mirror of
https://github.com/LukeHagar/developer.sailpoint.com.git
synced 2025-12-06 12:27:46 +00:00
139 lines
64 KiB
Plaintext
139 lines
64 KiB
Plaintext
---
|
|
id: patch-role
|
|
sidebar_label: Patch a specified Role
|
|
hide_title: true
|
|
hide_table_of_contents: true
|
|
api: {"operationId":"patchRole","tags":["Roles"],"description":"This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.\n\nThe following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.","parameters":[{"name":"id","in":"path","description":"ID of the Role to patch","required":true,"schema":{"type":"string","example":"2c91808a7813090a017814121e121518"}}],"requestBody":{"content":{"application/json-patch+json":{"schema":{"type":"array","items":{"type":"object","description":"A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)","required":["op","path"],"properties":{"op":{"type":"string","description":"The operation to be performed","enum":["add","remove","replace","move","copy","test"],"example":"replace"},"path":{"type":"string","description":"A string JSON Pointer representing the target path to an element to be affected by the operation","example":"/description"},"value":{"anyOf":[{"type":"string"},{"type":"integer"},{"type":"object"},{"type":"array","items":{"anyOf":[{"type":"string"},{"type":"integer"},{"type":"object"}]}}],"description":"The value to be used for the operation, required for \"add\" and \"replace\" operations","example":"New description"}}}},"examples":{"Make a Role Requestable and Enable it in One Call":{"description":"This example shows how multiple fields may be updated with a single patch call.","value":[{"op":"replace","path":"/requestable","value":true},{"op":"replace","path":"/enabled","value":true}]},"Assign a Role to a Segment":{"description":"This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array.","value":[{"op":"add","path":"/segments/-","value":"f7b1b8a3-5fed-4fd4-ad29-82014e137e19"}]},"Set the Membership Selection Criteria to a List of Identities":{"description":"This example shows how to define a Role's membershp by providing a list of Identities, referenced by their IDs.","value":[{"op":"replace","path":"/membership","value":{"type":"IDENTITY_LIST","identities":[{"id":"2c91808973fe906c0174262092014ed9"},{"id":"2c918086262092014ed94fb8a47612f3"}]}}]},"Set the Membership Selection Criteria to a Standard Expression":{"description":"This example shows how to define a Role's membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.","value":[{"op":"replace","path":"/membership","value":{"type":"STANDARD","criteria":{"operation":"OR","children":[{"operation":"EQUALS","key":{"type":"ENTITLEMENT","property":"attribute.memberOf","sourceId":"2c9180887701fb2014213e122092014e"},"stringValue":"Engineering"}]}}}]},"Add a New Clause as the Child of an Existing Standard Expression":{"description":"This example shows how to add a child clause to an existing STANDARD criteria expression.","value":[{"op":"add","path":"/membership/criteria/children/-","value":{"operation":"ENDS_WITH","key":{"type":"IDENTITY","property":"attribute.email"},"stringValue":"@identitynow.com"}}]}}}},"required":true},"responses":{"200":{"description":"Responds with the Role as updated.","content":{"application/json":{"schema":{"type":"object","description":"A Role","properties":{"id":{"type":"string","description":"The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.","example":"2c918086749d78830174a1a40e121518"},"name":{"type":"string","description":"The human-readable display name of the Role","maxLength":128,"example":"Role 2567"},"created":{"type":"string","description":"Date the Role was created","format":"date-time","example":"2021-03-01T22:32:58.104Z","readOnly":true},"modified":{"type":"string","description":"Date the Role was last modified.","format":"date-time","example":"2021-03-02T20:22:28.104Z","readOnly":true},"description":{"type":"string","nullable":true,"description":"A human-readable description of the Role","example":"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor."},"owner":{"type":"object","description":"The owner of this object.","properties":{"type":{"description":"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.","example":"IDENTITY","type":"string","enum":["ACCOUNT_CORRELATION_CONFIG","ACCESS_PROFILE","ACCESS_REQUEST_APPROVAL","ACCOUNT","APPLICATION","CAMPAIGN","CAMPAIGN_FILTER","CERTIFICATION","CLUSTER","CONNECTOR_SCHEMA","ENTITLEMENT","GOVERNANCE_GROUP","IDENTITY","IDENTITY_PROFILE","IDENTITY_REQUEST","LIFECYCLE_STATE","PASSWORD_POLICY","ROLE","RULE","SOD_POLICY","SOURCE","TAG_CATEGORY","TASK_RESULT","REPORT_RESULT","SOD_VIOLATION","ACCOUNT_ACTIVITY"]},"id":{"type":"string","description":"Identity id","example":"2c9180a46faadee4016fb4e018c20639"},"name":{"type":"string","description":"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.","example":"support"}}},"accessProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"ID of the Access Profile","example":"ff808081751e6e129f1518161919ecca"},"type":{"type":"string","description":"Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.","enum":["ACCESS_PROFILE"],"example":"ACCESS_PROFILE"},"name":{"type":"string","description":"Human-readable display name of the Access Profile. This field is ignored on input.","example":"Access Profile 2567"}}},"nullable":true},"membership":{"nullable":true,"type":"object","description":"When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.","properties":{"type":{"type":"string","enum":["STANDARD","IDENTITY_LIST"],"description":"This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed","example":"IDENTITY_LIST"},"criteria":{"nullable":true,"type":"object","description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa."