PATCH entitlements not working

Seems that the “Patch” is not working. We have an AD source that has the full descriptions and display names maintained by an external application. We attempted to use the “Patch” using PostMan to identify what elements needed to be represented and to test the actual update process.

Each time that we attempted to use the “Patch” through PostMan, we received the error, “RESTEASY003650: No resource method found for PATCH, return 405 with Allow header” - we updated the API’s, had others try, to no avail.

Our second choice was to use the upload method in the Entitlements UI… this also proved itself with limitations. Subsequently, I put in a Support Case, and received the following:

Okay, so I have done some research into large file uploads and have some details to report. To answer your initial question ‘Is this a known limitation and/or is there any method to fix this limitation?’, while there is not a hard-and-fast file size limit to flat file processing by IDN, depending on what is being updated folks can often run into issues like what you are experiencing. There is an effort logged with the Engineering team to increase throughput and standardize this process but I don’t have a specific timeline that you can expect updates to processing on. At the moment, the API is probably the best bet for making the kind of changes you need, on the scale that you need. You can of course also break the CSV down into more manageable chunks, but if need to update these descriptions regularly you should consider interfacing with our API.

Has the “Patch” been deprecated or are there other methods? The source that we are working with has nearly 50k entitlements… to break this down into individual records would take days to upload.

Welcome to the developer community Bruce.

I have verified in my tenant that PATCH /beta/entitlements/{id} works. The most likely reason for the 405 error you are seeing is because you haven’t set the Content-Type header to be application/json-patch+json. See the last header in the below screenshot for an example.

That was one of my first thoughts…

Here are my settings and the message returned:

Ok, i see the issue. It looks like our spec for PATCH entitlements is misleading. I have opened a ticket to get this fixed. [Bug] PATCH /beta/entitlement spec is missing critical information · Issue #110 · sailpoint-oss/ · GitHub

There’s two problems here. First, you need to specify the ID the of the entitlement you want to update in the path. For example: PATCH Double check that your baseUrl includes the beta, and that you also add the entitlement ID to the end.

The other issue is that you don’t have a request body specified. You need to have one that looks like this:

    "op": "replace",
    "path": "/privileged",
    "value": false

Please note that you can only update the following fields on an entitlement: requestable , privileged , segments

Here is my entitlement

Here are my parameters

Here is my body

With updated ID in the query:

Base URL:

Try putting the ID as a path parameter, not a query param. Ex.

The path is what I had originally set, looks like postman is not pulling the path parameters though:

yea, the postman collection is autogenerated from the spec. Because of that bug in the spec that I referenced above, this endpoint wasn’t generated properly. Ignore the path variables and try adding the ID directly in the url.

Different error this time

You can only modify requestable , privileged , and segments. Modifying the description is not allowed.

If you want to update the description, I believe you have to update the description on the source, and it will get updated on the next entitlement aggregation.

Thanks a bunch Colin! I saw that in the spec, but I also see the screen example below (you may want to update your bug to get that changed too):

1 Like