id: beta-iai-role-mining
title: IAIRoleMining
pagination_label: IAIRoleMining
sidebar_label: IAIRoleMining
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'IAIRoleMining', 'BetaIAIRoleMining']
slug: /tools/sdk/powershell/beta/methods/iai-role-mining
tags: ['SDK', 'Software Development Kit', 'IAIRoleMining', 'BetaIAIRoleMining']
IAIRoleMining
All URIs are relative to https://sailpoint.api.identitynow.com/beta
create-potential-role-provision-request
This method starts a job to provision a potential role
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Query |
MinEntitlementPopularity |
Int32 |
(optional) (default to 0) |
Minimum popularity required for an entitlement to be included in the provisioned role. |
| Query |
IncludeCommonAccess |
Boolean |
(optional) (default to $true) |
Boolean determining whether common access entitlements will be included in the provisioned role. |
| Body |
RoleMiningPotentialRoleProvisionRequest |
RoleMiningPotentialRoleProvisionRequest |
(optional) |
Required information to create a new role |
Return type
RoleMiningPotentialRoleSummary
Responses
| Code |
Description |
Data Type |
| 202 |
Accepted. Returns a potential role summary including the status of the provison request |
RoleMiningPotentialRoleSummary |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 404 |
Not Found - returned if the request URL refers to a resource or object that does not exist |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
[Back to top]
create-role-mining-sessions
This submits a create role mining session request to the role mining application.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Body |
RoleMiningSessionDto |
RoleMiningSessionDto |
True |
Role mining session parameters |
Return type
RoleMiningSessionResponse
Responses
| Code |
Description |
Data Type |
| 201 |
Submitted a role mining session request |
RoleMiningSessionResponse |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
[Back to top]
download-role-mining-potential-role-zip
This endpoint downloads a completed export of information for a potential role in a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Path |
ExportId |
String |
True |
The id of a previously run export job for this potential role |
Return type
System.IO.FileInfo
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role. |
System.IO.FileInfo |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/zip, application/json
Example
[Back to top]
export-role-mining-potential-role
This endpoint downloads all the information for a potential role in a role mining session. Includes identities and entitlements in the potential role.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
Return type
System.IO.FileInfo
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role. |
System.IO.FileInfo |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/zip, application/json
Example
[Back to top]
export-role-mining-potential-role-async
This endpoint uploads all the information for a potential role in a role mining session to S3 as a downloadable zip archive. Includes identities and entitlements in the potential role.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Body |
RoleMiningPotentialRoleExportRequest |
RoleMiningPotentialRoleExportRequest |
(optional) |
|
Return type
RoleMiningPotentialRoleExportResponse
Responses
| Code |
Description |
Data Type |
| 202 |
Job Submitted. Returns a reportId that can be used to download the zip once complete |
RoleMiningPotentialRoleExportResponse |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
[Back to top]
export-role-mining-potential-role-status
This endpoint retrieves information about the current status of a potential role export.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Path |
ExportId |
String |
True |
The id of a previously run export job for this potential role |
Return type
RoleMiningPotentialRoleExportResponse
Responses
| Code |
Description |
Data Type |
| 200 |
Success. Returns the current status of this export |
RoleMiningPotentialRoleExportResponse |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-all-potential-role-summaries
Returns all potential role summaries that match the query parameters
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Query |
Sorters |
String |
(optional) |
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdDate, identityCount, entitlementCount, freshness, quality |
| Query |
Filters |
String |
(optional) |
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: createdById: eq, sw, co createdByName: eq, sw, co description: sw, co endDate: le, lt freshness: eq, ge, gt, le, lt name: eq, sw, co, ge, gt, le, lt quality: eq, ge, gt, le, lt startDate: ge, gt saved: eq type: eq, ge, gt, le, lt scopingMethod: eq sessionState: eq identityAttribute: co |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleSummary[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns all potential role summaries that match the query parameters. |
RoleMiningPotentialRoleSummary[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-entitlement-distribution-potential-role
This method returns entitlement popularity distribution for a potential role in a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Query |
IncludeCommonAccess |
Boolean |
(optional) |
Boolean determining whether common access entitlements will be included or not |
Return type
System.Collections.Hashtable
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a map containing entitlement popularity distribution for a potential role. |
System.Collections.Hashtable |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-entitlements-potential-role
This method returns entitlements for a potential role in a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Query |
IncludeCommonAccess |
Boolean |
(optional) (default to $true) |
Boolean determining whether common access entitlements will be included or not |
| Query |
Sorters |
String |
(optional) |
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: popularity, entitlementName, applicationName The default sort is popularity in descending order. |
| Query |
Filters |
String |
(optional) |