}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa."}}},"identities":{"type":"array","items":{"type":"object","description":"A reference to an Identity in an IDENTITY_LIST role membership criteria.","properties":{"type":{"type":"string","enum":["ACCOUNT_CORRELATION_CONFIG","ACCESS_PROFILE","ACCESS_REQUEST_APPROVAL","ACCOUNT","APPLICATION","CAMPAIGN","CAMPAIGN_FILTER","CERTIFICATION","CLUSTER","CONNECTOR_SCHEMA","ENTITLEMENT","GOVERNANCE_GROUP","IDENTITY","IDENTITY_PROFILE","IDENTITY_REQUEST","LIFECYCLE_STATE","PASSWORD_POLICY","ROLE","RULE","SOD_POLICY","SOURCE","TAG_CATEGORY","TASK_RESULT","REPORT_RESULT","SOD_VIOLATION","ACCOUNT_ACTIVITY"],"description":"An enumeration of the types of DTOs supported within the IdentityNow infrastructure.","example":"IDENTITY","nullable":true},"id":{"type":"string","description":"Identity id","example":"2c9180a46faadee4016fb4e018c20639"},"name":{"type":"string","nullable":true,"description":"Human-readable display name of the Identity.","example":"Thomas Edison"},"aliasName":{"type":"string","nullable":true,"description":"User name of the Identity","example":"t.edison"}}},"nullable":true,"description":"Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST."}}},"legacyMembershipInfo":{"type":"object","nullable":true,"description":"This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.","example":{"type":"IDENTITY_LIST"},"additionalProperties":true},"enabled":{"type":"boolean","description":"Whether the Role is enabled or not. This field is false by default.","example":true},"requestable":{"type":"boolean","description":"Whether the Role can be the target of Access Requests. This field is false by default.","example":true},"accessRequestConfig":{"nullable":true,"description":"Access request configuration for this object","type":"object","properties":{"commentsRequired":{"type":"boolean","description":"Whether the requester of the containing object must provide comments justifying the request","example":true},"denialCommentsRequired":{"type":"boolean","description":"Whether an approver must provide comments when denying the request","example":true},"approvalSchemes":{"type":"array","description":"List describing the steps in approving the request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"revocationRequestConfig":{"nullable":true,"description":"Revocation request configuration for this object.","type":"object","properties":{"approvalSchemes":{"type":"array","description":"List describing the steps in approving the revocation request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["OWNER","SOURCE_OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"segments":{"type":"array","items":{"type":"string"},"nullable":true,"description":"List of IDs of segments, if any, to which this Role is assigned.","example":["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]}},"required":["name"]}}}},"400":{"description":"Client Error - Returned if the request body is invalid.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}}}}},"401":{"description":"Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A message describing the error","example":"JWT validation failed: JWT is expired"}}}}}},"403":{"description":"Forbidden - Returned if the user you are running as, doesn't have access to this end-point.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"403":{"summary":"An example of a 403 response object","value":{"detailCode":"403 Forbidden","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"The server understood the request but refuses to authorize it."}]}}}}}},"429":{"description":"Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"description":"A message describing the error","example":" Rate Limit Exceeded "}}}}}},"500":{"description":"Internal Server Error - Returned if there is an unexpected error.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"500":{"summary":"An example of a 500 response object","value":{"detailCode":"500.0 Internal Fault","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"An internal fault occurred."}]}}}}}}},"security":[{"bearerAuth":["idn:role:update","idn:role-checked:update"]}],"method":"patch","path":"/roles/{id}","servers":[{"url":"https://{tenant}.api.identitynow.com/beta","description":"This is the beta API server.","variables":{"tenant":{"default":"sailpoint","description":"This is the name of your tenant, typically your company's name."}}}],"securitySchemes":{"oauth2":{"type":"oauth2","description":"OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/docs/authentication.html) for more information.\n- Directions for generating a [personal access token](https://developer.sailpoint.com/docs/authentication.html#personal-access-tokens)\n- Directions using [client credentials flow](https://developer.sailpoint.com/docs/authentication.html#client-credentials-grant-flow)\n- Directions for using [authorization code flow](https://developer.sailpoint.com/docs/authentication.html#authorization-code-grant-flow)\n\nWhich authentication method should I choose? See our [guide](https://developer.sailpoint.com/docs/authentication.html#which-oauth-2-0-grant-flow-should-i-use)\n\nLearn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/docs/authentication.html#finding-your-tenant-s-oauth-details)\n","flows":{"clientCredentials":{"tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}},"authorizationCode":{"authorizationUrl":"https://tenant.identitynow.com/oauth/authorize","tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}}}}},"jsonRequestBodyExample":[{"op":"replace","path":"/description","value":"New description"}],"info":{"contact":{"email":"developers@sailpoint.com","name":"Developer Relations","url":"https://developer.sailpoint.com/discuss"},"description":"These are the public, beta APIs for SailPoint's SaaS services and are subject to change.","title":"SailPoint - Beta SaaS API","version":"3.1.0-beta"},"postman":{"name":"Patch a specified Role","description":{"content":"This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.\n\nThe following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.","type":"text/plain"},"url":{"path":["roles",":id"],"host":["{{baseUrl}}"],"query":[],"variable":[{"disabled":false,"description":{"content":"(Required) ID of the Role to patch","type":"text/plain"},"type":"any","value":"","key":"id"}]},"header":[{"key":"Content-Type","value":"application/json-patch+json"},{"key":"Accept","value":"application/json"}],"method":"PATCH","body":{"mode":"raw","raw":"\"\"","options":{"raw":{"language":"json"}}}}}
|
|
sidebar_class_name: "patch api-method"
|
|
info_path: docs/sailpoint-api-beta/sail-point-beta-saa-s-api
|
|
---
|
|
|
|
import ApiTabs from "@theme/ApiTabs";
|
|
import MimeTabs from "@theme/MimeTabs";
|
|
import ParamsItem from "@theme/ParamsItem";
|
|
import ResponseSamples from "@theme/ResponseSamples";
|
|
import SchemaItem from "@theme/SchemaItem"
|
|
import SchemaTabs from "@theme/SchemaTabs";
|
|
import DiscriminatorTabs from "@theme/DiscriminatorTabs";
|
|
import TabItem from "@theme/TabItem";
|
|
|
|
## Patch a specified Role
|
|
|
|
|
|
|
|
This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
|
|
|
|
The following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**
|
|
|
|
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
|
|
|
|
<details style={{"marginBottom":"1rem"}} data-collapsed={false} open={true}><summary style={{}}><strong>Path Parameters</strong></summary><div><ul><ParamsItem className={"paramsItem"} param={{"name":"id","in":"path","description":"ID of the Role to patch","required":true,"schema":{"type":"string","example":"2c91808a7813090a017814121e121518"}}}></ParamsItem></ul></div></details><MimeTabs><TabItem label={"application/json-patch+json"} value={"application/json-patch+json-schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Request Body</strong><span style={{"opacity":"0.6"}}> array</span><strong style={{"fontSize":"var(--ifm-code-font-size)","color":"var(--openapi-required)"}}> required</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"op"} required={true} schemaDescription={"The operation to be performed"} schemaName={"string"} qualifierMessage={"**Possible values:** [`add`, `remove`, `replace`, `move`, `copy`, `test`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"path"} required={true} schemaDescription={"A string JSON Pointer representing the target path to an element to be affected by the operation"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>value</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
The value to be used for the operation, required for "add" and "replace" operations
|
|
|
|
</div><li><div><span className={"badge badge--info"}>anyOf</span><SchemaTabs><TabItem label={"MOD1"} value={"0-item-properties"}><li><div><strong>string</strong></div></li></TabItem><TabItem label={"MOD2"} value={"1-item-properties"}><li><div><strong>integer</strong></div></li></TabItem><TabItem label={"MOD4"} value={"3-item-properties"}><li><div><span className={"badge badge--info"}>anyOf</span><SchemaTabs><TabItem label={"MOD1"} value={"0-item-properties"}><li><div><strong>string</strong></div></li></TabItem><TabItem label={"MOD2"} value={"1-item-properties"}><li><div><strong>integer</strong></div></li></TabItem></SchemaTabs></div></li></TabItem></SchemaTabs></div></li></div></details></SchemaItem></ul></details></TabItem></MimeTabs><div><ApiTabs><TabItem label={"200"} value={"200"}><div>
|
|
|
|
Responds with the Role as updated.
|
|
|
|
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"The human-readable display name of the Role"} schemaName={"string"} qualifierMessage={"**Possible values:** `<= 128 characters`"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"created"} required={false} schemaDescription={"Date the Role was created"} schemaName={"date-time"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"modified"} required={false} schemaDescription={"Date the Role was last modified."} schemaName={"date-time"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"description"} required={false} schemaDescription={"A human-readable description of the Role"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>owner</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
The owner of this object.
