Skip to main content

Gets a list of entitlements.

GET 

/entitlements

This API returns a list of entitlements.

This API can be used in one of the two following ways: either getting entitlements for a specific account-id, or getting via use of filters (those two options are exclusive).

Any authenticated token can call this API.

Request

Query Parameters

    account-id stringdeprecated

    The account ID. If specified, returns only entitlements associated with the given Account. Cannot be specified with the filters, segmented-for-identity, for-segment-ids, or include-unsegmented param(s). This parameter is deprecated. Please use Account Entitlements API to get account entitlements.

    Example: ef38f94347e94562b5bb8424a56397d8
    segmented-for-identity string

    If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. By convention, the value me can stand in for the current user's Identity ID. Cannot be specified with the account-id or for-segment-ids param(s). It is also illegal to specify a value that refers to a different user's Identity.

    Example: me
    for-segment-ids comma-separated

    If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. Cannot be specified with the account-id or segmented-for-identity param(s).

    Example: 041727d4-7d95-4779-b891-93cf41e98249,a378c9fa-bae5-494c-804e-a1e30f69f649
    include-unsegmented boolean

    Default value: true

    Whether or not the response list should contain unsegmented Entitlements. If for-segment-ids and segmented-for-identity are both absent or empty, specifying include-unsegmented=false results in an error.

    Example: true
    offset int32

    Default value: 0

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

    Example: 0
    limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: id, name, created, modified, type, attribute, value, source.id, requestable

    Example: name,-modified
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in

    name: eq, in, sw

    type: eq, in

    attribute: eq, in

    value: eq, in, sw

    source.id: eq, in

    requestable: eq

    created: gt, lt, ge, le

    modified: gt, lt, ge, le

    owner.id: eq, in

    Example: attribute eq "memberOf"

Responses

List of entitlements

Schema

  • Array [

  • id string

    The entitlement id

    name string

    The entitlement name

    created date-time

    Time when the entitlement was created

    modified date-time

    Time when the entitlement was last modified

    attribute stringnullable

    The entitlement attribute name

    value string

    The value of the entitlement

    sourceSchemaObjectType string

    The object type of the entitlement from the source schema

    privileged boolean

    True if the entitlement is privileged

    cloudGoverned boolean

    True if the entitlement is cloud governed

    description stringnullable

    The description of the entitlement

    requestable boolean

    True if the entitlement is requestable

    attributes

    object

    A map of free-form key-value pairs from the source system

    property name* any

    A map of free-form key-value pairs from the source system

    source

    object

    id string

    The source ID

    type string

    The source type, will always be "SOURCE"

    name stringnullable

    The source name

    owner

    object

    Simplified DTO for the owner object of the entitlement

    id string

    The owner id for the entitlement

    name string

    The owner name for the entitlement

    type string

    Possible values: [IDENTITY]

    The type of the owner. Initially only type IDENTITY is supported

    directPermissions

    object[]

  • Array [

  • rights string[]

    All the rights (e.g. actions) that this permission allows on the target

    target string

    The target the permission would grants rights on.

  • ]

  • segments string[]nullable

    List of IDs of segments, if any, to which this Entitlement is assigned.

    manuallyUpdatedFields

    object

    Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.

    DISPLAY_NAME boolean

    True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > name property.

    DESCRIPTION boolean

    True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > description property.

    accessModelMetadata

    object

    Access Model Metadata (beta).

    attributes

    object[]

    nullable

  • Array [

  • key string

    Technical name of the Attribute. This is unique and cannot be changed after creation.

    name string

    The display name of the key.

    multiselect boolean

    Indicates whether the attribute can have multiple values.

    status string

    The status of the Attribute.

    type string

    The type of the Attribute. This can be either "custom" or "governance".

    objectTypes string[]nullable

    An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.

    description string

    The description of the Attribute.

    values

    object[]

    nullable

  • Array [

  • value string

    Technical name of the Attribute value. This is unique and cannot be changed after creation.

    name string

    The display name of the Attribute value.

    status string

    The status of the Attribute value.

  • ]

  • ]

  • ]

Loading...