Inquiry About Planned Updates for Roles API

Dear SailPoint Relations Team,

I hope this message finds you well.

I’m writing to inquire about any progress on the internal case related to the add/remove operations on the beta patch roles/access profiles endpoints, as mentioned in the last update by Luke Hagar in April 2023.
Are there any new developments or updates that you could share regarding this matter?

Thank you for your assistance.

Regards,
Jaewon

I have been using the v3 roles and access profiles apis for creating and updating the roles and access profiles recently.
I haven’t faced any issues. It is working perfectly

Hello @VasanthRam ,
Could you please advise on which API call to use for the following scenario?

  1. A role contains a list of 100 Access Profiles (APs).
  2. We have a customer request to remove 5 specific APs from this list.
  3. Instead of replacing the entire list of APs, we need to call an API to partially remove the specified APs (op:remove).
1 Like

Hi @jwshin
[patch-role | SailPoint Developer Community](Update Role)
The above api will help you to update a role.
You just need to mention what are all the accessprofiles to be retained in the role.
The configs will be replaced.
I think you dont have anything like a remove operation to remove an access profile from role.

Hi @VasanthRam

The API I am inquiring about pertains to functionalities within the patch-role API.

Let me rephrase my requirements:
Assume we have 100 roles, each containing different configurations of Access Profiles (APs).
If we need to remove a specific AP named “x” from all these roles using the patch roles API, how would you proceed?

Would you aggregate the AP lists from all roles, edit them to remove “x”, and then perform a bulk update?
Or would you call the API to remove “x” from each role individually?

I am interested in understanding your approach to this scenario.

1 Like

We have a bulk role importer script provided by the Sailpoint in the compass community. This post has all the details of that script. If you download that zip file from the compass community… you will find a ruby script inside that zip file with a readme document on how to use the script. You can make use of this script to make any bulk update on roles or access profiles in a more efficient and simple manner.

Regards
Vasanth Ram S J

2 Likes

I am very pleased to hear about the features you contributed to the bulk role importer. It seems like a significant portion of bulk update tasks can be accomplished now.

However, I would prefer to handle the given requirements more succinctly, and it is somewhat discouraging to think that we still have to compile the list of APs to maintain.

I believe that the index referencing for the remove operation in patch-roles needs further improvement.

Thank you for your kind response.

Regards,

1 Like

Thank you for your comments @jwshin
You can also write your own customised script to achieve this.
The input will be like the details of your tenant for authentication and the access profiles to be removed from the role in a json file which is a best practice. You can handle api calls in the script by getting the details of the role via api and modifying it by removing the access profiles you need from the input. And then converting it to a request body for the update roles api.If you need to do it for a bulk amount of roles then your input can be as a csv file which will contain the role details and the corresponding access profiles to be removed.
It can be any language to your comfort like python, powershell, ruby…etc.

Regards
Vasanth Ram S J