Automated commit by github action: 3412417017

static/api-specs/idn/beta/paths/schema.yaml

@@ -103,7 +103,9 @@ patch:
     - Sources
   summary: Update Source Schema (Partial)
   description: >-
-    This API can be used to selectively update an existing Schema using a JSONPatch payload. Some fields of the Schema cannot be updated. These fields are listed below.
+    Use this API to selectively update an existing Schema using a JSONPatch payload. 
+    
+    The following schema fields are immutable and cannot be updated:
 
     * id
 
@@ -112,6 +114,27 @@ patch:
     * created
 
     * modified
+
+
+    To switch an account attribute to a group, you need to have the following in place:
+
+    * `isEntitlement: true`
+    * Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-schema) before updating the `isGroup` flag.  For example, here is the `group` account attribute referencing a schema that defines the group:
+    ```json
+    {
+        "name": "groups",
+        "type": "STRING",
+        "schema": {
+            "type": "CONNECTOR_SCHEMA",
+            "id": "2c9180887671ff8c01767b4671fc7d60",
+            "name": "group"
+        },
+        "description": "The groups, roles etc. that reference account group objects",
+        "isMulti": true,
+        "isEntitlement": true,
+        "isGroup": true
+    }
+    ```
   parameters:
     - in: path
       name: sourceId

static/api-specs/idn/beta/schemas/AttributeDefinition.yaml

@@ -6,19 +6,28 @@ properties:
     example: sAMAccountName
   type:
     $ref: './AttributeDefinitionType.yaml'
-    description: The type of the attribute.
-    example: string
   schema:
-    $ref: '../../v3/schemas/BaseReferenceDto.yaml'
+    description: A reference to the schema on the source to the attribute values map to.
-    description: A reference to the schema on the source to which the values of the attribute map.
+    type: object
-    example: {
+    properties:
-      type: "CONNECTOR_SCHEMA",
+      type:
-      id: "2c9180866166b5b0016167c32ef31a66",
+        description: The type of object being referenced
-      name: "group"
+        type: string
-    }
+        enum:
+        - CONNECTOR_SCHEMA
+        example: CONNECTOR_SCHEMA
+      id:
+        type: string
+        description: The object ID this reference applies to.
+        example: 2c91808568c529c60168cca6f90c1313
+      name:
+        type: string
+        description: The human-readable display name of the object.
+        example: group
   description:
     type: string
     description: A human-readable description of the attribute.
+    example: The sAMAccountName attribute
   isMulti:
     type: boolean
     description: Flag indicating whether or not the attribute is multi-valued.
@@ -29,6 +38,7 @@ properties:
     example: false
   isGroup:
     type: boolean
-    description: Unmodifiable flag indicating whether or not the attribute represents a group.
+    description: |
-    example: false
+      Flag indicating whether or not the attribute represents a group.
-    readOnly: true
+      This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
+    example: false

static/api-specs/idn/beta/schemas/AttributeDefinitionType.yaml

@@ -6,3 +6,4 @@ enum:
   - INT
   - BOOLEAN
 description: The underlying type of the value which an AttributeDefinition represents.
+example: STRING

static/api-specs/idn/beta/schemas/Schema.yaml

@@ -52,14 +52,19 @@ properties:
     example: [
         {
             name: "sAMAccountName",
-            type: "string",
+            type: "STRING",
             isMultiValued: false,
             isEntitlement: false,
             isGroup: false
         },
         {
             name: "memberOf",
-            type: "string",
+            type: "STRING",
+            schema: {
+              type: "CONNECTOR_SCHEMA",
+              id: "2c9180887671ff8c01767b4671fc7d60",
+              name: "group"
+            },
             description: "Group membership",
             isMultiValued: true,
             isEntitlement: true,

static/api-specs/idn/v3/paths/schema.yaml

@@ -102,7 +102,9 @@ patch:
     - Sources
   summary: Update Source Schema (Partial)
   description: >-
-    This API can be used to selectively update an existing Schema using a JSONPatch payload. Some fields of the Schema cannot be updated. These fields are listed below.
+    Use this API to selectively update an existing Schema using a JSONPatch payload. 
+    
+    The following schema fields are immutable and cannot be updated:
 
     * id
 
@@ -111,6 +113,27 @@ patch:
     * created
 
     * modified
+
+
+    To switch an account attribute to a group, you need to have the following in place:
+
+    * `isEntitlement: true`
+    * Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-schema) before updating the `isGroup` flag.  For example, here is the `group` account attribute referencing a schema that defines the group:
+    ```json
+    {
+        "name": "groups",
+        "type": "STRING",
+        "schema": {
+            "type": "CONNECTOR_SCHEMA",
+            "id": "2c9180887671ff8c01767b4671fc7d60",
+            "name": "group"
+        },
+        "description": "The groups, roles etc. that reference account group objects",
+        "isMulti": true,
+        "isEntitlement": true,
+        "isGroup": true
+    }
+    ```
   parameters:
     - in: path
       name: sourceId

static/api-specs/idn/v3/schemas/AttributeDefinition.yaml

@@ -6,19 +6,24 @@ properties:
     example: sAMAccountName
   type:
     $ref: "./AttributeDefinitionType.yaml"
-    description: The type of the attribute.
-    example: string
   schema:
-    $ref: "../../v3/schemas/BaseReferenceDto.yaml"
+    description: A reference to the schema on the source to the attribute values map to.
-    description:
+    type: object
-      A reference to the schema on the source to which the values of the
+    properties:
-      attribute map.
+      type:
-    example:
+        description: The type of object being referenced
-      {
+        type: string
-        type: "CONNECTOR_SCHEMA",
+        enum:
-        id: "2c9180866166b5b0016167c32ef31a66",
+        - CONNECTOR_SCHEMA
-        name: "group",
+        example: CONNECTOR_SCHEMA
-      }
+      id:
+        type: string
+        description: The object ID this reference applies to.
+        example: 2c91808568c529c60168cca6f90c1313
+      name:
+        type: string
+        description: The human-readable display name of the object.
+        example: group
   description:
     type: string
     description: A human-readable description of the attribute.
@@ -33,7 +38,7 @@ properties:
     example: false
   isGroup:
     type: boolean
-    description:
+    description: |
       Flag indicating whether or not the attribute represents a group.
-    example: false
+      This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
-    readOnly: true
+    example: false

static/api-specs/idn/v3/schemas/Schema.yaml

@@ -48,18 +48,23 @@ properties:
     type: array
     description: The attribute definitions which form the schema.
     items:
-        $ref: './AttributeDefinition.yaml'
+      $ref: './AttributeDefinition.yaml'
     example: [
         {
             name: "sAMAccountName",
-            type: "string",
+            type: "STRING",
             isMultiValued: false,
             isEntitlement: false,
             isGroup: false
         },
         {
             name: "memberOf",
-            type: "string",
+            type: "STRING",
+            schema: {
+              type: "CONNECTOR_SCHEMA",
+              id: "2c9180887671ff8c01767b4671fc7d60",
+              name: "group"
+            },
             description: "Group membership",
             isMultiValued: true,
             isEntitlement: true,