Edit entitlements for a potential role to exclude some entitlements
create-potential-role-provision-request
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method starts a job to provision a potential role
Accepted. Returns a potential role summary including the status of the provison request
RoleMiningPotentialRoleSummary
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
404
Not Found - returned if the request URL refers to a resource or object that does not exist
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: application/json
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$MinEntitlementPopularity=56# Int32 | Minimum popularity required for an entitlement to be included in the provisioned role. (optional) (default to 0)$IncludeCommonAccess=$true# Boolean | Boolean determining whether common access entitlements will be included in the provisioned role. (optional) (default to $true)$RoleMiningPotentialRoleProvisionRequest=@"{
"includeIdentities" : true,
"roleName" : "Finance-Accounting",
"ownerId" : "2b568c65bc3c4c57a43bd97e3a8e41",
"roleDescription" : "Generalaccessforaccountingdepartment",
"directlyAssignedEntitlements" : false
}"@# Create request to provision a potential role into an actual role.try{New-V2024PotentialRoleProvisionRequest-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# New-V2024PotentialRoleProvisionRequest -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -MinEntitlementPopularity $MinEntitlementPopularity -IncludeCommonAccess $IncludeCommonAccess -V2024RoleMiningPotentialRoleProvisionRequest $Result }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling New-V2024PotentialRoleProvisionRequest"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This submits a create role mining session request to the role mining application.
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: application/json
Accept: application/json
Example
$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$RoleMiningSessionDto=@"{
"emailRecipientId" : "2c918090761a5aac0176215c46a62d58",
"prescribedPruneThreshold" : 10,
"pruneThreshold" : 50,
"saved" : true,
"potentialRolesReadyCount" : 0,
"scope" : {
"identityIds" : [ "2c918090761a5aac0176215c46a62d58", "2c918090761a5aac01722015c46a62d42" ],
"attributeFilterCriteria" : {
"displayName" : {
"untranslated" : "Location:Miami"
},
"ariaLabel" : {
"untranslated" : "Location:Miami"
},
"data" : {
"displayName" : {
"translateKey" : "IDN.IDENTITY_ATTRIBUTES.LOCATION"
},
"name" : "location",
"operator" : "EQUALS",
"values" : [ "Miami" ]
}
},
"criteria" : "source.name:DataScienceDataset"
},
"potentialRoleCount" : 0,
"name" : "SavedRM Session-07/10",
"minNumIdentitiesInPotentialRole" : 20,
"identityCount" : 0,
"type" : "SPECIALIZED"
}"@# Create a role mining sessiontry{$Result=ConvertFrom-JsonToRoleMiningSessionDto-Json$RoleMiningSessionDtoNew-V2024RoleMiningSessions-XSailPointExperimental$XSailPointExperimental-V2024RoleMiningSessionDto$Result# Below is a request that includes all optional parameters# New-V2024RoleMiningSessions -XSailPointExperimental $XSailPointExperimental -V2024RoleMiningSessionDto $Result }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling New-V2024RoleMiningSessions"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This endpoint downloads a completed export of information for a potential role in a role mining session.
The id of a previously run export job for this potential role
XSailPointExperimental
String
True (default to "true")
Use this header to enable this experimental API.
Return type
System.IO.FileInfo
Responses
Code
Description
Data Type
200
Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role.
System.IO.FileInfo
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/zip, application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="278359a6-04b7-4669-9468-924cf580964a"# String | A potential role id in a role mining session$ExportId="4940ffd4-836f-48a3-b2b0-6d498c3fdf40"# String | The id of a previously run export job for this potential role$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")# Export (download) details for a potential role in a role mining sessiontry{Invoke-V2024DownloadRoleMiningPotentialRoleZip-SessionId$SessionId-PotentialRoleId$PotentialRoleId-ExportId$ExportId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Invoke-V2024DownloadRoleMiningPotentialRoleZip -SessionId $SessionId -PotentialRoleId $PotentialRoleId -ExportId $ExportId -XSailPointExperimental $XSailPointExperimental }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Invoke-V2024DownloadRoleMiningPotentialRoleZip"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This endpoint downloads all the information for a potential role in a role mining session. Includes identities and entitlements in the potential role.
Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role.
System.IO.FileInfo
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/zip, application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")# Export (download) details for a potential role in a role mining sessiontry{Export-V2024RoleMiningPotentialRole-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Export-V2024RoleMiningPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Export-V2024RoleMiningPotentialRole"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This endpoint uploads all the information for a potential role in a role mining session to S3 as a downloadable zip archive. Includes identities and entitlements in the potential role.
Job Submitted. Returns a reportId that can be used to download the zip once complete
RoleMiningPotentialRoleExportResponse
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: application/json
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="278359a6-04b7-4669-9468-924cf580964a"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$RoleMiningPotentialRoleExportRequest=@"{
"minEntitlementPopularity" : 0,
"includeCommonAccess" : true
}"@# Asynchronously export details for a potential role in a role mining session and upload to S3try{Export-V2024RoleMiningPotentialRoleAsync-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Export-V2024RoleMiningPotentialRoleAsync -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -V2024RoleMiningPotentialRoleExportRequest $Result }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Export-V2024RoleMiningPotentialRoleAsync"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This endpoint retrieves information about the current status of a potential role export.
Success. Returns the current status of this export
RoleMiningPotentialRoleExportResponse
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="278359a6-04b7-4669-9468-924cf580964a"# String | A potential role id in a role mining session$ExportId="4940ffd4-836f-48a3-b2b0-6d498c3fdf40"# String | The id of a previously run export job for this potential role$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")# Retrieve status of a potential role export jobtry{Export-V2024RoleMiningPotentialRoleStatus-SessionId$SessionId-PotentialRoleId$PotentialRoleId-ExportId$ExportId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Export-V2024RoleMiningPotentialRoleStatus -SessionId $SessionId -PotentialRoleId $PotentialRoleId -ExportId $ExportId -XSailPointExperimental $XSailPointExperimental }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Export-V2024RoleMiningPotentialRoleStatus"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
Returns all potential role summaries that match the query parameters
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdDate, identityCount, entitlementCount, freshness, quality
Query
Filters
String
(optional)
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: createdById: eq, sw, cocreatedByName: eq, sw, codescription: sw, coendDate: le, ltfreshness: eq, ge, gt, le, ltname: eq, sw, co, ge, gt, le, ltquality: eq, ge, gt, le, ltstartDate: ge, gtsaved: eqtype: eq, ge, gt, le, ltscopingMethod: eqsessionState: eqidentityAttribute: co
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns all potential role summaries that match the query parameters.
RoleMiningPotentialRoleSummary[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Sorters="createdDate"# String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **createdDate, identityCount, entitlementCount, freshness, quality** (optional)$Filters='(createdByName co "int") and (createdById sw "2c9180907") and (type eq "COMMON") and ((name co "entt") or (saved eq true))'# String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **createdById**: *eq, sw, co* **createdByName**: *eq, sw, co* **description**: *sw, co* **endDate**: *le, lt* **freshness**: *eq, ge, gt, le, lt* **name**: *eq, sw, co, ge, gt, le, lt* **quality**: *eq, ge, gt, le, lt* **startDate**: *ge, gt* **saved**: *eq* **type**: *eq, ge, gt, le, lt* **scopingMethod**: *eq* **sessionState**: *eq* **identityAttribute**: *co* (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves all potential role summariestry{Get-V2024AllPotentialRoleSummaries-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024AllPotentialRoleSummaries -XSailPointExperimental $XSailPointExperimental -Sorters $Sorters -Filters $Filters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024AllPotentialRoleSummaries"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns entitlement popularity distribution for a potential role in a role mining session.
Boolean determining whether common access entitlements will be included or not
Return type
System.Collections.Hashtable
Responses
Code
Description
Data Type
200
Succeeded. Returns a map containing entitlement popularity distribution for a potential role.
System.Collections.Hashtable
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$IncludeCommonAccess=$true# Boolean | Boolean determining whether common access entitlements will be included or not (optional)# Retrieves entitlement popularity distribution for a potential role in a role mining sessiontry{Get-V2024EntitlementDistributionPotentialRole-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024EntitlementDistributionPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -IncludeCommonAccess $IncludeCommonAccess }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024EntitlementDistributionPotentialRole"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns entitlements for a potential role in a role mining session.
