API call or search query to retrieve the list of identities in a Role

Shanmukh · August 16, 2021, 8:40am

Hi Team,

Greetings of the Day!!

We have a requirement where we can retrieve the list of identities in a role or roles and the entitlements that are being provisioned by those roles to the identities that are part of those roles.

Requesting your valuable insights on this.

Thank you.

Regards,
Gali Shanmukh Chandra

lisa_ivy · August 16, 2021, 1:16pm

Hi Gali,

You will want to use the v3/search API to find this data. Search | SailPoint Developer Community

You’ll execute the POST (api-url)/v3/search call with a few different bodies to get this data. First, execute the call to get the list of identities in the role (replace name_of_role with the role’s name):

{
  "indices": [
    "identities"
  ],
  "query": {
    "query": "@access(type:ROLE AND name:\"name_of_role\")"
  },
  "sort": ["name"],
  "queryResultFilter": {
      "includes": ["*"]
  }
}

Then you can execute the call to see which access profiles are included in the role:

{
  "indices": [
    "roles"
  ],
  "query": {
    "query": "name:\"name_of_role\""
  },
  "sort": ["name"],
  "queryResultFilter": {
      "includes": ["name","accessProfiles.name"]
  }
}

Use the access profile names that were returned to search for the entitlements within each of the access profiles:

{
  "indices": [
    "accessprofiles"
  ],
  "query": {
    "query": "name:\"name_of_access_profile\""
  },
  "sort": ["name"],
  "queryResultFilter": {
      "includes": ["name","entitlements.value"]
  }
}

Thanks,
Lisa Ivy

Shanmukh · August 16, 2021, 1:39pm

Hi Lisa,

Thanks for your quick reply. The first API call will help us a lot for our requirement. Although, we are retrieving list of identities which are part of roles that contains some common name. For example, @access(type:Role AND name:"*ABCD*"). This query will return some set of identities. Now our requirement is to fetch the entitlements from a particular source for these set of identities.

Requesting you to please provide your valuable feedback on this.

Thank you.

Regards,
Gali Shanmukh Chandra.

lisa_ivy · August 16, 2021, 1:59pm

You can see the entitlements associated with each identity in the data that’s returned back from the first call. In the queryResultFilter here, I selected a few fields that help show those details:


{
  "indices": [
    "identities"
  ],
  "query": {
    "query": "@access(type:ROLE AND name:\"name_of_role\")"
  },
  "sort": ["name"],
  "queryResultFilter": {
      "includes": ["name","firstName","lastName","attributes.uid","access.source.name","access.value"]
  }
}

Shanmukh · August 30, 2021, 2:35pm

Hi Lisa,

Hope you are doing well.

Thanks for this API body. This has helped us a lot to fulfill our requirement.

Thank you very much for your assistance.

Regards,
Shanmukh Gali.

Topic		Replies	Views
Search query in Identitynow ISC Discussion and Questions	3	1271	July 19, 2023
How to list all identities that have Access Profile assigned ISC Discussion and Questions apis , identity-security-cloud	5	1221	July 19, 2023
Find identity and all Access Profiles assigned to it ISC Discussion and Questions identity-security-cloud	2	298	July 19, 2023
SailPoint API - Retrieving Identities with SailPoint's Admin Role ISC Discussion and Questions apis , identity-security-cloud , roles	8	639	August 8, 2023
API call search query to retrieve created accounts ATTRIBUTE REQUESTS ISC Discussion and Questions apis	5	409	July 19, 2023

API call or search query to retrieve the list of identities in a Role

Thank you.

Thank you.

Related Topics