:
          schema:
            $ref: '../schemas/Transform.yaml'
+    "400":
+      $ref: '../../v3/responses/400.yaml'
+    "401":
+      $ref: '../../v3/responses/401.yaml'
    "403":
      $ref: '../../v3/responses/403.yaml'
    "404":
      $ref: '../../v3/responses/404.yaml'
+    "429":
+      $ref: '../../v3/responses/429.yaml'
+    "500":
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:transforms:read]
+    - oauth2: [idn:transform:read, idn:transform:manage]
 put:
  tags:
    - Transforms
@@ -50,6 +59,7 @@ put:
      explode: false
      schema:
        type: string
+      example: 2c9180835d2e5168015d32f890ca1581
  requestBody:
    description: >-
      The updated transform object (must include "name", "type", and "attributes" fields).
@@ -76,12 +86,18 @@ put:
            internal: false
    "400":
      $ref: '../../v3/responses/400.yaml'
+    "401":
+      $ref: '../../v3/responses/401.yaml'
    "403":
      $ref: '../../v3/responses/403.yaml'
    "404":
      $ref: '../../v3/responses/404.yaml'
+    "429":
+      $ref: '../../v3/responses/429.yaml'
+    "500":
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:transforms:write]
+    - oauth2: [idn:transform:manage]
 delete:
  tags:
    - Transforms
@@ -101,12 +117,21 @@ delete:
      explode: false
      schema:
        type: string
+      example: 2c9180835d2e5168015d32f890ca1581
  responses:
    "204":
      $ref: '../../v3/responses/204.yaml'
+    "400":
+      $ref: '../../v3/responses/400.yaml'
+    "401":
+      $ref: '../../v3/responses/401.yaml'
    "403":
      $ref: '../../v3/responses/403.yaml'
    "404":
      $ref: '../../v3/responses/404.yaml'
+    "429":
+      $ref: '../../v3/responses/429.yaml'
+    "500":
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:transforms:delete]
+    - oauth2: [idn:transform:manage]
--- a/static/api-specs/idn/beta/paths/transforms.yaml
+++ b/static/api-specs/idn/beta/paths/transforms.yaml
@@ -31,6 +31,7 @@ get:
        **internal**: *eq*

        **name**: *eq*, *sw*
+      example: name eq ExampleTransformName123
      required: false
      style: form
      explode: true
@@ -56,10 +57,18 @@ get:
              type: substring
              attributes: { "begin": 0, "end": 3 }
              internal: true
+    "400":
+      $ref: '../../v3/responses/400.yaml'
+    "401":
+      $ref: '../../v3/responses/401.yaml'
    "403":
      $ref: '../../v3/responses/403.yaml'
+    "429":
+      $ref: '../../v3/responses/429.yaml'
+    "500":
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:transforms-list:read]
+    - oauth2: [idn:transform:read, idn:transform:manage]
 post:
  tags:
    - Transforms
@@ -91,7 +100,13 @@ post:
            $ref: '../schemas/Transform.yaml'
    "400":
      $ref: '../../v3/responses/400.yaml'
+    "401":
+      $ref: '../../v3/responses/401.yaml'
    "403":
      $ref: '../../v3/responses/403.yaml'
+    "429":
+      $ref: '../../v3/responses/429.yaml'
+    "500":
+      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2: [idn:transforms:write]
+    - oauth2: [idn:transform:manage]
--- a/static/api-specs/idn/beta/paths/trigger-invocations-status.yaml
+++ b/static/api-specs/idn/beta/paths/trigger-invocations-status.yaml
@@ -66,5 +66,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-invocation-status:read'
+    - oauth2: [sp:trigger-service-invocation-status:read, sp:trigger-service-invocation-status:manage]
--- a/static/api-specs/idn/beta/paths/trigger-invocations-test.yaml
+++ b/static/api-specs/idn/beta/paths/trigger-invocations-test.yaml
@@ -53,5 +53,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-invocation-test:create'
+    - oauth2: [sp:trigger-service-invocation-status:manage]
--- a/static/api-specs/idn/beta/paths/trigger-subscription.yaml
+++ b/static/api-specs/idn/beta/paths/trigger-subscription.yaml
@@ -88,8 +88,7 @@ put:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-subscriptions:update'
+    - oauth2: [sp:trigger-service-subscriptions:manage]

