LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-06 04:19:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8dba0a478d165c91c45097d503437419ecafb0ce
developer.sailpoint.com/products/idn/api/beta/create-role.api.mdx
Luke Hagar 8dba0a478d removed md from gitignore
2023-08-24 07:57:36 -05:00

190 lines
103 KiB
Plaintext
Raw Blame History

---
id: create-role
sidebar_label: Create a Role
hide_title: true
hide_table_of_contents: true
api: {"operationId":"createRole","tags":["Roles"],"description":"This API creates a Role.\nThere is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket.\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","description":"A Role","properties":{"id":{"type":"string","description":"The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.","example":"2c918086749d78830174a1a40e121518"},"name":{"type":"string","description":"The human-readable display name of the Role","maxLength":128,"example":"Role 2567"},"created":{"type":"string","description":"Date the Role was created","format":"date-time","example":"2021-03-01T22:32:58.104Z","readOnly":true},"modified":{"type":"string","description":"Date the Role was last modified.","format":"date-time","example":"2021-03-02T20:22:28.104Z","readOnly":true},"description":{"type":"string","nullable":true,"description":"A human-readable description of the Role","example":"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor."},"owner":{"type":"object","nullable":true,"description":"The owner of this object.","properties":{"type":{"description":"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.","example":"IDENTITY","type":"string","enum":["ACCOUNT_CORRELATION_CONFIG","ACCESS_PROFILE","ACCESS_REQUEST_APPROVAL","ACCOUNT","APPLICATION","CAMPAIGN","CAMPAIGN_FILTER","CERTIFICATION","CLUSTER","CONNECTOR_SCHEMA","ENTITLEMENT","GOVERNANCE_GROUP","IDENTITY","IDENTITY_PROFILE","IDENTITY_REQUEST","LIFECYCLE_STATE","PASSWORD_POLICY","ROLE","RULE","SOD_POLICY","SOURCE","TAG","TAG_CATEGORY","TASK_RESULT","REPORT_RESULT","SOD_VIOLATION","ACCOUNT_ACTIVITY"]},"id":{"type":"string","description":"Identity id","example":"2c9180a46faadee4016fb4e018c20639"},"name":{"type":"string","description":"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.","example":"support"}}},"accessProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"ID of the Access Profile","example":"ff808081751e6e129f1518161919ecca"},"type":{"type":"string","description":"Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.","enum":["ACCESS_PROFILE"],"example":"ACCESS_PROFILE"},"name":{"type":"string","description":"Human-readable display name of the Access Profile. This field is ignored on input.","example":"Access Profile 2567"}}},"nullable":true},"membership":{"nullable":true,"type":"object","description":"When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.","properties":{"type":{"type":"string","enum":["STANDARD","IDENTITY_LIST"],"description":"This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed","example":"IDENTITY_LIST"},"criteria":{"nullable":true,"type":"object","description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","nullable":true,"description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","nullable":true,"description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","nullable":true,"description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","nullable":true,"description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","nullable":true,"description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","nullable":true,"description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa."}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa."}}},"identities":{"type":"array","items":{"type":"object","description":"A reference to an Identity in an IDENTITY_LIST role membership criteria.","properties":{"type":{"type":"string","enum":["ACCOUNT_CORRELATION_CONFIG","ACCESS_PROFILE","ACCESS_REQUEST_APPROVAL","ACCOUNT","APPLICATION","CAMPAIGN","CAMPAIGN_FILTER","CERTIFICATION","CLUSTER","CONNECTOR_SCHEMA","ENTITLEMENT","GOVERNANCE_GROUP","IDENTITY","IDENTITY_PROFILE","IDENTITY_REQUEST","LIFECYCLE_STATE","PASSWORD_POLICY","ROLE","RULE","SOD_POLICY","SOURCE","TAG","TAG_CATEGORY","TASK_RESULT","REPORT_RESULT","SOD_VIOLATION","ACCOUNT_ACTIVITY"],"description":"An enumeration of the types of DTOs supported within the IdentityNow infrastructure.","example":"IDENTITY","nullable":true},"id":{"type":"string","description":"Identity id","example":"2c9180a46faadee4016fb4e018c20639"},"name":{"type":"string","nullable":true,"description":"Human-readable display name of the Identity.","example":"Thomas Edison"},"aliasName":{"type":"string","nullable":true,"description":"User name of the Identity","example":"t.edison"}}},"nullable":true,"description":"Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST."}}},"legacyMembershipInfo":{"type":"object","nullable":true,"description":"This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.","example":{"type":"IDENTITY_LIST"},"additionalProperties":true},"enabled":{"type":"boolean","description":"Whether the Role is enabled or not.","example":true,"default":false},"requestable":{"type":"boolean","description":"Whether the Role can be the target of access requests.","example":true,"default":false},"accessRequestConfig":{"nullable":true,"description":"Access request configuration for this object","type":"object","properties":{"commentsRequired":{"type":"boolean","description":"Whether the requester of the containing object must provide comments justifying the request","example":true,"nullable":true,"default":false},"denialCommentsRequired":{"type":"boolean","description":"Whether an approver must provide comments when denying the request","example":true,"nullable":true,"default":false},"approvalSchemes":{"type":"array","description":"List describing the steps in approving the request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","nullable":true,"description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"revocationRequestConfig":{"nullable":true,"default":null,"description":"Revocation request configuration for this object.","type":"object","properties":{"commentsRequired":{"type":"boolean","description":"Whether the requester of the containing object must provide comments justifying the request","example":false,"nullable":true,"default":false},"denialCommentsRequired":{"type":"boolean","description":"Whether an approver must provide comments when denying the request","example":false,"nullable":true,"default":false},"approvalSchemes":{"type":"array","description":"List describing the steps in approving the revocation request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["APP_OWNER","OWNER","SOURCE_OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","nullable":true,"description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"segments":{"type":"array","items":{"type":"string"},"nullable":true,"description":"List of IDs of segments, if any, to which this Role is assigned.","example":["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]}},"required":["name","owner"]}}}},"responses":{"201":{"description":"Role created","content":{"application/json":{"schema":{"type":"object","description":"A Role","properties":{"id":{"type":"string","description":"The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.","example":"2c918086749d78830174a1a40e121518"},"name":{"type":"string","description":"The human-readable display name of the Role","maxLength":128,"example":"Role 2567"},"created":{"type":"string","description":"Date the Role was created","format":"date-time","example":"2021-03-01T22:32:58.104Z","readOnly":true},"modified":{"type":"string","description":"Date the Role was last modified.","format":"date-time","example":"2021-03-02T20:22:28.104Z","readOnly":true},"description":{"type":"string","nullable":true,"description":"A human-readable description of the Role","example":"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor."},"owner":{"type":"object","nullable":true,"description":"The owner of this object.","properties":{"type":{"description":"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.","example":"IDENTITY","type":"string","enum":["ACCOUNT_CORRELATION_CONFIG","ACCESS_PROFILE","ACCESS_REQUEST_APPROVAL","ACCOUNT","APPLICATION","CAMPAIGN","CAMPAIGN_FILTER","CERTIFICATION","CLUSTER","CONNECTOR_SCHEMA","ENTITLEMENT","GOVERNANCE_GROUP","IDENTITY","IDENTITY_PROFILE","IDENTITY_REQUEST","LIFECYCLE_STATE","PASSWORD_POLICY","ROLE","RULE","SOD_POLICY","SOURCE","TAG","TAG_CATEGORY","TASK_RESULT","REPORT_RESULT","SOD_VIOLATION","ACCOUNT_ACTIVITY"]},"id":{"type":"string","description":"Identity id","example":"2c9180a46faadee4016fb4e018c20639"},"name":{"type":"string","description":"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.","example":"support"}}},"accessProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"ID of the Access Profile","example":"ff808081751e6e129f1518161919ecca"},"type":{"type":"string","description":"Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.","enum":["ACCESS_PROFILE"],"example":"ACCESS_PROFILE"},"name":{"type":"string","description":"Human-readable display name of the Access Profile. This field is ignored on input.","example":"Access Profile 2567"}}},"nullable":true},"membership":{"nullable":true,"type":"object","description":"When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.","properties":{"type":{"type":"string","enum":["STANDARD","IDENTITY_LIST"],"description":"This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed","example":"IDENTITY_LIST"},"criteria":{"nullable":true,"type":"object","description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","nullable":true,"description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","nullable":true,"description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","nullable":true,"description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","nullable":true,"description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","nullable":true,"description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","description":"Defines STANDARD type Role