Patch Role Python SDK

Bhekamandla · January 14, 2026, 12:30pm

Hi community,

I need assistance with patching a role using the Python SDK.

Below is my code showing how I have created JsonPatchOperation.

## Approach 1
approvers = [
        ArrayInner(approver_type="GOVERNANCE_GROUP", approver_id="redacted"),
        ArrayInner(approver_type="MANAGER", approver_id=""),
    ]

    json_patch_operations = [
        JsonPatchOperation(
            op="replace",
            path="/accessRequestConfig/approvalSchemes",
            value=UpdateMultiHostSourcesRequestInnerValue(approvers)
        )
    ]

## Approach 2    
json_patch_operations = [
        JsonPatchOperation.from_dict({
            "op": "replace",
            "path": "/accessRequestConfig/approvalSchemes",
            "value": [
                {
                    "approverType": "GOVERNANCE_GROUP",
                    "approverId": "redacted"
                },
                {
                    "approverType": "MANAGER",
                    "approverId": None
                }
            ]
        })
    ]

try:
                with sailpoint.v2025.ApiClient(configuration) as api_client:
                    roles_api = sailpoint.v2025.RolesApi(api_client)
                    roles_api.patch_role(id=access.id, json_patch_operation=json_patch_operations)

            except Exception as e:
                print(f"Error updating access '{access.id}': {e}")

Both approach 1 and approach 2 are returning the same exception, “‘NoneType’ object has no attribute ‘items’. ‘The role is currently enabled and requestable with the approvalSchemes currently null.

Can anyone please suggest a resolution to this or a different way of changing the approval schemes.

Regards,
Bhekamandlenkosi

kevisoliveira · January 14, 2026, 7:35pm

Hi, @Bhekamandla.

Welcome back.

Silly question here, what if you change the “op” from “replace” to “add”?

If “approvalSchemes” is currently null, replace may fail because the field doesn’t exist yet.

lampard08 · January 15, 2026, 12:49am

try to print you payload and see how its being transformed.

in you 2nd approach, just change the "approverId": None to "approverId": ““

below payload worked for me and you are fine with using replace op :

{

        "op": "replace",

        "path": "/accessRequestConfig/approvalSchemes",

        "value": [

            {

                "approverType": "GOVERNANCE_GROUP",

                "approverId": "111xxxx-xxxx-yyyy-1111-123651100000"

            },

            {

                "approverType": "MANAGER",

                "approverId": ""

            }

        ]

    }

Topic		Replies	Views
API Patch Role - Semantically Invalid ISC Discussion and Questions apis , identity-security-cloud , roles	23	231	June 29, 2025
Patch Role via Beta API ISC Discussion and Questions	17	3866	July 19, 2023
API Patch Role - Entitlements ISC Discussion and Questions apis , identity-security-cloud , roles , entitlements	8	181	September 15, 2024
Update Identity Roles ISC Discussion and Questions apis , identity-security-cloud	6	351	August 3, 2024
Patch Source App with Python SDK ISC Discussion and Questions apis , identity-security-cloud	2	46	August 11, 2025

Patch Role Python SDK

Related topics