mirror of
https://github.com/LukeHagar/developer.sailpoint.com.git
synced 2025-12-06 04:19:31 +00:00
185 lines
6.2 KiB
YAML
185 lines
6.2 KiB
YAML
get:
|
|
operationId: getAccessProfile
|
|
tags:
|
|
- Access Profiles
|
|
summary: Get an Access Profile
|
|
description: >-
|
|
This API returns an Access Profile by its ID.
|
|
|
|
|
|
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to
|
|
call this API.
|
|
parameters:
|
|
- in: path
|
|
name: id
|
|
required: true
|
|
schema:
|
|
type: string
|
|
description: >-
|
|
ID of the Access Profile
|
|
example: 2c9180837ca6693d017ca8d097500149
|
|
responses:
|
|
'200':
|
|
description: An AccessProfile
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '../../v3/schemas/access/AccessProfile.yaml'
|
|
'400':
|
|
$ref: '../../v3/responses/400.yaml'
|
|
'401':
|
|
$ref: '../../v3/responses/401.yaml'
|
|
'403':
|
|
$ref: '../../v3/responses/403.yaml'
|
|
'429':
|
|
$ref: '../../v3/responses/429.yaml'
|
|
'500':
|
|
$ref: '../../v3/responses/500.yaml'
|
|
security:
|
|
- oauth2: [idn:access-profile:read, idn:access-profile:manage]
|
|
patch:
|
|
operationId: patchAccessProfile
|
|
tags:
|
|
- Access Profiles
|
|
summary: Patch a specified Access Profile
|
|
description: >-
|
|
This API updates an existing Access Profile. The following fields are patchable:
|
|
|
|
**name**, **description**, **enabled**, **owner**, **requestable**,
|
|
**accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria**
|
|
|
|
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a
|
|
SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to
|
|
administer.
|
|
|
|
> The maximum supported length for the description field is 2000 characters.
|
|
Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
|
|
|
|
|
|
> You can only add or replace **entitlements** that exist on the source that the access profile is attached to.
|
|
You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.
|
|
|
|
|
|
> Patching the value of the **requestable** field is only supported for customers enabled with the new Request
|
|
Center. Otherwise, attempting to modify this field results in a 400 error.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
description: ID of the Access Profile to patch
|
|
required: true
|
|
schema:
|
|
type: string
|
|
example: 2c91808a7813090a017814121919ecca
|
|
requestBody:
|
|
content:
|
|
application/json-patch+json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '../schemas/JsonPatchOperation.yaml'
|
|
examples:
|
|
Add Entitlements:
|
|
description: Add one or more entitlements to the end of the list
|
|
value:
|
|
- op: add
|
|
path: /entitlements
|
|
value:
|
|
- id: 2c9180857725c14301772a93bb77242d
|
|
type: ENTITLEMENT
|
|
name: AD User Group
|
|
Insert Entitlement:
|
|
description: Add an entitlement at the beginning of the entitlement list
|
|
value:
|
|
- op: add
|
|
path: /entitlements/0
|
|
value:
|
|
id: 2c9180857725c14301772a93bb77242d
|
|
type: ENTITLEMENT
|
|
name: AD User Group
|
|
Replace Entitlements:
|
|
description: Replace all entitlements with a new list of entitlements
|
|
value:
|
|
- op: replace
|
|
path: /entitlements
|
|
value:
|
|
- id: 2c9180857725c14301772a93bb77242d
|
|
type: ENTITLEMENT
|
|
name: AD User Group
|
|
Remove Entitlement:
|
|
description: Remove the first entitlement in the list
|
|
value:
|
|
- op: remove
|
|
path: /entitlements/0
|
|
required: true
|
|
responses:
|
|
'200':
|
|
description: Responds with the Access Profile as updated.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '../../v3/schemas/access/AccessProfile.yaml'
|
|
'400':
|
|
$ref: '../../v3/responses/400.yaml'
|
|
'401':
|
|
$ref: '../../v3/responses/401.yaml'
|
|
'403':
|
|
$ref: '../../v3/responses/403.yaml'
|
|
'429':
|
|
$ref: '../../v3/responses/429.yaml'
|
|
'500':
|
|
$ref: '../../v3/responses/500.yaml'
|
|
security:
|
|
- oauth2: [idn:access-profile:manage]
|
|
delete:
|
|
operationId: deleteAccessProfile
|
|
tags:
|
|
- Access Profiles
|
|
summary: Delete the specified Access Profile
|
|
description: >-
|
|
This API deletes an existing Access Profile.
|
|
|
|
|
|
The Access Profile must not be in use. If it is, a 400 error is returned.
|
|
|
|
|
|
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition,
|
|
a SOURCE_SUBADMIN token must be able to administer the Source associated with the Access Profile.
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
description: ID of the Access Profile to delete
|
|
required: true
|
|
schema:
|
|
type: string
|
|
example: 2c91808a7813090a017814121919ecca
|
|
responses:
|
|
'204':
|
|
$ref: "../../v3/responses/204.yaml"
|
|
'400':
|
|
description: Returned when an access profile cannot be deleted as it's being used.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '../../v3/schemas/ErrorResponseDto.yaml'
|
|
examples:
|
|
400.2.1.0 Object in use by another:
|
|
description: Returned when an access profile cannot be deleted as it's being used
|
|
value:
|
|
detailCode: 400.2.1.0 Object in use by another
|
|
trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3
|
|
messages:
|
|
- locale: en-US
|
|
localeOrigin: DEFAULT
|
|
text: The "testAccessProfile" access profile can't be deleted because it's in use.
|
|
'401':
|
|
$ref: '../../v3/responses/401.yaml'
|
|
'403':
|
|
$ref: '../../v3/responses/403.yaml'
|
|
'429':
|
|
$ref: '../../v3/responses/429.yaml'
|
|
'500':
|
|
$ref: '../../v3/responses/500.yaml'
|
|
security:
|
|
- oauth2: [idn:access-profile:manage]
|
|
|