Query to list entitlements in a role

Is there a query that can list the entitlements in a role - something similar to this?

There does not seem to be a way in the ui. Also the entitlements and roles API don’t list the source info. Tried the search API but so far no luck

Would appreciate any feedback.

@mario_rod Hello, have You maybe checked this v2024 API endpoint? get-role-entitlements | SailPoint Developer Community

Hi @markomanium thanks for the response. Yes I tried that but the issue is getting the JSON response formatted….
I tried jsonpath.com but not having luck playing with the query

@mario_rod in jsonpath.com , have you tried extracting data, using something like this $[*].name? That should extract all entitlements’ names from the role.

@markomanium jsonpath is not as flexible as jmespath as it does not seem to allow concatenation of elements (or maybe I don’t know how to do it).

This jmespath query using the “/roles/:id/entitlements“ endpoint

[*].{entitlementName: name, entitlementDescription: attributes.description, sourceName: source.name, owner: owner}

produces this output

[
  {
    "entitlementName": "IAM Admin",
    "entitlementDescription": "IAM Team Members",
    "sourceName": "Salesforce",
    "owner": null
  },
  {
    "entitlementName": "Administrator",
    "entitlementDescription": null,
    "sourceName": "IdentityNow",
    "owner": null
  },
  {
    "entitlementName": "Priv Admin",
    "entitlementDescription": "Full administrative access to IdentityNow",
    "sourceName": "Identity Cloud Governance",
    "owner": null
  },

but now I need to save to an excel file and uploading data to online converters is not an option for obvious reasons. Using the excel import feature does not seem to work cleanly either.

Is the best option at this point using Pyton or the powershell sdk?

@mario_rod Extracting this data into excel file should be fairly easy with Python/Java e.g. Or you can use Chatgpt to create an excel file for you out of the data provided (if you are sure you aren’t providing sensitive information, but in this case, doesn’t look sensitive to me).

1 Like

Something like this:

get-v2025roles| foreach {write-host "Role: $($_.name)"; Get-V2025RoleEntitlements $_.id | foreach {write-host "$($_.source.name): $($_.name) ($($_.description))"};write-host}
1 Like

Thanks @David_Norris I will download the posh sdk and try that out

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.