Edit entitlements for a potential role to exclude some entitlements
POSThttps://sailpoint.api.identitynow.com/beta/role-mining-sessions/:sessionId/potential-roles/:potentialRoleId/edit-entitlements
This endpoint adds or removes entitlements from an exclusion list for a potential role.
Request
Path Parameters
The role mining session id
A potential role id in a role mining session
- application/json
Bodyrequired
Role mining session parameters
The list of entitlement ids to be edited
If true, add ids to be exclusion list. If false, remove ids from the exclusion list.
Responses
- 201
- 400
- 401
- 403
- 500
Adds or removes entitlements from a potential role's entitlement exclusion list.
- application/json
- Schema
- Example (auto)
Schema
createdBy object
The density of a potential role.
75
The description of a potential role.
Potential Role for Accounting dept
The number of entitlements in a potential role.
25
The list of entitlement ids to be excluded.
["07a0b4e2","13b4e2a0"]
The freshness of a potential role.
75
The number of identities in a potential role.
25
identityDistribution object[]nullable
The list of ids in a potential role.
["07a0b4e2","13b4e2a0"]
Name of the potential role.
Saved Potential Role - 07/10
Provision state
Possible values: [POTENTIAL
, PENDING
, COMPLETE
, FAILED
]
POTENTIAL
The quality of a potential role.
100
The roleId of a potential role.
07a0b4e2-7a76-44fa-bd0b-c64654b66519
The potential role's saved status.
true
session object
Role type
Possible values: [SPECIALIZED
, COMMON
]
SPECIALIZED
Id of the potential role
e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
The date-time when this potential role was created.
The date-time when this potential role was modified.
{
"createdBy": {
"id": "2c918090761a5aac0176215c46a62d58",
"displayName": "Ashley.Pierce"
},
"density": 75,
"description": "Potential Role for Accounting dept",
"entitlementCount": 25,
"excludedEntitlements": [
"07a0b4e2",
"13b4e2a0"
],
"freshness": 75,
"identityCount": 25,
"identityDistribution": [
{
"attributeName": "department",
"distribution": [
{
"attributeValue": "NM Tier 3",
"count": 6
}
]
}
],
"identityIds": [
"07a0b4e2",
"13b4e2a0"
],
"name": "Saved Potential Role - 07/10",
"provisionState": "POTENTIAL",
"quality": 100,
"roleId": "07a0b4e2-7a76-44fa-bd0b-c64654b66519",
"saved": true,
"session": {
"id": "9f36f5e5-1e81-4eca-b087-548959d91c71",
"name": "Saved RM Session - 07/10",
"minNumIdentitiesInPotentialRole": 20,
"pruneThreshold": 5,
"saved": true,
"scope": {
"identityIds": [],
"criteria": "source.name:DataScienceDataset",
"attributeFilterCriteria": {
"displayName": {
"untranslated": "Location: Miami"
},
"ariaLabel": {
"untranslated": "Location: Miami"
},
"data": {
"displayName": {
"translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION"
},
"name": "location",
"operator": "EQUALS",
"values": [
"Miami"
]
}
}
},
"type": "SPECIALIZED",
"state": "CREATED",
"scopingMethod": "MANUAL"
},
"type": "SPECIALIZED",
"id": "e0cc5d7d-bf7f-4f81-b2af-8885b09d9923",
"createdDate": "2024-07-29T15:51:28.071Z",
"modifiedDate": "2024-07-29T15:51:28.071Z"
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (auto)
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (auto)
Schema
A message describing the error
JWT validation failed: JWT is expired
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (auto)
- 403
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (auto)
- 500
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}
Authorization: oauth2
type: Personal Access Tokenscopes: sp:scopes:all
- go
- powershellSailPoint SDK
- pythonSailPoint SDK
- csharp
- curl
- dart
- http
- java
- javascript
- kotlin
- c
- nodejs
- objective-c
- ocaml
- php
- r
- ruby
- rust
- shell
- swift
- NATIVE
package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://sailpoint.api.identitynow.com/beta/role-mining-sessions/:sessionId/potential-roles/:potentialRoleId/edit-entitlements"
method := "POST"
payload := strings.NewReader(`{
"ids": [
"entId1",
"entId2"
],
"exclude": true
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("Authorization", "Bearer <TOKEN>")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}