Boolean determining whether common access entitlements will be included or not
Query
Sorters
String
(optional)
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: popularity, entitlementName, applicationName The default sort is popularity in descending order.
Query
Filters
String
(optional)
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: swentitlementRef.name: sw
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns a list of entitlements for a potential role.
RoleMiningEntitlement[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$IncludeCommonAccess=$true# Boolean | Boolean determining whether common access entitlements will be included or not (optional) (default to $true)$Sorters="popularity"# String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **popularity, entitlementName, applicationName** The default sort is **popularity** in descending order. (optional)$Filters='applicationName sw "AD"'# String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **applicationName**: *sw* **entitlementRef.name**: *sw* (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves entitlements for a potential role in a role mining sessiontry{Get-V2024EntitlementsPotentialRole-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024EntitlementsPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -IncludeCommonAccess $IncludeCommonAccess -Sorters $Sorters -Filters $Filters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024EntitlementsPotentialRole"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns excluded entitlements for a potential role in a role mining session.
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: swentitlementRef.name: sw
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns a list of excluded entitlements for a potential roles.
RoleMiningEntitlement[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Sorters="populariity"# String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **popularity** (optional)$Filters='applicationName sw "AD"'# String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **applicationName**: *sw* **entitlementRef.name**: *sw* (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves excluded entitlements for a potential role in a role mining sessiontry{Get-V2024ExcludedEntitlementsPotentialRole-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024ExcludedEntitlementsPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -Sorters $Sorters -Filters $Filters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024ExcludedEntitlementsPotentialRole"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns identities for a potential role in a role mining session.
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: name: sw
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns a list of identities for a potential role.
RoleMiningIdentity[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Sorters="name"# String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** (optional)$Filters='MyFilters'# String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw* (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves identities for a potential role in a role mining sessiontry{Get-V2024IdentitiesPotentialRole-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024IdentitiesPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -Sorters $Sorters -Filters $Filters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024IdentitiesPotentialRole"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns a specific potential role for a role mining session.
Succeeded. Returns a list of potential roles for a role mining session.
RoleMiningPotentialRole
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")# Retrieves a specific potential roletry{Get-V2024PotentialRole-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024PotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024PotentialRole"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns the applications of a potential role for a role mining session.
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: sw
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns a list of potential roles for a role mining session.
RoleMiningPotentialRoleApplication[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="62f28d91-7d9f-4d17-be15-666d5b41d77f"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Filters='applicationName sw "test"'# String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **applicationName**: *sw* (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves the applications of a potential role for a role mining sessiontry{Get-V2024PotentialRoleApplications-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024PotentialRoleApplications -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -Filters $Filters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024PotentialRoleApplications"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns the entitlements of a potential role for a role mining session.
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: entitlementRef.name: sw
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns the entitlements of a potential role for a role mining session. session.
RoleMiningPotentialRoleEntitlements[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="62f28d91-7d9f-4d17-be15-666d5b41d77f"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Filters='entitlementRef.name sw "test"'# String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **entitlementRef.name**: *sw* (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves the entitlements of a potential role for a role mining sessiontry{Get-V2024PotentialRoleEntitlements-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024PotentialRoleEntitlements -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -Filters $Filters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024PotentialRoleEntitlements"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns source usageCount (as number of days in the last 90 days) for each identity in a potential role.
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: displayName, email, usageCount
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns a list of source usage for the identities in a potential role.
RoleMiningPotentialRoleSourceUsage[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$PotentialRoleId="e0cc5d7d-bf7f-4f81-b2af-8885b09d9923"# String | A potential role id$SourceId="2c9180877620c1460176267f336a106f"# String | A source id$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Sorters="-usageCount"# String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **displayName, email, usageCount** (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves potential role source usagetry{Get-V2024PotentialRoleSourceIdentityUsage-PotentialRoleId$PotentialRoleId-SourceId$SourceId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024PotentialRoleSourceIdentityUsage -PotentialRoleId $PotentialRoleId -SourceId $SourceId -XSailPointExperimental $XSailPointExperimental -Sorters $Sorters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024PotentialRoleSourceIdentityUsage"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns the potential role summaries for a role mining session.