membership","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","STARTS_WITH","ENDS_WITH","AND","OR"],"description":"An operation","example":"EQUALS"},"key":{"type":"object","nullable":true,"description":"Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria","properties":{"type":{"type":"string","enum":["IDENTITY","ACCOUNT","ENTITLEMENT"],"description":"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.","example":"ACCOUNT"},"property":{"type":"string","description":"The name of the attribute or entitlement to which the associated criteria applies.","example":"attribute.email"},"sourceId":{"type":"string","nullable":true,"description":"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT","example":"2c9180867427f3a301745aec18211519"}},"required":["type","property"]},"stringValue":{"type":"string","description":"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.","example":"carlee.cert1c9f9b6fd@mailinator.com"}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa."}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa."}}},"identities":{"type":"array","items":{"type":"object","description":"A reference to an Identity in an IDENTITY_LIST role membership criteria.","properties":{"type":{"type":"string","enum":["ACCOUNT_CORRELATION_CONFIG","ACCESS_PROFILE","ACCESS_REQUEST_APPROVAL","ACCOUNT","APPLICATION","CAMPAIGN","CAMPAIGN_FILTER","CERTIFICATION","CLUSTER","CONNECTOR_SCHEMA","ENTITLEMENT","GOVERNANCE_GROUP","IDENTITY","IDENTITY_PROFILE","IDENTITY_REQUEST","LIFECYCLE_STATE","PASSWORD_POLICY","ROLE","RULE","SOD_POLICY","SOURCE","TAG","TAG_CATEGORY","TASK_RESULT","REPORT_RESULT","SOD_VIOLATION","ACCOUNT_ACTIVITY"],"description":"An enumeration of the types of DTOs supported within the IdentityNow infrastructure.","example":"IDENTITY","nullable":true},"id":{"type":"string","description":"Identity id","example":"2c9180a46faadee4016fb4e018c20639"},"name":{"type":"string","nullable":true,"description":"Human-readable display name of the Identity.","example":"Thomas Edison"},"aliasName":{"type":"string","nullable":true,"description":"User name of the Identity","example":"t.edison"}}},"nullable":true,"description":"Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST."}}},"legacyMembershipInfo":{"type":"object","nullable":true,"description":"This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.","example":{"type":"IDENTITY_LIST"},"additionalProperties":true},"enabled":{"type":"boolean","description":"Whether the Role is enabled or not.","example":true,"default":false},"requestable":{"type":"boolean","description":"Whether the Role can be the target of access requests.","example":true,"default":false},"accessRequestConfig":{"nullable":true,"description":"Access request configuration for this object","type":"object","properties":{"commentsRequired":{"type":"boolean","description":"Whether the requester of the containing object must provide comments justifying the request","example":true,"nullable":true,"default":false},"denialCommentsRequired":{"type":"boolean","description":"Whether an approver must provide comments when denying the request","example":true,"nullable":true,"default":false},"approvalSchemes":{"type":"array","description":"List describing the steps in approving the request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","nullable":true,"description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"revocationRequestConfig":{"nullable":true,"default":null,"description":"Revocation request configuration for this object.","type":"object","properties":{"commentsRequired":{"type":"boolean","description":"Whether the requester of the containing object must provide comments justifying the request","example":false,"nullable":true,"default":false},"denialCommentsRequired":{"type":"boolean","description":"Whether an approver must provide comments when denying the request","example":false,"nullable":true,"default":false},"approvalSchemes":{"type":"array","description":"List describing the steps in approving the revocation request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["APP_OWNER","OWNER","SOURCE_OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","nullable":true,"description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"segments":{"type":"array","items":{"type":"string"},"nullable":true,"description":"List of IDs of segments, if any, to which this Role is assigned.","example":["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]}},"required":["name","owner"]}}}},"400":{"description":"Client Error - Returned if the request body is invalid.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}}}}},"401":{"description":"Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A message describing the error","example":"JWT validation failed: JWT is expired"}}}}}},"403":{"description":"Forbidden - Returned if the user you are running as, doesn't have access to this end-point.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"403":{"summary":"An example of a 403 response object","value":{"detailCode":"403 Forbidden","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"The server understood the request but refuses to authorize it."}]}}}}}},"429":{"description":"Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"description":"A message describing the error","example":" Rate Limit Exceeded "}}}}}},"500":{"description":"Internal Server Error - Returned if there is an unexpected error.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"500":{"summary":"An example of a 500 response object","value":{"detailCode":"500.0 Internal Fault","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"An internal fault occurred."}]}}}}}}},"security":[{"oauth2":["idn:role-unchecked:manage","idn:role-checked:manage"]}],"method":"post","path":"/roles","servers":[{"url":"https://{tenant}.api.identitynow.com/beta","description":"This is the beta API server.","variables":{"tenant":{"default":"sailpoint","description":"This is the name of your tenant, typically your company's name."}}}],"securitySchemes":{"oauth2":{"type":"oauth2","description":"OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information.\n- Directions for generating a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens)\n- Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow)\n- Directions for using [authorization code flow](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow)\n\nWhich authentication method should I choose? See our [guide](https://developer.sailpoint.com/idn/api/authentication#which-oauth-20-grant-flow-should-i-use)\n\nLearn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/idn/api/authentication#find-your-tenants-oauth-details)\n","flows":{"clientCredentials":{"tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}},"authorizationCode":{"authorizationUrl":"https://tenant.identitynow.com/oauth/authorize","tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}}}}},"jsonRequestBodyExample":{"id":"2c918086749d78830174a1a40e121518","name":"Role 2567","description":"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.","owner":{"type":"IDENTITY","id":"2c9180a46faadee4016fb4e018c20639","name":"support"},"accessProfiles":[{"id":"ff808081751e6e129f1518161919ecca","type":"ACCESS_PROFILE","name":"Access Profile 2567"}],"membership":{"type":"IDENTITY_LIST","criteria":{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.email","sourceId":"2c9180867427f3a301745aec18211519"},"stringValue":"carlee.cert1c9f9b6fd@mailinator.com","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.email","sourceId":"2c9180867427f3a301745aec18211519"},"stringValue":"carlee.cert1c9f9b6fd@mailinator.com","children":[{"operation":"EQUALS","key":{"type":"ACCOUNT","property":"attribute.email","sourceId":"2c9180867427f3a301745aec18211519"},"stringValue":"carlee.cert1c9f9b6fd@mailinator.com"}]}]},"identities":[{"type":"IDENTITY","id":"2c9180a46faadee4016fb4e018c20639","name":"Thomas Edison","aliasName":"t.edison"}]},"legacyMembershipInfo":{"type":"IDENTITY_LIST"},"enabled":true,"requestable":true,"accessRequestConfig":{"commentsRequired":true,"denialCommentsRequired":true,"approvalSchemes":[{"approverType":"GOVERNANCE_GROUP","approverId":"46c79819-a69f-49a2-becb-12c971ae66c6"}]},"revocationRequestConfig":{"commentsRequired":false,"denialCommentsRequired":false,"approvalSchemes":[{"approverType":"GOVERNANCE_GROUP","approverId":"46c79819-a69f-49a2-becb-12c971ae66c6"}]},"segments":["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]},"info":{"title":"IdentityNow Beta API","description":"Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. These APIs are in beta and are subject to change. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.","termsOfService":"https://developer.sailpoint.com/discuss/tos","contact":{"name":"Developer Relations","url":"https://developer.sailpoint.com/discuss/api-help"},"license":{"name":"MIT","url":"https://opensource.org/licenses/MIT"},"version":"3.1.0-beta"},"postman":{"name":"Create a Role","description":{"content":"This API creates a Role.\nThere is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket.\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.","type":"text/plain"},"url":{"path":["roles"],"host":["{{baseUrl}}"],"query":[],"variable":[]},"header":[{"key":"Content-Type","value":"application/json"},{"key":"Accept","value":"application/json"}],"method":"POST","body":{"mode":"raw","raw":"\"\"","options":{"raw":{"language":"json"}}},"auth":{"type":"oauth2","oauth2":[]}}}
sidebar_class_name: "post api-method"
info_path: idn/api/beta/identitynow-beta-api
custom_edit_url: "https://github.com/sailpoint-oss/developer.sailpoint.com/issues/new?assignees=&labels=&template=bug-report.md&title=%5BBug%5D+Your+Bug+Report+Here Requesting changes to 'Create a Role' (create-role)"
---
import ApiTabs from "@theme/ApiTabs";
import MimeTabs from "@theme/MimeTabs";
import ParamsItem from "@theme/ParamsItem";
import ResponseSamples from "@theme/ResponseSamples";
import SchemaItem from "@theme/SchemaItem";
import SchemaTabs from "@theme/SchemaTabs";
import DiscriminatorTabs from "@theme/DiscriminatorTabs";
import TabItem from "@theme/TabItem";
## Create a Role
This API creates a Role.
There is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
<MimeTabs><TabItem label={"application/json"} value={"application/json-schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Request Body</strong><strong style={{"fontSize":"var(--ifm-code-font-size)","color":"var(--openapi-required)"}}> required</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} deprecated={undefined} schemaDescription={"The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={true} deprecated={undefined} schemaDescription={"The human-readable display name of the Role"} schemaName={"string"} qualifierMessage={"**Possible values:** `<= 128 characters`"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"description"} required={false} deprecated={undefined} schemaDescription={"A human-readable description of the Role"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>owner</strong><span style={{"opacity":"0.6"}}> object</span><strong style={{"fontSize":"var(--ifm-code-font-size)","color":"var(--openapi-required)"}}> required</strong></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
The owner of this object.
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCOUNT_CORRELATION_CONFIG`, `ACCESS_PROFILE`, `ACCESS_REQUEST_APPROVAL`, `ACCOUNT`, `APPLICATION`, `CAMPAIGN`, `CAMPAIGN_FILTER`, `CERTIFICATION`, `CLUSTER`, `CONNECTOR_SCHEMA`, `ENTITLEMENT`, `GOVERNANCE_GROUP`, `IDENTITY`, `IDENTITY_PROFILE`, `IDENTITY_REQUEST`, `LIFECYCLE_STATE`, `PASSWORD_POLICY`, `ROLE`, `RULE`, `SOD_POLICY`, `SOURCE`, `TAG`, `TAG_CATEGORY`, `TASK_RESULT`, `REPORT_RESULT`, `SOD_VIOLATION`, `ACCOUNT_ACTIVITY`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"id"} required={false} deprecated={undefined} schemaDescription={"Identity id"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} deprecated={undefined} schemaDescription={"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>accessProfiles</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} deprecated={undefined} schemaDescription={"ID of the Access Profile"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCESS_PROFILE`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} deprecated={undefined} schemaDescription={"Human-readable display name of the Access Profile. This field is ignored on input."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>membership</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed"} schemaName={"string"} qualifierMessage={"**Possible values:** [`STANDARD`, `IDENTITY_LIST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>criteria</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Defines STANDARD type Role membership
</div><SchemaItem collapsible={false} name={"operation"} required={false} deprecated={undefined} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
</div><SchemaItem collapsible={false} name={"type"} required={true} deprecated={undefined} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={true} deprecated={undefined} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} deprecated={undefined} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} deprecated={undefined} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
</div><SchemaItem collapsible={false} name={"operation"} required={false} deprecated={undefined} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
</div><SchemaItem collapsible={false} name={"type"} required={true} deprecated={undefined} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={true} deprecated={undefined} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} deprecated={undefined} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} deprecated={undefined} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
</div><SchemaItem collapsible={false} name={"operation"} required={false} deprecated={undefined} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
</div><SchemaItem collapsible={false} name={"type"} required={true} deprecated={undefined} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={true} deprecated={undefined} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} deprecated={undefined} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} deprecated={undefined} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>identities</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"An enumeration of the types of DTOs supported within the IdentityNow infrastructure."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCOUNT_CORRELATION_CONFIG`, `ACCESS_PROFILE`, `ACCESS_REQUEST_APPROVAL`, `ACCOUNT`, `APPLICATION`, `CAMPAIGN`, `CAMPAIGN_FILTER`, `CERTIFICATION`, `CLUSTER`, `CONNECTOR_SCHEMA`, `ENTITLEMENT`, `GOVERNANCE_GROUP`, `IDENTITY`, `IDENTITY_PROFILE`, `IDENTITY_REQUEST`, `LIFECYCLE_STATE`, `PASSWORD_POLICY`, `ROLE`, `RULE`, `SOD_POLICY`, `SOURCE`, `TAG`, `TAG_CATEGORY`, `TASK_RESULT`, `REPORT_RESULT`, `SOD_VIOLATION`, `ACCOUNT_ACTIVITY`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"id"} required={false} deprecated={undefined} schemaDescription={"Identity id"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} deprecated={undefined} schemaDescription={"Human-readable display name of the Identity."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"aliasName"} required={false} deprecated={undefined} schemaDescription={"User name of the Identity"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>legacyMembershipInfo</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.