 patch:
  operationId: patchSubscription
@@ -138,8 +137,7 @@ patch:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-subscriptions:update'
+    - oauth2: [sp:trigger-service-subscriptions:manage]

 delete:
  operationId: deleteSubscription
@@ -172,5 +170,4 @@ delete:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-subscriptions:delete'
+    - oauth2: [sp:trigger-service-subscriptions:manage]
--- a/static/api-specs/idn/beta/paths/trigger-subscriptions-internal.yaml
+++ b/static/api-specs/idn/beta/paths/trigger-subscriptions-internal.yaml
@@ -31,5 +31,4 @@ post:
      $ref: '../../v3/responses/500.yaml'

  security:
-    - oauth2:
-        - 'idn:trigger-service-subscriptions:create'
+    - oauth2: [sp:trigger-service-subscriptions:manage]
--- a/static/api-specs/idn/beta/paths/trigger-subscriptions-validate-filter.yaml
+++ b/static/api-specs/idn/beta/paths/trigger-subscriptions-validate-filter.yaml
@@ -43,5 +43,4 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-subscriptions-validate-filter:create'
+    - oauth2: [sp:trigger-service-subscriptions:manage]
--- a/static/api-specs/idn/beta/paths/trigger-subscriptions.yaml
+++ b/static/api-specs/idn/beta/paths/trigger-subscriptions.yaml
@@ -77,8 +77,7 @@ post:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-subscriptions:create'
+    - oauth2: [sp:trigger-service-subscriptions:manage]
  
 get:
  operationId: listSubscriptions
@@ -194,5 +193,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-subscriptions:read'
+    - oauth2: [sp:trigger-service-subscriptions:read]
--- a/static/api-specs/idn/beta/paths/triggers.yaml
+++ b/static/api-specs/idn/beta/paths/triggers.yaml
@@ -58,5 +58,4 @@ get:
    '500':
      $ref: '../../v3/responses/500.yaml'
  security:
-    - oauth2:
-        - 'idn:trigger-service-subscriptions:read'
+    - oauth2: [sp:trigger-service-subscriptions:read]
--- a/static/api-specs/idn/beta/paths/workflow-execution-cancel.yaml
+++ b/static/api-specs/idn/beta/paths/workflow-execution-cancel.yaml
@@ -6,7 +6,7 @@ post:
  description: >-
    Use this API to cancel a running workflow execution.
  security:
-    - oauth2: [sp:workflow:execute]
+    - oauth2: [sp:workflow-execute:external]
  parameters:
    - name: id
      in: path
--- a/static/api-specs/idn/beta/paths/workflow-external-execute-test.yaml
+++ b/static/api-specs/idn/beta/paths/workflow-external-execute-test.yaml
@@ -6,7 +6,7 @@ post:
  description: >-
    Validate a workflow with an "External Trigger" can receive input.  The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow.
  security:
-    - oauth2: [sp:workflow:external-execute]
+    - oauth2: [sp:workflow-execute:external]
  parameters:
    - name: id
      in: path
--- a/static/api-specs/idn/beta/paths/workflow-external-execute.yaml
+++ b/static/api-specs/idn/beta/paths/workflow-external-execute.yaml
@@ -6,7 +6,7 @@ post:
  description: >-
    This endpoint allows a service outside of IdentityNow to initiate a workflow that uses the "External Trigger" step.  The external service will invoke this endpoint with the input data it wants to send to the workflow in the body.
  security:
-    - oauth2: [sp:workflow:external-execute]
+    - oauth2: [sp:workflow-execute:external]
  parameters:
    - name: id
      in: path
--- a/static/api-specs/idn/beta/paths/workflow-external-oauth-client.yaml
+++ b/static/api-specs/idn/beta/paths/workflow-external-oauth-client.yaml
@@ -6,7 +6,7 @@ post:
  description: >-
    Create OAuth client ID, client secret, and callback URL for use in an external trigger.  External triggers will need this information to generate an access token to authenticate to the callback URL and submit a trigger payload that will initiate the workflow.
  security:
-    - oauth2: [sp:workflow:update]
+    - oauth2: [sp:workflow:manage]
  parameters:
    - name: id
      in: path
--- a/static/api-specs/idn/beta/paths/workflow-test.yaml
+++ b/static/api-specs/idn/beta/paths/workflow-test.yaml
@@ -10,7 +10,7 @@ post:

    **This will cause a live run of the workflow, which could result in unintended modifications to your IDN tenant.**
  security:
-    - oauth2: [sp:workflow:execute]
+    - oauth2: [sp:workflow-execute:external]
  parameters:
    - name: id
      in: path
--- a/static/api-specs/idn/beta/paths/workflow.yaml
+++ b/static/api-specs/idn/beta/paths/workflow.yaml
@@ -43,7 +43,7 @@ put:
  description: >-
    Perform a full update of a workflow.  The updated workflow object is returned in the response.
  security:
-    - oauth2: [sp:workflow:update]
+    - oauth2: [sp:workflow:manage]
  parameters:
    - name: id
      in: path
@@ -85,7 +85,7 @@ patch:
  description: >-
    Partially update an existing Workflow using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
  security:
-    - oauth2: [sp:workflow:update]
+    - oauth2: [sp:workflow:manage]
  parameters:
    - name: id
      in: path
@@ -194,7 +194,7 @@ delete:
  description: >-
    Delete a workflow.  **Enabled workflows cannot be deleted**.  They must first be disabled.
  security:
-    - oauth2: [sp:workflow:delete]
+    - oauth2: [sp:workflow:manage]
  parameters:
    - name: id
      in: path
--- a/static/api-specs/idn/beta/paths/workflows.yaml
+++ b/static/api-specs/idn/beta/paths/workflows.yaml
@@ -6,7 +6,7 @@ post:
  description: >-
    Create a new workflow with the desired trigger and steps specified in the request body.
  security:
-    - oauth2: [sp:workflow:create]
+    - oauth2: [sp:workflow:manage]
  requestBody:
    required: true
    content:
@@ -152,4 +152,4 @@ get:
    '429':
      $ref: '../../v3/responses/429.yaml'
    '500':
-      $ref: '../../v3/responses/500.yaml'
+      $ref: '../../v3/responses/500.yaml'
--- a/static/api-specs/idn/beta/schemas/Argument.yaml
+++ b/static/api-specs/idn/beta/schemas/Argument.yaml
@@ -1,4 +1,5 @@
 type: object
+nullable: true
 properties:
  name:
    type: string
@@ -10,6 +11,7 @@ properties:
    example: the first name of the identity
  type:
    type: string
+    nullable: true
    description: the programmatic type of the argument
    example: String
 required:
--- a/static/api-specs/idn/beta/schemas/BaseCommonDto.yaml
+++ b/static/api-specs/idn/beta/schemas/BaseCommonDto.yaml
@@ -16,10 +16,10 @@ properties:
    type: string
    format: date-time
    readOnly: true
-    example: true
+    example: "2023-01-03T21:16:22.432Z"
  modified:
    description: Last modification date of the Object
    type: string
    format: date-time
    readOnly: true
-    example: true
+    example: "2023-01-03T21:16:22.432Z"
--- a/static/api-specs/idn/beta/schemas/BasicAuthConfig.yaml
+++ b/static/api-specs/idn/beta/schemas/BasicAuthConfig.yaml
@@ -9,4 +9,5 @@ properties:
    nullable: true
    description: The password to authenticate. On response, this field is set to null as to not return secrets.
    example: null
+nullable: true
 description: Config required if BASIC_AUTH is used.
--- a/static/api-specs/idn/beta/schemas/BearerTokenAuthConfig.yaml
+++ b/static/api-specs/idn/beta/schemas/BearerTokenAuthConfig.yaml
@@ -5,5 +5,6 @@ properties:
    nullable: true
    description: Bearer token
    example: null
+nullable: true
 description: Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.

--- a/static/api-specs/idn/beta/schemas/ConnectorRuleCreateRequest.yaml
+++ b/static/api-specs/idn/beta/schemas/ConnectorRuleCreateRequest.yaml
@@ -59,5 +59,7 @@ properties:
    $ref: './SourceCode.yaml'
  attributes:
    type: object
+    nullable: true
    description: a map of string to objects
-    example: {}
+    example: {}
+
--- a/Show More
+++ b/Show More