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdDate
Query
Filters
String
(optional)
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: createdById: eq, sw, cocreatedByName: eq, sw, codescription: sw, coendDate: le, ltfreshness: eq, ge, gt, le, ltname: eq, sw, coquality: eq, ge, gt, le, ltstartDate: ge, gtsaved: eqtype: eq
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns a list of potential role summaries for a role mining session.
RoleMiningPotentialRoleSummary[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Sorters="createdDate"# String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **createdDate** (optional)$Filters='(createdByName co "int")and (createdById sw "2c9180907")and (type eq "COMMON")and ((name co "entt")or (saved eq true))'# String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **createdById**: *eq, sw, co* **createdByName**: *eq, sw, co* **description**: *sw, co* **endDate**: *le, lt* **freshness**: *eq, ge, gt, le, lt* **name**: *eq, sw, co* **quality**: *eq, ge, gt, le, lt* **startDate**: *ge, gt* **saved**: *eq* **type**: *eq* (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves all potential role summariestry{Get-V2024PotentialRoleSummaries-SessionId$SessionId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024PotentialRoleSummaries -SessionId $SessionId -XSailPointExperimental $XSailPointExperimental -Sorters $Sorters -Filters $Filters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024PotentialRoleSummaries"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns a specific potential role.
Succeeded. Returns a list of potential roles for a role mining session.
RoleMiningPotentialRole
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")# Retrieves a specific potential roletry{Get-V2024RoleMiningPotentialRole-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024RoleMiningPotentialRole -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024RoleMiningPotentialRole"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
The method retrieves a role mining session.
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Client Error - Returned if the request body is invalid.
ErrorResponseDto
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
404
Not Found - returned if the request URL refers to a resource or object that does not exist
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id to be retrieved.$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")# Get a role mining sessiontry{Get-V2024RoleMiningSession-SessionId$SessionId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024RoleMiningSession -SessionId $SessionId -XSailPointExperimental $XSailPointExperimental }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024RoleMiningSession"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns a role mining session status for a customer.
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")# Get role mining session status statetry{Get-V2024RoleMiningSessionStatus-SessionId$SessionId-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024RoleMiningSessionStatus -SessionId $SessionId -XSailPointExperimental $XSailPointExperimental }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024RoleMiningSessionStatus"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
Returns all role mining sessions that match the query parameters
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: saved: eqname: eq, sw
Query
Sorters
String
(optional)
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdBy, createdDate
Query
Offset
Int32
(optional) (default to 0)
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns all role mining sessions that match the query parameters.
RoleMiningSessionDto[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Filters='saved eq "true" and name sw "RM Session"'# String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **saved**: *eq* **name**: *eq, sw* (optional)$Sorters="createdBy,createdDate"# String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **createdBy, createdDate** (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves all role mining sessionstry{Get-V2024RoleMiningSessions-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024RoleMiningSessions -XSailPointExperimental $XSailPointExperimental -Filters $Filters -Sorters $Sorters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024RoleMiningSessions"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This method returns all saved potential roles (draft roles).
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
Succeeded. Returns a list of draft roles for a role mining session.
RoleMiningSessionDraftRoleDto[]
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: Not defined
Accept: application/json
Example
$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$Sorters="modified"# String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **modified** (optional)$Offset=0# Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)$Limit=250# Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)$Count=$true# Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)# Retrieves all saved potential rolestry{Get-V2024SavedPotentialRoles-XSailPointExperimental$XSailPointExperimental# Below is a request that includes all optional parameters# Get-V2024SavedPotentialRoles -XSailPointExperimental $XSailPointExperimental -Sorters $Sorters -Offset $Offset -Limit $Limit -Count $Count }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Get-V2024SavedPotentialRoles"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
The method updates an existing potential role using.
Succeeded. Returns the potential role summary based on the potentialRoleId provided.
