Remove Account API + API Token Scope

adamian · September 18, 2024, 5:52pm

What problem are you observing?

delete-account-async | SailPoint Developer Community says scopes: idn:account:remove

I can’t seem to find this scope in the list.

With only idn:accounts:manage I got a 403 error.

What is the correct behavior?

Scopes required for this API endpoint (and all other) should be available for selection for the API tokens.

What product feature is this related to?

ISC API

What are the steps to reproduce the issue?

See description.

Do you have any other information about your environment that may help?

No.

colin_mckibben · September 18, 2024, 7:20pm

Thank you for reporting this. I have opened an engineering ticket (ISCAIM-24250) to fix it. In the meantime, you will have to use sp:scopes:all to use this endpoint, which is understandably not the greatest option.

adamian · September 19, 2024, 1:22pm

Thanks for creating the ticket, Colin.
Will this ticket cover all missing scopes, or do we have to create a bug report for each missing scope?

colin_mckibben · September 19, 2024, 1:35pm

These tickets are usually on a per endpoint basis. If you encounter any other endpoints that have incorrect or missing scopes, please let us know.

adamian · September 19, 2024, 3:38pm

I am very sorry to hear that you’re not checking for similar issues as well, as there are many differences, and I find that comparing the two lists is not that complicated.

Would it not be more time efficient (for SailPoint and for us) to fix it completely instead of waiting for the next bug report with the next scope?

sauvee · December 4, 2024, 8:23am

I agree that the suggestion made by @adamian would be the best, to have a single resource go through all the different end points to see if the mentioned scope actually exists. It may be a tedious job, but it looks like this is what needs to be done if the QC isn’t properly done when creating / generating the docs & end points.

adamian · December 4, 2024, 8:52am

It took me about 10 minutes to download the documentation from GitHub, grep it for scopes and compare it with the list of scopes from the UI. Let’s not overestimate the effort of having a good product.

I am waiting to see this issue fixed until I start reporting other pages like reset-source-entitlements | SailPoint Developer Community ( idn:entitlement:update), get-tenant | SailPoint Developer Community (sp:tenant:read) and so on… I am curious how man years it will take to get all of the scopes covered.

Documented vs UI scopes:

Topic		Replies	Views
Remove Account API - /cc/api/account/remove ISC Discussion and Questions apis , identity-security-cloud	3	231	February 5, 2024
SailPoint fails to delete in some cases using /cc/api/user/delete ISC Discussion and Questions	2	984	July 19, 2023
Disable Account API ISC Discussion and Questions provisioning	6	638	August 5, 2023
Accounts V3 APIs Scopes ISC Discussion and Questions apis	1	461	July 19, 2023
Remove Account API ISC Discussion and Questions apis	7	982	July 19, 2023