PATCH entitlements not working

Seems that the “Patch” is not working. We have an AD source that has the full descriptions and display names maintained by an external application. We attempted to use the “Patch” using PostMan to identify what elements needed to be represented and to test the actual update process.

Each time that we attempted to use the “Patch” through PostMan, we received the error, “RESTEASY003650: No resource method found for PATCH, return 405 with Allow header” - we updated the API’s, had others try, to no avail.

Our second choice was to use the upload method in the Entitlements UI… this also proved itself with limitations. Subsequently, I put in a Support Case, and received the following:

Okay, so I have done some research into large file uploads and have some details to report. To answer your initial question ‘Is this a known limitation and/or is there any method to fix this limitation?’, while there is not a hard-and-fast file size limit to flat file processing by IDN, depending on what is being updated folks can often run into issues like what you are experiencing. There is an effort logged with the Engineering team to increase throughput and standardize this process but I don’t have a specific timeline that you can expect updates to processing on. At the moment, the API is probably the best bet for making the kind of changes you need, on the scale that you need. You can of course also break the CSV down into more manageable chunks, but if need to update these descriptions regularly you should consider interfacing with our API.

Has the “Patch” been deprecated or are there other methods? The source that we are working with has nearly 50k entitlements… to break this down into individual records would take days to upload.

1 Like

Welcome to the developer community Bruce.

I have verified in my tenant that PATCH /beta/entitlements/{id} works. The most likely reason for the 405 error you are seeing is because you haven’t set the Content-Type header to be application/json-patch+json. See the last header in the below screenshot for an example.

That was one of my first thoughts…

Here are my settings and the message returned:

Ok, i see the issue. It looks like our spec for PATCH entitlements is misleading. I have opened a ticket to get this fixed. [Bug] PATCH /beta/entitlement spec is missing critical information · Issue #110 · sailpoint-oss/ · GitHub

There’s two problems here. First, you need to specify the ID the of the entitlement you want to update in the path. For example: PATCH Double check that your baseUrl includes the beta, and that you also add the entitlement ID to the end.

The other issue is that you don’t have a request body specified. You need to have one that looks like this:

    "op": "replace",
    "path": "/privileged",
    "value": false

Please note that you can only update the following fields on an entitlement: requestable , privileged , segments

Here is my entitlement

Here are my parameters

Here is my body

With updated ID in the query:

Base URL:

Try putting the ID as a path parameter, not a query param. Ex.

The path is what I had originally set, looks like postman is not pulling the path parameters though:

yea, the postman collection is autogenerated from the spec. Because of that bug in the spec that I referenced above, this endpoint wasn’t generated properly. Ignore the path variables and try adding the ID directly in the url.

Different error this time

You can only modify requestable , privileged , and segments. Modifying the description is not allowed.

If you want to update the description, I believe you have to update the description on the source, and it will get updated on the next entitlement aggregation.

Thanks a bunch Colin! I saw that in the spec, but I also see the screen example below (you may want to update your bug to get that changed too):

1 Like

I am running into issues in utilizing the powershell sdk to update entitlements. Ive tried this a number of different ways and I continue to recieve 400.1 errors. Any help or advice would be greatly appreciated.

Here is the sdk:

Patch a specified Entitlement

This API updates an existing Entitlement using JSON Patch syntax. The following fields are patchable: requestable, privileged, segments A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.


# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-Configuration
# Configure OAuth2 access token for authorization: oauth2
$Configuration.AccessToken = "YOUR_ACCESS_TOKEN"

# Configure OAuth2 access token for authorization: oauth2
$Configuration.AccessToken = "YOUR_ACCESS_TOKEN"

$Id = "2c91808a7813090a017814121e121518" # String | ID of the Entitlement to patch
$JsonPatchOperationValue = Initialize-JsonPatchOperationValue 
$JsonPatchOperation = Initialize-JsonPatchOperation -Op "add" -Path "/description" -Value $JsonPatchOperationValue # JsonPatchOperation[] |  (optional)

# Patch a specified Entitlement
try {
    $Result = Update-BetaEntitlement -Id $Id -JsonPatchOperation $JsonPatchOperation
} catch {
    Write-Host ("Exception occurred when calling Update-BetaEntitlement: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
    Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))


Name Type Description Notes
Id String ID of the Entitlement to patch
JsonPatchOperation JsonPatchOperation[] [optional]

Return type

Entitlement (PSCustomObject)

1 Like

Hey Austin,

Quick qualifying question: Are you using the official SailPoint Powershell SDK?

Hey @austin_alexander,

Welcome to the Developer Community!

The example docs that are generated don’t always show the best way of doing things within the SDK.

For patching entitlements you can create the patch object as a PowerShell object and pass it in that way.

I have an example of this in a script within the SDKs repository. powershell-sdk/patchEntitlement.ps1 at 0c0ce0a130bee785ae1b05362f643e1f61116871 · sailpoint-oss/powershell-sdk · GitHub

1 Like

@tyler_mairose Ive tried that multiple times and I keep getting 400 errors.


I forgot to ask what version of the SDK you are using?

This was a bug in a previous version of the SDK and no matter how you provided the object you would get a 400 error. It was fixed in version 1.0.3 of the SDK. PowerShell Gallery | PSSailpoint 1.0.3

1 Like

@tyler_mairose thanks for sharing the new version

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.