SystemCollectionsHashtable
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
404
Not Found - returned if the request URL refers to a resource or object that does not exist
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: application/json-patch+json
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The potential role summary id$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$PatchPotentialRoleRequestInner=@"[{op=remove, path=/description}, {op=replace, path=/description, value=Acct I - Potential Role}, {op=remove, path=/saved}, {op=replace, path=/saved, value=false}, {op=remove, path=/name}, {op=replace, path=/name, value=Potential Role Accounting}]"@# PatchPotentialRoleRequestInner[] | # Update a potential roletry{$Result=ConvertFrom-JsonToPatchPotentialRoleRequestInner-Json$PatchPotentialRoleRequestInnerUpdate-V2024PotentialRole-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental-V2024PatchPotentialRoleRequestInner$Result# Below is a request that includes all optional parameters# Update-V2024PotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -V2024PatchPotentialRoleRequestInner $Result }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Update-V2024PotentialRole"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
The method updates an existing potential role using.
Succeeded. Returns the potential role summary based on the potentialRoleId provided.
SystemCollectionsHashtable
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
404
Not Found - returned if the request URL refers to a resource or object that does not exist
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: application/json-patch+json
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The potential role summary id$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$PatchPotentialRoleRequestInner=@"[{op=remove, path=/description}, {op=replace, path=/description, value=Acct I - Potential Role}, {op=remove, path=/saved}, {op=replace, path=/saved, value=false}, {op=remove, path=/name}, {op=replace, path=/name, value=Potential Role Accounting}]"@# PatchPotentialRoleRequestInner[] | # Update a potential roletry{$Result=ConvertFrom-JsonToPatchPotentialRoleRequestInner-Json$PatchPotentialRoleRequestInnerUpdate-V2024PotentialRole0-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental-V2024PatchPotentialRoleRequestInner$Result# Below is a request that includes all optional parameters# Update-V2024PotentialRole0 -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -V2024PatchPotentialRoleRequestInner $Result }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Update-V2024PotentialRole0"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
The method updates an existing role mining session using PATCH. Supports op in {"replace"} and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated.
Accepted - Returned if the request was successfully accepted into the system.
SystemCollectionsHashtable
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
404
Not Found - returned if the request URL refers to a resource or object that does not exist
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessProfiles429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: application/json-patch+json
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id to be patched$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$JsonPatchOperation=@"{
"op" : "replace",
"path" : "/description",
"value" : "Newdescription"
}"@# JsonPatchOperation[] | Replace pruneThreshold and/or minNumIdentitiesInPotentialRole in role mining session. Update saved status or saved name for a role mining session.# Patch a role mining sessiontry{$Result=ConvertFrom-JsonToJsonPatchOperation-Json$JsonPatchOperationUpdate-V2024RoleMiningSession-SessionId$SessionId-XSailPointExperimental$XSailPointExperimental-V2024JsonPatchOperation$Result# Below is a request that includes all optional parameters# Update-V2024RoleMiningSession -SessionId $SessionId -XSailPointExperimental $XSailPointExperimental -V2024JsonPatchOperation $Result }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Update-V2024RoleMiningSession"Write-Host$_.ErrorDetails}
:::warning experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
:::
This endpoint adds or removes entitlements from an exclusion list for a potential role.
Adds or removes entitlements from a potential role's entitlement exclusion list.
RoleMiningPotentialRole
400
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessProfiles401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: application/json
Accept: application/json
Example
$SessionId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | The role mining session id$PotentialRoleId="8c190e67-87aa-4ed9-a90b-d9d5344523fb"# String | A potential role id in a role mining session$XSailPointExperimental="true"# String | Use this header to enable this experimental API. (default to "true")$RoleMiningPotentialRoleEditEntitlements=@"{
"ids" : [ "entId1", "entId2" ],
"exclude" : true
}"@# Edit entitlements for a potential role to exclude some entitlementstry{$Result=ConvertFrom-JsonToRoleMiningPotentialRoleEditEntitlements-Json$RoleMiningPotentialRoleEditEntitlementsUpdate-V2024EntitlementsPotentialRole-SessionId$SessionId-PotentialRoleId$PotentialRoleId-XSailPointExperimental$XSailPointExperimental-V2024RoleMiningPotentialRoleEditEntitlements$Result# Below is a request that includes all optional parameters# Update-V2024EntitlementsPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -XSailPointExperimental $XSailPointExperimental -V2024RoleMiningPotentialRoleEditEntitlements $Result }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Update-V2024EntitlementsPotentialRole"Write-Host$_.ErrorDetails}