|
|
|
|
</div><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCOUNT_CORRELATION_CONFIG`, `ACCESS_PROFILE`, `ACCESS_REQUEST_APPROVAL`, `ACCOUNT`, `APPLICATION`, `CAMPAIGN`, `CAMPAIGN_FILTER`, `CERTIFICATION`, `CLUSTER`, `CONNECTOR_SCHEMA`, `ENTITLEMENT`, `GOVERNANCE_GROUP`, `IDENTITY`, `IDENTITY_PROFILE`, `IDENTITY_REQUEST`, `LIFECYCLE_STATE`, `PASSWORD_POLICY`, `ROLE`, `RULE`, `SOD_POLICY`, `SOURCE`, `TAG_CATEGORY`, `TASK_RESULT`, `REPORT_RESULT`, `SOD_VIOLATION`, `ACCOUNT_ACTIVITY`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"Identity id"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>accessProfiles</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"ID of the Access Profile"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCESS_PROFILE`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"Human-readable display name of the Access Profile. This field is ignored on input."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>membership</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.
|
|
|
|
</div><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed"} schemaName={"string"} qualifierMessage={"**Possible values:** [`STANDARD`, `IDENTITY_LIST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>criteria</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Defines STANDARD type Role membership
|
|
|
|
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
|
|
|
|
</div><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={false} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
|
|
|
|
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
|
|
|
|
</div><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={false} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
|
|
|
|
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
|
|
|
|
</div><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={false} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>identities</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.
|
|
|
|
</div><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"An enumeration of the types of DTOs supported within the IdentityNow infrastructure."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCOUNT_CORRELATION_CONFIG`, `ACCESS_PROFILE`, `ACCESS_REQUEST_APPROVAL`, `ACCOUNT`, `APPLICATION`, `CAMPAIGN`, `CAMPAIGN_FILTER`, `CERTIFICATION`, `CLUSTER`, `CONNECTOR_SCHEMA`, `ENTITLEMENT`, `GOVERNANCE_GROUP`, `IDENTITY`, `IDENTITY_PROFILE`, `IDENTITY_REQUEST`, `LIFECYCLE_STATE`, `PASSWORD_POLICY`, `ROLE`, `RULE`, `SOD_POLICY`, `SOURCE`, `TAG_CATEGORY`, `TASK_RESULT`, `REPORT_RESULT`, `SOD_VIOLATION`, `ACCOUNT_ACTIVITY`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"Identity id"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"Human-readable display name of the Identity."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"aliasName"} required={false} schemaDescription={"User name of the Identity"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>legacyMembershipInfo</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.
|
|
|
|
</div></div></details></SchemaItem><SchemaItem collapsible={false} name={"enabled"} required={false} schemaDescription={"Whether the Role is enabled or not. This field is false by default."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"requestable"} required={false} schemaDescription={"Whether the Role can be the target of Access Requests. This field is false by default."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>accessRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Access request configuration for this object
|
|
|
|
</div><SchemaItem collapsible={false} name={"commentsRequired"} required={false} schemaDescription={"Whether the requester of the containing object must provide comments justifying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"denialCommentsRequired"} required={false} schemaDescription={"Whether an approver must provide comments when denying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
List describing the steps in approving the request
|
|
|
|
</div><SchemaItem collapsible={false} name={"approverType"} required={false} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>revocationRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Revocation request configuration for this object.
|
|
|
|
</div><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
List describing the steps in approving the revocation request
|
|
|
|
</div><SchemaItem collapsible={false} name={"approverType"} required={false} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`OWNER`, `SOURCE_OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"segments"} required={false} schemaDescription={"List of IDs of segments, if any, to which this Role is assigned."} schemaName={"string[]"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabTtem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"400"} value={"400"}><div>
|
|
|
|
Client Error - Returned if the request body is invalid.
|
|
|
|
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Generic localized reason for error
|
|
|
|
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
|
|
|
|
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabTtem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"401"} value={"401"}><div>
|
|
|
|
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
|
|
|
|
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"error"} required={false} schemaDescription={"A message describing the error"} schemaName={""} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabTtem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"403"} value={"403"}><div>
|
|
|
|
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
|
|
|
|
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Generic localized reason for error
|
|
|
|
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
|
|
|
|
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabTtem><TabItem label={"403"} value={"403"}><ResponseSamples responseExample={"{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"429"} value={"429"}><div>
|
|
|
|
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
|
|
|
|
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"message"} required={false} schemaDescription={"A message describing the error"} schemaName={""} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabTtem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"500"} value={"500"}><div>
|
|
|
|
Internal Server Error - Returned if there is an unexpected error.
|
|
|
|
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Generic localized reason for error
|
|
|
|
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
|
|
|
|
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
|
|
|
|
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabTtem><TabItem label={"500"} value={"500"}><ResponseSamples responseExample={"{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem></ApiTabs></div>
|
|
|