API Patch Role - Entitlements

RNewton · July 16, 2024, 6:06pm

Is it possible to patch entitlements to a role? patch-role | SailPoint Developer Community doesn’t list entitlements as a patchable field, but it and the beta version both note that entitlements can be seen in the response, suggesting it might just be a documentation issue.

If it is supported, here’s what I"m passing:

Header
Key Value

Content-Type application/json-patch+json
Accept application/json
Authorization Bearer xyz

Body

{
    "path":  "/entitlements",
    "op":  "add",
    "value":  [
                  {
                      "id":  "2c91808677bb34ce0177bef124090a93",
                      "type":  "ENTITLEMENT"
                  },
                  {
                      "id":  "2c918087771b663c01773a99aa5f2199",
                      "type":  "ENTITLEMENT"
                  },
                  {
                      "id":  "2c918087771b663c01773a9956ca1f9a",
                      "type":  "ENTITLEMENT"
                  }
              ]
}

and my error

Invoke-RestMethod : {"messages":[{"localeOrigin":"REQUEST","locale":"en-US","text":"The request could not be parsed."},{"localeOrigin":"DEFAULT","locale":"en-US","text":"The request could not 
be parsed."}],"trackingId":"dd5a6794e4414b1bbc541293399b7107","detailCode":"400.0 Bad request syntax"}

bcariaga · July 16, 2024, 6:18pm

I’m not sure if this field is supported as you mentioned from the documentation. In the body of your request, you must have the body begin as an array:

[
    {
        "path": "/entitlements",
        "op": "add",
        "value": [
            {
                "id": "2c91808677bb34ce0177bef124090a93",
                "type": "ENTITLEMENT"
            },
            {
                "id": "2c918087771b663c01773a99aa5f2199",
                "type": "ENTITLEMENT"
            },
            {
                "id": "2c918087771b663c01773a9956ca1f9a",
                "type": "ENTITLEMENT"
            }
        ]
    }
]

RNewton · July 16, 2024, 6:47pm

Trying to rule out false positives by patching access profiles and still having issues with this body.

{
“path”: “/accessProfiles”,
“op”: “add”,
“value”: [
{
“id”: “8815f51aa6b948d78be739ac428a73d7”,
“type”: “ACCESS_PROFILE”
}
]
}

URL: https://tenant.api.identitynow.com/beta/roles/14fa44ed9fa5498f85541c58774251ef

Invoke-RestMethod : {“messages”:[{“localeOrigin”:“DEFAULT”,“locale”:“en-US”,“text”:“The request could not be parsed.”},{“localeOrigin”:“REQUEST”,“locale”:“en-US”,“text”:“The request could not
be parsed.”}],“trackingId”:“dee22dcd3c6649268da3d2a196ff00fb”,“detailCode”:“400.0 Bad request syntax”}
At line:1 char:15

… $response = Invoke-RestMethod $url -Method ‘PATCH’ -Headers $headers

Any thoughts on what could be happening? Wrapped the value in an array like you pointed out but same issue pretty much.

WyssAJ01 · July 16, 2024, 7:29pm

Hi Russell, you might try adding the name of the access profile to your patch call as the object is incomplete.

{
	"id": "adace7fcee444aa282f5f17db9a53994",
	"type": "ACCESS_PROFILE",
	"name": "Telecom System Access"
}

bcariaga · July 16, 2024, 9:05pm

Thanks, @WyssAJ01 - That seemed to allow the requests to go through on my end. Some APIs don’t require name, but good to know that this one does.

I was able to get this to work for entitlements with this body:

[
    {
        "op": "add",
        "path": "/entitlements",
        "value": [
            {
                "id": "3831fe1f9e74476085bdd2be65c6af60",
                "type": "ENTITLEMENT",
                "name": "AccountingGeneral"
            }
        ]
    }
]

The operation seems to work as a replace instead of an add though.

neeraj99 · July 17, 2024, 11:11am

Hey @RNewton, So the main reason for request failing is missing “[]”
So the body should be sent as mentioned below, the main reason you are getting that error is due to missing opening and closing square brackets “[]”:
See the below attached image and highlighted part in order to successfully add the Access profile/entitlement

[
    {
        "path": "/accessProfiles",
        "op": "add",
        "value": [
            {
                "id": "ca7a66e5dd524836b25eef82ebbdb196",
                "type": "ACCESS_PROFILE"
            }
        ]
    }
]

Hope this helps…

RNewton · July 17, 2024, 5:08pm

Thank you all so much. Wrapping the value into brackets was the answer I needed, and indeed you can patch through entitlements.

Sailpoint admins - if you’re looking, may want to update the documentation to explicitly note that.

TJ21 · July 17, 2024, 7:37pm

Worked for me .

Thank You

system · September 15, 2024, 7:37pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Inquiry About Planned Updates for Roles API ISC Discussion and Questions apis , identity-security-cloud , roles , access-profiles	8	195	August 2, 2024
PATCH null value for role attributes failing Bugs	0	24	November 1, 2024
Adding Entitlements flow in Web Service Connector ISC Discussion and Questions webservice-connector , identity-security-cloud , provisioning , entitlements	4	140	July 29, 2024
Sailpoint Beta API add user to role request body ISC Discussion and Questions	5	1308	July 19, 2023
Patch access profile "requestable" field ISC Discussion and Questions	8	1897	July 19, 2023

API Patch Role - Entitlements

Related topics