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: sw entitlementRef.name: sw |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningEntitlement[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of entitlements for a potential role. |
RoleMiningEntitlement[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-excluded-entitlements-potential-role
This method returns excluded entitlements for a potential role in a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Query |
Sorters |
String |
(optional) |
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: popularity |
| Query |
Filters |
String |
(optional) |
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: sw entitlementRef.name: sw |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningEntitlement[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of excluded entitlements for a potential roles. |
RoleMiningEntitlement[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-identities-potential-role
This method returns identities for a potential role in a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Query |
Sorters |
String |
(optional) |
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: name |
| Query |
Filters |
String |
(optional) |
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: name: sw |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningIdentity[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of identities for a potential role. |
RoleMiningIdentity[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-potential-role
This method returns a specific potential role for a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
Return type
RoleMiningPotentialRole
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of potential roles for a role mining session. |
RoleMiningPotentialRole |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-potential-role-applications
This method returns the applications of a potential role for a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Query |
Filters |
String |
(optional) |
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: sw |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleApplication[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of potential roles for a role mining session. |
RoleMiningPotentialRoleApplication[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-potential-role-entitlements
This method returns the entitlements of a potential role for a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Query |
Filters |
String |
(optional) |
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: entitlementRef.name: sw |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleEntitlements[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns the entitlements of a potential role for a role mining session. |
RoleMiningPotentialRoleEntitlements[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-potential-role-source-identity-usage
This method returns source usageCount (as number of days in the last 90 days) for each identity in a potential role.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
PotentialRoleId |
String |
True |
A potential role id |
| Path |
SourceId |
String |
True |
A source id |
| Query |
Sorters |
String |
(optional) |
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: displayName, email, usageCount |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleSourceUsage[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of source usage for the identities in a potential role. |
RoleMiningPotentialRoleSourceUsage[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-potential-role-summaries
This method returns the potential role summaries for a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Query |
Sorters |
String |
(optional) |
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdDate |
| Query |
Filters |
String |
(optional) |
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: createdById: eq, sw, co createdByName: eq, sw, co description: sw, co endDate: le, lt freshness: eq, ge, gt, le, lt name: eq, sw, co quality: eq, ge, gt, le, lt startDate: ge, gt saved: eq type: eq |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleSummary[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of potential role summaries for a role mining session. |
RoleMiningPotentialRoleSummary[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-role-mining-potential-role
This method returns a specific potential role.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
PotentialRoleId |
String |
True |
A potential role id |
Return type
RoleMiningPotentialRole
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of potential roles for a role mining session. |
RoleMiningPotentialRole |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-role-mining-session
The method retrieves a role mining session.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id to be retrieved. |
Return type
RoleMiningSessionResponse
Responses
| Code |
Description |
Data Type |
| 200 |
Returns a role mining session |
RoleMiningSessionResponse |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 404 |
Not Found - returned if the request URL refers to a resource or object that does not exist |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-role-mining-session-status
This method returns a role mining session status for a customer.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
Return type
RoleMiningSessionStatus
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns session status |
RoleMiningSessionStatus |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-role-mining-sessions
Returns all role mining sessions that match the query parameters
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Query |
Filters |
String |
(optional) |
Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: saved: eq name: eq, sw |
| Query |
Sorters |
String |
(optional) |
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdBy, createdDate |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningSessionResponse[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns all role mining sessions that match the query parameters. |
RoleMiningSessionResponse[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
get-saved-potential-roles
This method returns all saved potential roles (draft roles).
