List entitlements for an application similar to "Add Access" under "Manage Access" UI

We are trying to accomplish below API requirement:

User should be able to select entitlements that has to be granted to the Account. These select lists should be laundry of entitlements available in an application and should not include the one’s already assigned to the Account.

Below SCIM API lists laundry list of Entitlements in an application

https://{{master}}:12105/identityiq/scim/v2/Entitlements?filter=application.displayName eq "IBM DB2 Database Server"

Below SCIM API lists entitlements assigned to a User

https://{{master}}:12105/identityiq/scim/v2/Accounts?filter=identity.userName eq "1605124" and application.displayName eq "IBM DB2 Database Server"

We are looking for a way to remove already assigned entitlements from select list of entitlements available for a request for a user.

Thanks in advance

I don’t think there is a single API call that could achieve this, you’d probably need to do some post-call processing in your application to calculate/build the set difference.

Another thing to consider - just because an entitlement is listed on an application, and the user doesn’t have it assigned to them - does not mean that the user should be able to request that time. For some customers, they may have additional rules that filter out what is request-able for a user based on their profile/attributes. Others may want to limit the number of entitlements that are request-able outside of an RBAC model - preferring for users to request business level roles over individual entitlements.