</div></div></details></SchemaItem><SchemaItem collapsible={false} name={"enabled"} required={false} deprecated={undefined} schemaDescription={"Whether the Role is enabled or not."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={false} name={"requestable"} required={false} deprecated={undefined} schemaDescription={"Whether the Role can be the target of access requests."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>accessRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Access request configuration for this object
</div><SchemaItem collapsible={false} name={"commentsRequired"} required={false} deprecated={undefined} schemaDescription={"Whether the requester of the containing object must provide comments justifying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={false} name={"denialCommentsRequired"} required={false} deprecated={undefined} schemaDescription={"Whether an approver must provide comments when denying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
List describing the steps in approving the request
</div><SchemaItem collapsible={false} name={"approverType"} required={false} deprecated={undefined} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} deprecated={undefined} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>revocationRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Revocation request configuration for this object.
</div><SchemaItem collapsible={false} name={"commentsRequired"} required={false} deprecated={undefined} schemaDescription={"Whether the requester of the containing object must provide comments justifying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={false} name={"denialCommentsRequired"} required={false} deprecated={undefined} schemaDescription={"Whether an approver must provide comments when denying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
List describing the steps in approving the revocation request
</div><SchemaItem collapsible={false} name={"approverType"} required={false} deprecated={undefined} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`APP_OWNER`, `OWNER`, `SOURCE_OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} deprecated={undefined} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"segments"} required={false} deprecated={undefined} schemaDescription={"List of IDs of segments, if any, to which this Role is assigned."} schemaName={"string[]"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabItem></MimeTabs><div><ApiTabs><TabItem label={"201"} value={"201"}><div>
Role created
</div><div><MimeTabs schemaType={"response"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs><TabItem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} deprecated={undefined} schemaDescription={"The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} deprecated={undefined} schemaDescription={"The human-readable display name of the Role"} schemaName={"string"} qualifierMessage={"**Possible values:** `<= 128 characters`"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"created"} required={false} deprecated={undefined} schemaDescription={"Date the Role was created"} schemaName={"date-time"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"modified"} required={false} deprecated={undefined} schemaDescription={"Date the Role was last modified."} schemaName={"date-time"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"description"} required={false} deprecated={undefined} schemaDescription={"A human-readable description of the Role"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>owner</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
The owner of this object.
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCOUNT_CORRELATION_CONFIG`, `ACCESS_PROFILE`, `ACCESS_REQUEST_APPROVAL`, `ACCOUNT`, `APPLICATION`, `CAMPAIGN`, `CAMPAIGN_FILTER`, `CERTIFICATION`, `CLUSTER`, `CONNECTOR_SCHEMA`, `ENTITLEMENT`, `GOVERNANCE_GROUP`, `IDENTITY`, `IDENTITY_PROFILE`, `IDENTITY_REQUEST`, `LIFECYCLE_STATE`, `PASSWORD_POLICY`, `ROLE`, `RULE`, `SOD_POLICY`, `SOURCE`, `TAG`, `TAG_CATEGORY`, `TASK_RESULT`, `REPORT_RESULT`, `SOD_VIOLATION`, `ACCOUNT_ACTIVITY`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"id"} required={false} deprecated={undefined} schemaDescription={"Identity id"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} deprecated={undefined} schemaDescription={"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>accessProfiles</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} deprecated={undefined} schemaDescription={"ID of the Access Profile"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCESS_PROFILE`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} deprecated={undefined} schemaDescription={"Human-readable display name of the Access Profile. This field is ignored on input."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>membership</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:\n\nSTANDARD: Indicates that Role membership is defined in terms of a criteria expression\n\nIDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed"} schemaName={"string"} qualifierMessage={"**Possible values:** [`STANDARD`, `IDENTITY_LIST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>criteria</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Defines STANDARD type Role membership
</div><SchemaItem collapsible={false} name={"operation"} required={false} deprecated={undefined} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={false} deprecated={undefined} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} deprecated={undefined} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} deprecated={undefined} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
</div><SchemaItem collapsible={false} name={"operation"} required={false} deprecated={undefined} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={false} deprecated={undefined} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} deprecated={undefined} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} deprecated={undefined} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
</div><SchemaItem collapsible={false} name={"operation"} required={false} deprecated={undefined} schemaDescription={"An operation"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `STARTS_WITH`, `ENDS_WITH`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>key</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively."} schemaName={"string"} qualifierMessage={"**Possible values:** [`IDENTITY`, `ACCOUNT`, `ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"property"} required={false} deprecated={undefined} schemaDescription={"The name of the attribute or entitlement to which the associated criteria applies."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"sourceId"} required={false} deprecated={undefined} schemaDescription={"ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"stringValue"} required={false} deprecated={undefined} schemaDescription={"String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>identities</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.
</div><SchemaItem collapsible={false} name={"type"} required={false} deprecated={undefined} schemaDescription={"An enumeration of the types of DTOs supported within the IdentityNow infrastructure."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCOUNT_CORRELATION_CONFIG`, `ACCESS_PROFILE`, `ACCESS_REQUEST_APPROVAL`, `ACCOUNT`, `APPLICATION`, `CAMPAIGN`, `CAMPAIGN_FILTER`, `CERTIFICATION`, `CLUSTER`, `CONNECTOR_SCHEMA`, `ENTITLEMENT`, `GOVERNANCE_GROUP`, `IDENTITY`, `IDENTITY_PROFILE`, `IDENTITY_REQUEST`, `LIFECYCLE_STATE`, `PASSWORD_POLICY`, `ROLE`, `RULE`, `SOD_POLICY`, `SOURCE`, `TAG`, `TAG_CATEGORY`, `TASK_RESULT`, `REPORT_RESULT`, `SOD_VIOLATION`, `ACCOUNT_ACTIVITY`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"id"} required={false} deprecated={undefined} schemaDescription={"Identity id"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} deprecated={undefined} schemaDescription={"Human-readable display name of the Identity."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"aliasName"} required={false} deprecated={undefined} schemaDescription={"User name of the Identity"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>legacyMembershipInfo</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.
</div></div></details></SchemaItem><SchemaItem collapsible={false} name={"enabled"} required={false} deprecated={undefined} schemaDescription={"Whether the Role is enabled or not."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={false} name={"requestable"} required={false} deprecated={undefined} schemaDescription={"Whether the Role can be the target of access requests."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>accessRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Access request configuration for this object
</div><SchemaItem collapsible={false} name={"commentsRequired"} required={false} deprecated={undefined} schemaDescription={"Whether the requester of the containing object must provide comments justifying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={false} name={"denialCommentsRequired"} required={false} deprecated={undefined} schemaDescription={"Whether an approver must provide comments when denying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
List describing the steps in approving the request
</div><SchemaItem collapsible={false} name={"approverType"} required={false} deprecated={undefined} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Role\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} deprecated={undefined} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>revocationRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Revocation request configuration for this object.
