diff --git a/static/api-specs/idn/v3/paths/access-requests.yaml b/static/api-specs/idn/v3/paths/access-requests.yaml index 0ddb1ac51..4a3b418a2 100644 --- a/static/api-specs/idn/v3/paths/access-requests.yaml +++ b/static/api-specs/idn/v3/paths/access-requests.yaml @@ -28,10 +28,11 @@ post: __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * Does not support self request. Only manager can request to revoke access for their directly managed employees. - * If removeDate is specified, then the access will be removed on that date and time. + * If removeDate is specified, then the access will be removed on that date and time only for Roles and Access Profiles. Entitlements are currently unsupported for removeDate. + * Roles, Access Profiles, and Entitlements can be requested for revocation. + * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * [Roles, Access Profiles] RemoveData can be specified only if access don't have a sunset date. * Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone. - * Roles and Access Profiles can be requested for revocation. Revoke request for entitlements are not supported currently. NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API. diff --git a/static/api-specs/idn/v3/schemas/AccessRequestType.yaml b/static/api-specs/idn/v3/schemas/AccessRequestType.yaml index 2f6292443..74b99ff59 100644 --- a/static/api-specs/idn/v3/schemas/AccessRequestType.yaml +++ b/static/api-specs/idn/v3/schemas/AccessRequestType.yaml @@ -4,5 +4,5 @@ enum: - REVOKE_ACCESS description: >- Access request type. Defaults to GRANT_ACCESS. - REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. Currently REVOKE_ACCESS is not supported for entitlements. + REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. example: GRANT_ACCESS diff --git a/static/api-specs/idn/v3/schemas/CompletedApproval.yaml b/static/api-specs/idn/v3/schemas/CompletedApproval.yaml index 8ad44050a..848317845 100644 --- a/static/api-specs/idn/v3/schemas/CompletedApproval.yaml +++ b/static/api-specs/idn/v3/schemas/CompletedApproval.yaml @@ -45,8 +45,10 @@ properties: $ref: './CommentDto.yaml' description: The requester's comment. reviewerComment: - $ref: './CommentDto.yaml' + allOf: + - $ref: './CommentDto.yaml' description: The approval's reviewer's comment. + nullable: true previousReviewersComments: type: array items: @@ -69,6 +71,7 @@ properties: description: The date the role or access profile is no longer assigned to the specified identity. format: 'date-time' example: '2020-07-11T00:00:00Z' + nullable: true removeDateUpdateRequested: type: boolean description: If true, then the request was to change the remove date or sunset date. @@ -78,6 +81,7 @@ properties: description: The remove date or sunset date that was assigned at the time of the request. format: 'date-time' example: '2020-07-11T00:00:00Z' + nullable: true sodViolationContext: $ref: './SodViolationContextCheckCompleted.yaml' description: The details of the SOD violations for the associated approval. \ No newline at end of file