Hi,
I’ve got a request for custom permission levels so a token can be provisioned for performing identity role removals by using the RESTAPI. yet I’ve managed to perform such actions using an Admin user
and running:
POST https://partner#.api.identitynow.com/access-requests
// to get Roles information run https://partner122.api.identitynow.com/beta/roles
// more information on: https://developer.sailpoint.com/idn/api/beta/roles
// The request below will revoke access to Roles through the API
{
"requestedFor": [
// identity id
"2c9180867f88fe2b017f89201bd004e0"
],
"requestedItems": [
{
//role id, don't use your own user role ID for role ID (only the user manager can do these changes if that's the case)
"id": "2c9180857f47036a017f836b8fa077d6",
"type": "ROLE",
"comment": "Requesting role for testuser",
"name": "Test Lab User"
}
],
"requestType": "REVOKE_ACCESS",
"clientMetadata": {
// again the role ID and name
"id": "2c9180857f47036a017f836b8fa077d6",
"name": "Test Lab User" }
}
although it worked. we’ve got a petition for a user with “custom permission levels” who may perform such a task without Admin rights.
the user level matrix displays the possibility for using the Role-Admin", and “role-sub admin” permission level yet I was getting the response 403 Forbidden when I’ve tried removing roles.
another probable option might be to use a scoped “Admin” as described in the link:
however it’s still in development
any help would be appreciated
Thanks in advance