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Query |
Sorters |
String |
(optional) |
Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: modified |
| Query |
Offset |
Int32 |
(optional) (default to 0) |
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query |
Limit |
Int32 |
(optional) (default to 250) |
Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query |
Count |
Boolean |
(optional) (default to $false) |
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningSessionDraftRoleDto[]
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns a list of draft roles for a role mining session. |
RoleMiningSessionDraftRoleDto[] |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
[Back to top]
patch-potential-role
This method updates an existing potential role using the role mining session id and the potential role summary id.
The following fields can be modified:
NOTE: All other fields cannot be modified.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
The potential role summary id |
| Body |
PatchPotentialRoleRequestInner |
[]PatchPotentialRoleRequestInner |
True |
|
Return type
SystemCollectionsHashtable
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns the potential role summary based on the potentialRoleId provided. |
SystemCollectionsHashtable |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 404 |
Not Found - returned if the request URL refers to a resource or object that does not exist |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: application/json-patch+json
- Accept: application/json
Example
[Back to top]
patch-role-mining-potential-role
This method updates an existing potential role.
The following fields can be modified:
NOTE: All other fields cannot be modified.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
PotentialRoleId |
String |
True |
The potential role summary id |
| Body |
PatchPotentialRoleRequestInner |
[]PatchPotentialRoleRequestInner |
True |
|
Return type
SystemCollectionsHashtable
Responses
| Code |
Description |
Data Type |
| 200 |
Succeeded. Returns the potential role summary based on the potentialRoleId provided. |
SystemCollectionsHashtable |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 404 |
Not Found - returned if the request URL refers to a resource or object that does not exist |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: application/json-patch+json
- Accept: application/json
Example
[Back to top]
patch-role-mining-session
The method updates an existing role mining session using PATCH. Supports op in {"replace"} and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id to be patched |
| Body |
JsonPatchOperation |
[]JsonPatchOperation |
True |
Replace pruneThreshold and/or minNumIdentitiesInPotentialRole in role mining session. Update saved status or saved name for a role mining session. |
Return type
SystemCollectionsHashtable
Responses
| Code |
Description |
Data Type |
| 202 |
Accepted - Returned if the request was successfully accepted into the system. |
SystemCollectionsHashtable |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 404 |
Not Found - returned if the request URL refers to a resource or object that does not exist |
ErrorResponseDto |
| 429 |
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. |
ListAccessModelMetadataAttribute429Response |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: application/json-patch+json
- Accept: application/json
Example
[Back to top]
update-entitlements-potential-role
This endpoint adds or removes entitlements from an exclusion list for a potential role.
Parameters
| Param Type |
Name |
Data Type |
Required |
Description |
| Path |
SessionId |
String |
True |
The role mining session id |
| Path |
PotentialRoleId |
String |
True |
A potential role id in a role mining session |
| Body |
RoleMiningPotentialRoleEditEntitlements |
RoleMiningPotentialRoleEditEntitlements |
True |
Role mining session parameters |
Return type
RoleMiningPotentialRole
Responses
| Code |
Description |
Data Type |
| 201 |
Adds or removes entitlements from a potential role's entitlement exclusion list. |
RoleMiningPotentialRole |
| 400 |
Client Error - Returned if the request body is invalid. |
ErrorResponseDto |
| 401 |
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. |
ListAccessModelMetadataAttribute401Response |
| 403 |
Forbidden - Returned if the user you are running as, doesn't have access to this end-point. |
ErrorResponseDto |
| 500 |
Internal Server Error - Returned if there is an unexpected error. |
ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
[Back to top]
