Create a Dimension
POST/roles/:roleId/dimensions
This API creates a dimension. You must have a token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority to call this API. Additionally, a ROLE_SUBADMIN cannot create a dimension that includes an access profile or entitlement if that access profile or entitlement is linked to a source that the ROLE_SUBADMIN is not associated with. The maximum supported length for the description field is 2000 characters.
Request
Path Parameters
Parent Role Id of the dimension.
- application/json
Body
required
Array [
]
Array [
]
Array [
Array [
]
]
The id of the Dimension. This field must be left null when creating a dimension, otherwise a 400 Bad Request error will result.
Possible values: <= 128 characters
The human-readable display name of the Dimension
A human-readable description of the Dimension
owner
object
required
The owner of this object.
Possible values: [IDENTITY
]
Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.
Identity id
Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.
accessProfiles
object[]
nullable
ID of the Access Profile
Possible values: [ACCESS_PROFILE
]
Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.
Human-readable display name of the Access Profile. This field is ignored on input.
entitlements
object[]
Possible values: [ENTITLEMENT
]
Entitlement's DTO type.
Entitlement's ID.
Entitlement's display name.
membership
object
nullable
When present, specifies that the Dimension is to be granted to Identities which either satisfy specific criteria.
Possible values: [STANDARD
]
This enum characterizes the type of a Dimension's membership selector. Only the STANDARD type supported:
STANDARD: Indicates that Dimension membership is defined in terms of a criteria expression
criteria
object
nullable
Defines STANDARD type Dimension membership
Possible values: [EQUALS
, AND
, OR
]
An operation
key
object
nullable
Refers to a specific Identity attribute used in Dimension membership criteria.
Possible values: [IDENTITY
]
Indicates whether the associated criteria represents an expression on identity attributes.
The name of the identity attribute to which the associated criteria applies.
String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is EQUALS, this field is required. Otherwise, specifying it is an error.
children
object[]
nullable
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
Possible values: [EQUALS
, AND
, OR
]
An operation
key
object
nullable
Refers to a specific Identity attribute used in Dimension membership criteria.
Possible values: [IDENTITY
]
Indicates whether the associated criteria represents an expression on identity attributes.
The name of the identity attribute to which the associated criteria applies.
String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.
children
object[]
nullable
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
Possible values: [EQUALS
, AND
, OR
]
An operation
key
object
nullable
Refers to a specific Identity attribute used in Dimension membership criteria.
Possible values: [IDENTITY
]
Indicates whether the associated criteria represents an expression on identity attributes.
The name of the identity attribute to which the associated criteria applies.
String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.
The ID of the parent role. This field can be left null when creating a dimension, but if provided, it must match the role ID specified in the path variable of the API call.
Responses
- 201
- 400
- 401
- 403
- 429
- 500
Dimension created
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Array [
Array [
]
]
The id of the Dimension. This field must be left null when creating a dimension, otherwise a 400 Bad Request error will result.
Possible values: <= 128 characters
The human-readable display name of the Dimension
Date the Dimension was created
Date the Dimension was last modified.
A human-readable description of the Dimension
owner
object
required
The owner of this object.
Possible values: [IDENTITY
]
Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.
Identity id
Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.
accessProfiles
object[]
nullable
ID of the Access Profile
Possible values: [ACCESS_PROFILE
]
Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.
Human-readable display name of the Access Profile. This field is ignored on input.
entitlements
object[]
Possible values: [ENTITLEMENT
]
Entitlement's DTO type.
Entitlement's ID.
Entitlement's display name.
membership
object
nullable
When present, specifies that the Dimension is to be granted to Identities which either satisfy specific criteria.
Possible values: [STANDARD
]
This enum characterizes the type of a Dimension's membership selector. Only the STANDARD type supported:
STANDARD: Indicates that Dimension membership is defined in terms of a criteria expression
criteria
object
nullable
Defines STANDARD type Dimension membership
Possible values: [EQUALS
, AND
, OR
]
An operation
key
object
nullable
Refers to a specific Identity attribute used in Dimension membership criteria.
Possible values: [IDENTITY
]
Indicates whether the associated criteria represents an expression on identity attributes.
The name of the identity attribute to which the associated criteria applies.
String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is EQUALS, this field is required. Otherwise, specifying it is an error.
children
object[]
nullable
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
Possible values: [EQUALS
, AND
, OR
]
An operation
key
object
nullable
Refers to a specific Identity attribute used in Dimension membership criteria.
Possible values: [IDENTITY
]
Indicates whether the associated criteria represents an expression on identity attributes.
The name of the identity attribute to which the associated criteria applies.
String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.
children
object[]
nullable
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
Possible values: [EQUALS
, AND
, OR
]
An operation
key
object
nullable
Refers to a specific Identity attribute used in Dimension membership criteria.
Possible values: [IDENTITY
]
Indicates whether the associated criteria represents an expression on identity attributes.
The name of the identity attribute to which the associated criteria applies.
String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.
The ID of the parent role. This field can be left null when creating a dimension, but if provided, it must match the role ID specified in the path variable of the API call.
{
"id": "2c918086749d78830174a1a40e121518",
"name": "Dimension 2567",
"created": "2021-03-01T22:32:58.104Z",
"modified": "2021-03-02T20:22:28.104Z",
"description": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.",
"owner": {
"type": "IDENTITY",
"id": "2c9180a46faadee4016fb4e018c20639",
"name": "support"
},
"accessProfiles": [
{
"id": "ff808081751e6e129f1518161919ecca",
"type": "ACCESS_PROFILE",
"name": "Access Profile 2567"
}
],
"entitlements": [
{
"type": "ENTITLEMENT",
"id": "2c91809773dee32014e13e122092014e",
"name": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local"
}
],
"membership": {
"type": "STANDARD",
"criteria": {
"operation": "EQUALS",
"key": {
"type": "IDENTITY",
"property": "attribute.email"
},
"stringValue": "[email protected]",
"children": [
{
"operation": "EQUALS",
"key": {
"type": "IDENTITY",
"property": "attribute.email"
},
"stringValue": "[email protected]",
"children": [
{
"operation": "EQUALS",
"key": {
"type": "IDENTITY",
"property": "attribute.email"
},
"stringValue": "[email protected]"
}
]
}
]
}
},
"parentId": "2c918086749d78830174a1a40e121518"
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}