Update Identity Roles

AhmedHisham7 · April 3, 2024, 10:56am

I need to update some Identity Role to add additional Access Profiles on top of the Access Profiles already assigned to the Identity Role.

When trying to use PATCH https://sailpoint.api.identitynow.com/v3/roles/:id
with body:

{
    "op": "add",
    "path": "/accessProfiles",
    "value": [
        {
            "id": "Access PRofile ID",
            "type": "ACCESS_PROFILE",
            "name": "Access PRofile Name"
        }
    ]
  }

It replaces all the existing Access Profiles and add only the new one.

Is this a bug and what’s the difference now between add and replace operations?

iamology · April 3, 2024, 12:39pm

You need to use an index ‘N’ in the path, where N will be the total count of current access profiles

{
    "op": "add",
    "path": "/accessProfiles/N",
    "value": [
        {
            "id": "Access PRofile ID",
            "type": "ACCESS_PROFILE",
            "name": "Access PRofile Name"
        }
    ]
  }

AhmedHisham7 · April 4, 2024, 8:26am

I tried adding an index N on one of the Identity Roles but received an error.

{
    "messages": [
        {
            "localeOrigin": "REQUEST",
            "locale": "en-US",
            "text": "The request was syntactically correct but its content is semantically invalid."
        },
        {
            "localeOrigin": "DEFAULT",
            "locale": "en-US",
            "text": "The request was syntactically correct but its content is semantically invalid."
        }
    ],
    "detailCode": "400.1 Bad request content",
    "trackingId": "2213016e41524c70bec9e1cd4da285db"
}

iamology · April 5, 2024, 1:06pm

Body for this PATCH request needs to be an array, which will be

[
  {
      "op": "add",
      "path": "/accessProfiles/N",
      "value": [
          {
              "id": "Access PRofile ID",
              "type": "ACCESS_PROFILE",
              "name": "Access PRofile Name"
          }
    ]
  }
]

And Content-type in Header should be application/json-patch+json

However, I noticed that this is still returning error (even when I used the body directly from SP document page) though it has worked several times in the past for me

{
    "messages": [
        {
            "localeOrigin": "DEFAULT",
            "locale": "en-US",
            "text": "The request could not be parsed."
        },
        {
            "localeOrigin": "REQUEST",
            "locale": "en-US",
            "text": "The request could not be parsed."
        }
    ],
    "detailCode": "400.0 Bad request syntax",
    "trackingId": "2cbe449f8add46e0a7a2260763956fb6"
}

Not sure what am I missing and hoping someone in the community will be able to resolve this

Shanmukh · April 10, 2024, 5:02pm

Hi @iamology and @AhmedHisham7 ,

The body you have provided is returning same error. However, you can use the below body to execute the patch operation successfully but the only catch is you have to provide the existing ids of the access profiles present in the role so that the new access profile will not overwrite the existing profiles.
Body:

[
    {
        "op": "add",
        "path": "/accessProfiles",
        "value": [
            {
                "id": "new profile_id",
                "type": "ACCESS_PROFILE"
            },
            {
                "id": "old profile_id1",
                "type": "ACCESS_PROFILE"
            },
            .
            .
            .
            {
                "id": "old profile_idN",
                "type": "ACCESS_PROFILE"
            }
        ]
    }
]

colin_mckibben · June 4, 2024, 2:10pm

The add operation requires you to specify an index where you want to add the item, and the value should be the single item you want to add. When you have an array of objects, the value should just be a single object with no array brackets. For example, this payload will add a single access profile to the end of the accessProfile array:

[
    {
        "op": "add",
        "path": "/accessProfiles/-",
        "value": {
            "id": "903b1e19281645278f9c9f665ea911b8",
            "type": "ACCESS_PROFILE",
            "name": "Airtable V4"
        }
    }
]

If you use the add operation and supply an array as the value, then it will behave the same as the replace operation. It will overwrite whatever array is already there. You can read more about the add operation here:

system · August 3, 2024, 2:10pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add/Remove operations on Beta Patch Roles/Access Profiles endpoints ISC Discussion and Questions apis , identity-security-cloud	7	1047	July 19, 2023
Append Access profile to App rather than replace ISC Discussion and Questions apis , identity-security-cloud	3	536	July 19, 2023
IdentityNow role assignment for existing users ISC Discussion and Questions identity-security-cloud , roles , access-profiles	3	98	October 1, 2024
Setting Approvals on Editing Roles ISC Discussion and Questions workflows , identity-security-cloud , roles , access-requests	9	103	October 19, 2024
Inquiry About Planned Updates for Roles API ISC Discussion and Questions apis , identity-security-cloud , roles , access-profiles	8	193	August 2, 2024

Update Identity Roles

Related topics