Hey guys,
I was wondering if there’s a way to form a query to search and retrieve all Access Profiles in our tenant. As far as I’m aware it’s only possible to search access profiles for a specific source for example:
source.name:"Active Directory"
I need to fetch all access profiles first in order to filter out certain access for a certification campaign that is generated via a query inside of a HTTP request.
All help appreciated,
Thanks
Seb
Filter for Access Profiles and use a simple * as your query
Thanks, as the query needs to be in a API call I can’t simply filter for access profiles only. source.name:* works to fetch everything but I need to filter to just access-profiles inside of the query itself somehow.
I think I managed to work it out…
A query like:
source.name:* AND NOT "Birthright*"
This seems to work inside of the API call to filter out access that has a name that starts with Birthright, however. It doesn’t feel like the best solution however, seeing as naming needs to be perfect.
You can… by using "indices": ["accessprofiles"] that will return only Access Profiles in the result
{
"indices": ["accessprofiles"],
"query": {
"query": "*"
},
"sort": ["+id"],
"queryResultFilter":
{
"includes": [ ]
}
}
Aha!
{
"autoRevokeAllowed": false,
"description": "API Based Cert Campaign",
"emailNotificationEnabled": true,
"name": "Automated Certification",
"recommendationsEnabled": true,
"searchCampaignInfo": {
"identityIds": [
"{{$.trigger.identity.id}}"
],
"indices": ["accessprofiles"],
"query": "NOT \"Birthright*\"",
"reviewer": {
"id": "{{$.getIdentity.managerRef.id}}",
"type": "IDENTITY"
},
"type": "ACCESS"
},
"type": "SEARCH"
}
Do you think this could work?
I am not sure about identityIds, reviewer, type these objects being in the search body… Haven’t tried them before.
Rest looks okay to me
Thanks a lot!
Do you think it’s possible to somehow “flag” certain roles and/or access profiles in IDN and then exclude the flag keyword in the query?
Run a Search that will fetch the Roles/Access Profiles you want to “tag” and then using the checkboxes on the left of each record select the items (or select all). Now, by clicking the small label icon on the right top of the results table you can add any keyword you want to use for future search using the query tags:keyword
Thank you, this is probably the best way 
Is it possible to add roles to indices as well? Like so:
"indices" : ["accessprofiles,roles"]
Format will be like this:
["accessprofiles", "accountactivities", "identities", "entitlements", roles", "events"]
This code seems to be working for us now 
Just fetching access profiles and roles and excluding the access that we have tagged as “BAS”.
{
"autoRevokeAllowed": false,
"description": "API Based Cert Campaign",
"emailNotificationEnabled": true,
"name": "Automated Certification",
"recommendationsEnabled": true,
"searchCampaignInfo": {
"identityIds": [
"1337"
],
"indices": ["accessprofiles,roles"],
"query": "NOT tags:BAS",
"reviewer": {
"id": "42069",
"type": "IDENTITY"
},
"type": "ACCESS"
},
"type": "SEARCH"
}
Thanks for all the help and the fast responses Nitesh!
All the best,
Seb
you can use the sp-config API to export all access_profiles
But even better - you can find information here about Configuration Hub which will be Generally Available on 9/4
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.