We have entitlements and access profiles that include the plus symbol (+), these are being aggregated without any issues, but when using the v3 Access Profiles or Entitlements API to list we are not able to filter on the exact name of these resources. Example query:
Ideally there’d be a way to filter to these resources with some kind of encoding, but I haven’t been able to find any that works for me.
When reaching out to support on this I was pointed to this article discussing errors when aggregating entitlements:
This isn’t the issue that we’re facing, but does seem to point to an underlying issue if there have been problems in the past when handling entitlements with special characters.
not 100% sure if the elastic query is the same query can be used in the API query parameter. but maybe you can give it a try? Or otherwise, I believe at least you can use it with Search Post API search-post | SailPoint Developer Community to achieve sam goal.
Thanks for that information, I had tried using wildcards and regexes but hadn’t tried with the slashes they talk about there. Unfortunately it still didn’t make a difference for the filter function, I think it must just be a search feature.
We would use the search API but unfortunately the access profile owner information doesn’t come back from the search queries, and we need that for the integration we’re using. I’ve tried adding in owner as a field in search:
But that doesn’t work, have also tried owner.email or owner.id, but not been able to get anything back on this. The only alternative I can think of would be to use search to get the entitlement and access profile IDs, and then use the direct APIs to get the data, but that’s doubling the number of API calls we have to do so not ideal, the work we’re doing is to try and reduce the time needed for some of our automation, so this would go against the overall goal.
Thanks for the update Colin, good to know this is being looked at! When was the ticket opened? Do you have any idea on some kind of ETA for this kind of thing? (is this something that might be open for months or more like days or weeks?)
Engineering has opted to document this limitation in the API spec for the time being. The issue is in the underlying service that handles these filters, and this service is due to be upgraded at the end of the year. This may fix the issue, but for the time being engineering is not going to prioritize this.
We have the same issue there, we need to add entitlements to Access Profile and we cannot do it through the UI because of this plus symbol in the entitlement.
Yeah that makes sense if it’s the source that has the problem, unfortunately for us it’s entitlements, so much harder to get them all changed in the different systems.
@colin_mckibben you mentioned that the underlying service for the filters was upgraded at the end of last year, it doesn’t look like this has resolved the issue. What’s the status of the ticket now?