Create request to provision a potential role into an actual role.
POST/role-mining-sessions/:sessionId/potential-roles/:potentialRoleId/provision
This method starts a job to provision a potential role
Request
Path Parameters
The role mining session id
A potential role id in a role mining session
Query Parameters
Possible values: <= 100
Minimum popularity required for an entitlement to be included in the provisioned role.
Default value: true
Boolean determining whether common access entitlements will be included in the provisioned role.
- application/json
Body
Required information to create a new role
Name of the new role being created
Short description of the new role being created
ID of the identity that will own this role
Default value: false
When true, create access requests for the identities associated with the potential role
Default value: false
When true, assign entitlements directly to the role; otherwise, create access profiles containing the entitlements
Responses
- 202
- 400
- 401
- 403
- 404
- 500
Accepted. Returns a potential role summary including the status of the provison request
- application/json
- Schema
- Example (from schema)
Schema
Id of the potential role
Name of the potential role
potentialRoleRef object
Details about the potential role
Id of the potential role
Name of the potential role
The number of identities in a potential role.
The number of entitlements in a potential role.
The status for this identity group which can be "REQUESTED" or "OBTAINED"
Possible values: [POTENTIAL, PENDING, COMPLETE, FAILED]
The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".
ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.
The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.
The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.
The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.
Possible values: [SPECIALIZED, COMMON]
Role mining potential type.
session object
The session parameters of the potential role.
The ID of the role mining session
The session's saved name
Minimum number of identities in a potential role
The prune threshold to be used or null to calculate prescribedPruneThreshold
Default value: true
The session's saved status
scope object
The scope of identities for this role mining session
The list of identities for this role mining session.
The "search" criteria that produces the list of identities for this role mining session.
The filter criteria for this role mining session.
Possible values: [SPECIALIZED, COMMON]
Role mining potential type
Possible values: [CREATED, UPDATED, IDENTITIES_OBTAINED, PRUNE_THRESHOLD_OBTAINED, POTENTIAL_ROLES_PROCESSING, POTENTIAL_ROLES_CREATED]
Role mining session state
Possible values: [MANUAL, AUTO_RM]
Scoping method used in current role mining session
{
"id": "e0cc5d7d-bf7f-4f81-b2af-8885b09d9923",
"name": "Potential Role - e0cc5d",
"potentialRoleRef": {
"id": "e0cc5d7d-bf7f-4f81-b2af-8885b09d9923",
"name": "Potential Role - e0cc5d"
},
"identityCount": 25,
"entitlementCount": 15,
"identityGroupStatus": "OBTAINED",
"provisionState": "PENDING",
"roleId": "2a4be6fbcf3c4e66b95a0c15ffd591",
"density": 90,
"freshness": 70,
"quality": 80,
"type": "SPECIALIZED",
"session": {
"id": "9f36f5e5-1e81-4eca-b087-548959d91c71",
"name": "Saved RM Session - 07/10",
"minNumIdentitiesInPotentialRole": 20,
"pruneThreshold": 5,
"saved": true,
"scope": {
"identityIds": [],
"criteria": "source.name:DataScienceDataset",
"attributeFilterCriteria": {
"displayName": {
"untranslated": "Location: Miami"
},
"ariaLabel": {
"untranslated": "Location: Miami"
},
"data": {
"displayName": {
"translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION"
},
"name": "location",
"operator": "EQUALS",
"values": [
"Miami"
]
}
}
},
"type": "SPECIALIZED",
"state": "CREATED",
"scopingMethod": "MANUAL"
}
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
- Array [
- ]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
- Array [
- ]
- Array [
- ]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
- Array [
- ]
- Array [
- ]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 404 response object
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
- Array [
- ]
- Array [
- ]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}