PATCH-role API not working to change roles en masse

I have about 130 roles I wish to add an entitlement to. They all have a common term in their name, so I used a powershell script to filter out all the appropriate roles and their ID numbers.
After that, my plan was to use the PATCH role Beta API call (patch-role | SailPoint Developer Community) to add the entitlement. I wanted to test in sandbox first so I attempted it with 3 role ID’s, and upon failing with 1 role ID, which failed again.

I believe my Params were correct:

{3E2B4FC5-F79D-4119-B356-09B6AC56DB2F}540×302 17 KB

I assume my mistake is somewhere in the JSON where I am attempting to define the addition of the entitlement:

{E759AC49-57E8-4682-BEE4-F31F32076FD9}1484×446 35.3 KB

I am trying to carefully follow the documentation, but I feel like this must be where I am messing up, unless there is something else I am missing.

Here is the JSON in text incase you wish to copy and paste to evaluate: [

  {
    "op": "add",
    "path": "/ENTITLEMENTS",
    "value": "New entitlement"
  },
  {
    "entitlements": [
      {
        "id": "42b76fd73fd74badb9549717a2cb0637",
        "type": "ENTITLEMENT",
        "name": "GROUP - Group Sales"
      }
    ]
  }
]

Any help would be appreciated as I am not looking forward to doing large manual edits like this if it can be avoided.

Hello Jared,
Please follow below screenshot and adjust your request body.

image1302×508 47 KB

Please let me know.
Santosh

Also try updating one entitlement for a single role first to check if it works.

Hi Santosh,
I edited the JSON to reflect what you sent me but I got the same response:

{A61E1DB5-DF23-49F2-A7D0-6F58E20A8F23}1469×453 31.9 KB

{E815FDA9-ADB8-4EA0-8E18-CE718B9665FE}716×264 15 KB

I made sure all the entitlements and roles involves are enabled. Are there any other configurations for the roles and entitlement I need ot worry about?

Hey,
Can you check the below configurations in your PATCH operation?

Headers:
Content-Type: application/json-patch+json

Body:

[
  {
    "op": "add",
    "path": "/entitlements/-",
    "value": {
      "id": "63b09cba8bce4f079b3a1b3f00b32bc23",
      "type": "ENTITLEMENT"
    }
  },
  {
    "op": "add",
    "path": "/entitlements/-",
    "value": {
      "id": "9a9e9946d79344388884f26763ce2qc4",
      "type": "ENTITLEMENT"
    }
  }
]

Hi Suresh,
I was able to add the “Content-Type application/json-patch+json” to my headers and now the call appears to return a 200 OK code, but when I check the role the entitlement does not appear to have been added.

{BCB4E14F-3DEF-4B81-9766-8172D35B903A}1252×780 71.1 KB

Where was I supposed to add the body change you suggested:

{9E390195-117C-4B3E-9CA0-8B91DA2562E6}504×444 19.1 KB

I am only adding one entitlement to these roles, here is my current body below:

{77FBDF22-1674-4611-9A4F-B5C1FC304FCC}424×284 8.47 KB

I feel like we’re getting close, thank you for your help!

Hello Jared,

It did work for single entitlement?
Are you trying to add same entitlement to 3 different roles?

Thanks,
Santosh

I can see the entitlement got added in your response. But not sure whether that is something added earlier.

image1252×780 71.3 KB

Can you double check whether the Role name and the entitlements added are matching?

Are you trying to add an entitlement to multiple Roles in a single PATCH call?

That is the current entitlement associated with that role. It did not add the new entitlement:

{4BD944AC-3D42-4C6F-9EA5-294217B7CFB9}1281×367 22.9 KB

It did not work for a single entitlement. It is showing 200 OK but the new entitlement hasn’t been added for some reason.

{181C6861-45DB-4894-B20D-6F6D4FECA9B3}1236×508 33.6 KB

I accidentally copied in the Source ID from the entitlements json object…I’m stupid. I didn’t realize the entitlement ID was at the bottom. It appears to be working now. I’ve only tested with one role though.

I doubt it earlier hence asked you to double check the Role and entitlement details. Glad it works for you.

Thanks so much. I appear to have hit another issue though. I am using “Bulk Edits” in the path variables (Params) fields to input the roles I want to edit, but it’s only editing the last listed role:

{43BAE58E-914F-4F98-80AE-1CD99C6D456B}463×367 11.1 KB

Am I inputting the role ids wrong?

My understanding is that PATCH a specific role API will apply to an ID not to multiple IDs, that is the reason the API considering only the last ID and updating it from your bulk path param list. So, you need to set the path param dynamically to get the Role IDs and execute the PATCH operation for each role by using pre-request scripts. You can get the Postman documentation by searching “set-path-param-dymanically” and mostly it will be a few lines of code.

Thank you Suresh, that’s what the documentation makes it sound like too. You’ve been super helpful! I will look into the dynamic path parameters. A coworker advised me to try a powershell script to make the api calls and loop through the ID numbers from a CSV file. I will keep playing around until I figure it out.

Hello Jared,
I would suggest using Bulk Role Importer tool If you want to add entitlements to 130 Roles.
Please let me know if you have any questions.

Thanks

Sandeep

Hey Sandeep,
I am looking over the documentation and it doesn’t seem very clear for someone at my skill level. I could probably figure it out if I spent a few days on it, but I think I will do them one at a time via API calls for now. I am always practicing my coding, but I’m not too familiar with Ruby and kind of a beginner. I look forward to trying this out in the future though.

Thanks for your input and making me aware of the bulk role editor!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.