Update Identity Roles

AhmedHisham7 · April 3, 2024, 10:56am

I need to update some Identity Role to add additional Access Profiles on top of the Access Profiles already assigned to the Identity Role.

When trying to use PATCH https://sailpoint.api.identitynow.com/v3/roles/:id
with body:

{
    "op": "add",
    "path": "/accessProfiles",
    "value": [
        {
            "id": "Access PRofile ID",
            "type": "ACCESS_PROFILE",
            "name": "Access PRofile Name"
        }
    ]
  }

It replaces all the existing Access Profiles and add only the new one.

Is this a bug and what’s the difference now between add and replace operations?

iamology · April 3, 2024, 12:39pm

You need to use an index ‘N’ in the path, where N will be the total count of current access profiles

{
    "op": "add",
    "path": "/accessProfiles/N",
    "value": [
        {
            "id": "Access PRofile ID",
            "type": "ACCESS_PROFILE",
            "name": "Access PRofile Name"
        }
    ]
  }

AhmedHisham7 · April 4, 2024, 8:26am

I tried adding an index N on one of the Identity Roles but received an error.

{
    "messages": [
        {
            "localeOrigin": "REQUEST",
            "locale": "en-US",
            "text": "The request was syntactically correct but its content is semantically invalid."
        },
        {
            "localeOrigin": "DEFAULT",
            "locale": "en-US",
            "text": "The request was syntactically correct but its content is semantically invalid."
        }
    ],
    "detailCode": "400.1 Bad request content",
    "trackingId": "2213016e41524c70bec9e1cd4da285db"
}

iamology · April 5, 2024, 1:06pm

Body for this PATCH request needs to be an array, which will be

[
  {
      "op": "add",
      "path": "/accessProfiles/N",
      "value": [
          {
              "id": "Access PRofile ID",
              "type": "ACCESS_PROFILE",
              "name": "Access PRofile Name"
          }
    ]
  }
]

And Content-type in Header should be application/json-patch+json

However, I noticed that this is still returning error (even when I used the body directly from SP document page) though it has worked several times in the past for me

{
    "messages": [
        {
            "localeOrigin": "DEFAULT",
            "locale": "en-US",
            "text": "The request could not be parsed."
        },
        {
            "localeOrigin": "REQUEST",
            "locale": "en-US",
            "text": "The request could not be parsed."
        }
    ],
    "detailCode": "400.0 Bad request syntax",
    "trackingId": "2cbe449f8add46e0a7a2260763956fb6"
}

Not sure what am I missing and hoping someone in the community will be able to resolve this

Shanmukh · April 10, 2024, 5:02pm

Hi @iamology and @AhmedHisham7 ,

The body you have provided is returning same error. However, you can use the below body to execute the patch operation successfully but the only catch is you have to provide the existing ids of the access profiles present in the role so that the new access profile will not overwrite the existing profiles.
Body:
[
{
“op”: “add”,
“path”: “/accessProfiles”,
“value”: [
{
“id”: “new profile_id”,
“type”: “ACCESS_PROFILE”
},
{
“id”: “old profile_id1”,
“type”: “ACCESS_PROFILE”
},
.
.
.
{
“id”: “old profile_idN”,
“type”: “ACCESS_PROFILE”
}
]
}
]

Topic		Replies	Views
Add/Remove operations on Beta Patch Roles/Access Profiles endpoints ISC Discussion and Questions apis , identity-security-cloud	7	740	July 19, 2023
Append Access profile to App rather than replace ISC Discussion and Questions apis , identity-security-cloud	3	462	July 19, 2023
To update role through API ISC Discussion and Questions apis	4	355	July 19, 2023
Assign Access Profile to Segment via API ISC Discussion and Questions apis , identity-security-cloud	2	233	November 11, 2023
REST API for adding identity attribute mapping in Identity Profile ISC Discussion and Questions apis , identity-profiles	8	849	July 19, 2023

Update Identity Roles

Related Topics