Patch Role via Beta API

Hello,

I am attempting to add a user to static role (membership determined by Identity List) by using the beta api endpoint - https://{$$.env.org}.api.identitynow.com/beta/roles/{id}. When forming the request body, what should the “path” (json pointer) be set to? Also, what should the “value” value be set to? I am currently setting it as a string, the user’s SailPoint UID that I want to add to the role. I am attempting the following but receiving the error “The request was syntactically correct but its content is semantically invalid”.

Body:

{

"op": "add",

"path": "/membership/4/0",

"value": "UserSailPointUID"

}

I believe my “path” is incorrect. I based it off the response when I “Get” the role.
Part of the Get role response:
{

"description": "xxx.",

"owner": {

    "type": "IDENTITY",

    "id": "xxx",

    "name": "xxx"

},

"accessProfiles": [],

"membership": {

    "type": "IDENTITY_LIST",

    "sourceId": null,

    "ruleId": null,

    "entitlementIds": [],

    "aliasList": [],

    "valueMap": [],

    "complexRoleCriterion": null

},

Any help would be greatly appreciated.

Thanks!

Nick

Hi Nick,

I believe the path should be:
/membership/aliasList/-

has information on the formatting.

Regards,
Tim

@tim_faehnle It didn’t work for me.

PATCH https://devrel.api.identitynow.com/beta/roles/{roleId}

{
“op”: “add”,
“path”: “/membership/aliasList/-”,
“value”: “2c9180867a83b343017a8b866e9f0657”
}

Please let us know if the above worked for you

@colin_mckibben @tim_faehnle

I also had no success with the following:

[
    {
        "op": "add",
        "path": "/membership/aliasList/-",
        "value": "useraccountid"
    }
]

Thanks, Colin and Nick. We’re looking into it. It looks like that is not working on our end right now. I’ll provide another update in a few days. Sorry for the difficulty. I appreciate your patience.

Regards,
Tim

I’m trying to add an access profile to a role.

[
{
“op”: “add”,
“path”: “/accessProfiles/-”,
“value”: {
“id”: “”
}
}
]

I’m getting this error.
Status: 405
{
“errorName”: “NotSupportedException”,
“errorMessage”: “RESTEASY003065: Cannot consume content type”,
“trackingId”: “b44f73dc91ce41a8b37921459aed0b1f”
}

Am I doing something wrong or is this related to the issue that the op had?

I think this is a different issue - JSON patch endpoints require a content-type of application/json-patch+json

Thanks Josh.

I’m using Postman.
Added a header: content-type: application/json-patch+json

This is the body
[
{
“op”: “add”,
“path”: “/accessProfiles/-”,
“value”: {
“id”: “<AP_ID>”
}
}
]

I get a new error now.

{
“detailCode”: “400.1 Bad request content”,
“trackingId”: “4c6c9a9e38594e9c81d5e0dec66d617d”,
“messages”: [
{
“locale”: “en-US”,
“localeOrigin”: “DEFAULT”,
“text”: “The request was syntactically correct but its content is semantically invalid.”
}
]
}

I tried adding in value name, typr and id but the same error comes up.
What am I doing wrong?

That looks correct and I’m unable to reproduce it. However it could be that there’s a recent bugfix that isn’t in prod yet. I’ll investigate.

Nick,

The docs have been updated. Give this a try:

Tim

Hey Colin,

The docs have been updated. Give this a try:

Tim

Is the same true to make Access profiles NOT requestable as well?
i continue to get {
“detailCode”: “400.1 Bad request content”,
“trackingId”: “75b11bbd396a4b438e3253e42e9e859f”,
“messages”: [
{
“locale”: “en-US”,
“localeOrigin”: “DEFAULT”,
“text”: “The request was syntactically correct but its content is semantically invalid.”
}
],
“causes”:
}

when trying to replace /requestable with false.

The Developer API states that this is an allowed call to make as well.

Msiskind,

You should be able to use PATCH, but pass false instead of true.

Tim

Thanks Tim… still getting the error though…

I believe i have it fully correctly formatted…
[
{
“op”: “replace”,
“path”: “/requestable”,
“value”: false
}
]

and then i get this error
{
“detailCode”: “400.1 Bad request content”,
“trackingId”: “fcdf96e27fff4f5c85e093f148722a14”,
“messages”: [
{
“locale”: “en-US”,
“localeOrigin”: “DEFAULT”,
“text”: “The request was syntactically correct but its content is semantically invalid.”
}
],
“causes”:
}

Any idea why this is failing? Is it because we are unable to mark it as Requestable and that in the actual GUI?
This is from the Developer site itself…
## Patch a specified Access Profile

 This API updates an existing Access Profile. The following fields are patchable:

 **name** , **description** , **enabled** , **owner** , **requestable** , **accessRequestConfig** 
 , **revokeRequestConfig** , **segments**

 **segments** may only be patched if the segmentation feature has been enabled for your org. 
 Otherwise an error will result.

 A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is 
 required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch 
 Access Profiles which are associated with Sources they are able to administer.

Any further insite?

Msiskind,

Thanks for looking at this. At this time, this issue should be resolved. Thanks for your patience.

Could you try it again and verify that it works? Let me know if you have any trouble.

Regards,
Tim Faehnle

Thanks @tim_faehnle , i just tested and it is working!!!