</div><SchemaItem collapsible={false} name={"commentsRequired"} required={false} deprecated={undefined} schemaDescription={"Whether the requester of the containing object must provide comments justifying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={false} name={"denialCommentsRequired"} required={false} deprecated={undefined} schemaDescription={"Whether an approver must provide comments when denying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={false}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
List describing the steps in approving the revocation request
</div><SchemaItem collapsible={false} name={"approverType"} required={false} deprecated={undefined} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n**APP_OWNER**: The owner of the Application\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`APP_OWNER`, `OWNER`, `SOURCE_OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} deprecated={undefined} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"segments"} required={false} deprecated={undefined} schemaDescription={"List of IDs of segments, if any, to which this Role is assigned."} schemaName={"string[]"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabItem><TabItem label={"Example (from schema)"} value={"Example (from schema)"}><ResponseSamples responseExample={"{\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"name\": \"Role 2567\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"commentsRequired\": false,\n \"denialCommentsRequired\": false,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}"} language={"json"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"400"} value={"400"}><div>
Client Error - Returned if the request body is invalid.
</div><div><MimeTabs schemaType={"response"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs><TabItem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} deprecated={undefined} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} deprecated={undefined} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Generic localized reason for error
</div><SchemaItem collapsible={false} name={"locale"} required={false} deprecated={undefined} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} deprecated={undefined} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} deprecated={undefined} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
</div><SchemaItem collapsible={false} name={"locale"} required={false} deprecated={undefined} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} deprecated={undefined} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} deprecated={undefined} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabItem><TabItem label={"Example (from schema)"} value={"Example (from schema)"}><ResponseSamples responseExample={"{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}"} language={"json"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"401"} value={"401"}><div>
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
</div><div><MimeTabs schemaType={"response"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs><TabItem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"error"} required={false} deprecated={undefined} schemaDescription={"A message describing the error"} schemaName={""} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabItem><TabItem label={"Example (from schema)"} value={"Example (from schema)"}><ResponseSamples responseExample={"{\n \"error\": \"JWT validation failed: JWT is expired\"\n}"} language={"json"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"403"} value={"403"}><div>
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
</div><div><MimeTabs schemaType={"response"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs><TabItem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} deprecated={undefined} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} deprecated={undefined} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Generic localized reason for error
</div><SchemaItem collapsible={false} name={"locale"} required={false} deprecated={undefined} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} deprecated={undefined} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} deprecated={undefined} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
</div><SchemaItem collapsible={false} name={"locale"} required={false} deprecated={undefined} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} deprecated={undefined} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} deprecated={undefined} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabItem><TabItem label={"Example (from schema)"} value={"Example (from schema)"}><ResponseSamples responseExample={"{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}"} language={"json"}></ResponseSamples></TabItem><TabItem label={"403"} value={"403"}><p> An example of a 403 response object</p><ResponseSamples responseExample={"{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}"} language={"json"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"429"} value={"429"}><div>
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
</div><div><MimeTabs schemaType={"response"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs><TabItem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"message"} required={false} deprecated={undefined} schemaDescription={"A message describing the error"} schemaName={""} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabItem><TabItem label={"Example (from schema)"} value={"Example (from schema)"}><ResponseSamples responseExample={"{\n \"message\": \" Rate Limit Exceeded \"\n}"} language={"json"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"500"} value={"500"}><div>
Internal Server Error - Returned if there is an unexpected error.
</div><div><MimeTabs schemaType={"response"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs><TabItem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} deprecated={undefined} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} deprecated={undefined} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Generic localized reason for error
</div><SchemaItem collapsible={false} name={"locale"} required={false} deprecated={undefined} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} deprecated={undefined} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} deprecated={undefined} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
</div><SchemaItem collapsible={false} name={"locale"} required={false} deprecated={undefined} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} deprecated={undefined} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} deprecated={undefined} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabItem><TabItem label={"Example (from schema)"} value={"Example (from schema)"}><ResponseSamples responseExample={"{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}"} language={"json"}></ResponseSamples></TabItem><TabItem label={"500"} value={"500"}><p> An example of a 500 response object</p><ResponseSamples responseExample={"{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}"} language={"json"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem></ApiTabs></div>
Reference in New Issue View Git Blame Copy Permalink