Try the replace
action to entirely replace the contents of provisioningCriteria
. For example, I have the following access profile:
{
"description": "Access to employees",
"enabled": true,
"requestable": true,
"owner": {
"type": "IDENTITY",
"id": "2c9180867624cbd7017642d8c8c81f67",
"name": "colin.mckibben"
},
"source": {
"type": "SOURCE",
"id": "2c9180887671ff8c01767b4671fb7d5e",
"name": "Employees"
},
"entitlements": [
{
"type": "ENTITLEMENT",
"id": "2c9180877677453d01767b4b08f63386",
"name": "DevRel"
}
],
"accessRequestConfig": {
"commentsRequired": false,
"denialCommentsRequired": false,
"approvalSchemes": []
},
"revocationRequestConfig": {
"commentsRequired": false,
"denialCommentsRequired": false,
"approvalSchemes": []
},
"segments": [],
"provisioningCriteria": {
"operation": "AND",
"attribute": null,
"value": null,
"children": [
{
"operation": "OR",
"attribute": null,
"value": null,
"children": [
{
"operation": "EQUALS",
"attribute": "name",
"value": "phil",
"children": null
}
]
}
]
},
"id": "2c91808a7643763f01767b59d9d907cf",
"name": "Employee Source",
"created": "2020-12-19T14:14:14.746Z",
"modified": "2022-06-21T18:38:52.583Z"
}
To update the provisioningCriteria
to add another child, I use the following PATCH body:
[
{
"op": "replace",
"path": "/provisioningCriteria",
"value": {
"operation": "AND",
"attribute": null,
"value": null,
"children": [
{
"operation": "OR",
"attribute": null,
"value": null,
"children": [
{
"operation": "EQUALS",
"attribute": "name",
"value": "phil",
"children": null
},
{
"operation": "CONTAINS",
"attribute": "e-mail",
"value": "sailpoint.com",
"children": null
}
]
}
]
}
}
]
And now my AP has another criteria: