Adding membership in Role

Hello All,
I’m adding a new role using a POST with the beta /roles. Everything gets added, except for the membership, which always comes back as null.
I’m using the membership section:

    "membership": {
        "type": "STANDARD",
        "criteria": {
            "operation": "AND",
            "key": null,
            "stringValue": "",
            "children": [
                {
                    "operation": "CONTAINS",
                    "key": {
                        "type": "IDENTITY",
                        "property": "attribute.department",
                        "sourceId": ""
                    },
                    "stringValue": "Accounting",
                    "children": []
                }
            ]
        },
        "identities": null
    },

I also manually put in the membership in the UI, and did the GET /roles and pulled the membership section from that, and iI still get the same thing, the membership is NULL.

Am I doing something wrong? Do I have to do it in 2 steps, create the Role, and then PATCH the membership?

Thanks,
Chris

Hi @chrisp,

To further help us troubleshoot your issue, can you please provide the full request and response bodies?

Hi Colin,
Here’s the Request body:

{
    "name": "Test Sales Accounting",
    "description": "Test Sales Accounting.",
    "owner": {
        "type": "IDENTITY",
        "id": "2c918087774f411d01774fde19944ee6",
        "name": "Chris.Peterson"
    },
    "accessProfiles": [
        {
            "id": "2c9180827b3bd3d7017b4f5aaf152c66",
            "type": "ACCESS_PROFILE",
            "name": "Test Access Profile"
        }
    ],
    "membership": {
        "type": "STANDARD",
        "criteria": {
            "operation": "AND",
            "key": null,
            "stringValue": "",
            "children": [
                {
                    "operation": "CONTAINS",
                    "key": {
                        "type": "IDENTITY",
                        "property": "attribute.department",
                        "sourceId": ""
                    },
                    "stringValue": "Accounting",
                    "children": []
                }
            ]
        }
    },
    "legacyMembershipInfo": {},
    "enabled": true,
    "requestable": true,
    "accessRequestConfig": {
        "commentsRequired": false,
        "denialCommentsRequired": false,
        "approvalSchemes": []
    },
    "revocationRequestConfig": null,
    "segments": []
}

And the response body:

{
    "description": "Test Sales Accounting.",
    "owner": {
        "type": "IDENTITY",
        "id": "2c918087774f411d01774fde19944ee6",
        "name": "Chris.Peterson"
    },
    "accessProfiles": [
        {
            "type": "ACCESS_PROFILE",
            "id": "2c9180827b3bd3d7017b4f5aaf152c66",
            "name": "Test Access Profile"
        }
    ],
    "membership": null,
    "legacyMembershipInfo": null,
    "enabled": true,
    "requestable": true,
    "accessRequestConfig": {
        "commentsRequired": false,
        "denialCommentsRequired": false,
        "approvalSchemes": []
    },
    "revocationRequestConfig": {
        "commentsRequired": false,
        "denialCommentsRequired": false,
        "approvalSchemes": []
    },
    "segments": null,
    "id": "2c9180857b3bd3fe017b4f5b3a322d49",
    "name": "Test Sales Accounting",
    "created": "2021-08-16T14:26:23.923Z",
    "modified": null
}

This may be sort of moot, since I found the “IdentityNow Bulk AccessProfile and Role Importer”, Sign In to Compass - Compass
but I may still want to do that ‘manually’ at some point.

Thanks,
Chris

@chrisp,

Can you try setting legacyMembershipInfo to null in your request body? The empty braces {} aren’t valid and might be messing up your membership when submitting the request body. You should also be able to omit legacyMembershipInfo entirely if you don’t need it for your request. There was also a redeployment of the backend today that might have fixed your issue.

@colin_mckibben That was it. Thank you.