Skip to main content

Create request to provision a potential role into an actual role.

POST 

/role-mining-sessions/:sessionId/potential-roles/:potentialRoleId/provision

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

This method starts a job to provision a potential role

Request

Path Parameters

    sessionId stringrequired

    The role mining session id

    Example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
    potentialRoleId stringrequired

    A potential role id in a role mining session

    Example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb

Query Parameters

    min-entitlement-popularity integer

    Possible values: <= 100

    Default value: 0

    Minimum popularity required for an entitlement to be included in the provisioned role.

    include-common-access boolean

    Default value: true

    Boolean determining whether common access entitlements will be included in the provisioned role.

Header Parameters

    X-SailPoint-Experimental stringrequired

    Default value: true

    Use this header to enable this experimental API.

    Example: true

Body

Required information to create a new role

    roleName string

    Name of the new role being created

    roleDescription string

    Short description of the new role being created

    ownerId string

    ID of the identity that will own this role

    includeIdentities boolean

    When true, create access requests for the identities associated with the potential role

    directlyAssignedEntitlements boolean

    When true, assign entitlements directly to the role; otherwise, create access profiles containing the entitlements

Responses

Accepted. Returns a potential role summary including the status of the provison request

Schema

    id string

    Id of the potential role

    name string

    Name of the potential role

    potentialRoleRef

    object

    Details about the potential role

    id string

    Id of the potential role

    name string

    Name of the potential role

    identityCount int32

    The number of identities in a potential role.

    entitlementCount int32

    The number of entitlements in a potential role.

    identityGroupStatus string

    The status for this identity group which can be "REQUESTED" or "OBTAINED"

    provisionState RoleMiningPotentialRoleProvisionState (string)

    Possible values: [POTENTIAL, PENDING, COMPLETE, FAILED]

    The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".

    roleId stringnullable

    ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.

    density int32

    The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.

    freshness int32

    The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.

    quality int32

    The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.

    type RoleMiningRoleType (string)

    Possible values: [SPECIALIZED, COMMON]

    Role mining potential type.

    createdBy

    object

    The potential role created by details

    oneOf

    id string

    ID of the creator

    displayName string

    The display name of the creator

    createdDate date-time

    The date-time when this potential role was created.

    saved boolean

    The potential role's saved status

    description stringnullable

    Description of the potential role

    session

    object

    The session parameters of the potential role.

    id string

    The ID of the role mining session

    name stringnullable

    The session's saved name

    minNumIdentitiesInPotentialRole int32nullable

    Minimum number of identities in a potential role

    pruneThreshold int32nullable

    The prune threshold to be used or null to calculate prescribedPruneThreshold

    saved boolean

    Default value: true

    The session's saved status

    scope

    object

    The scope of identities for this role mining session

    identityIds string[]

    The list of identities for this role mining session.

    criteria stringnullable

    The "search" criteria that produces the list of identities for this role mining session.

    attributeFilterCriteria object[]nullable

    The filter criteria for this role mining session.

    type RoleMiningRoleType (string)

    Possible values: [SPECIALIZED, COMMON]

    Role mining potential type

    state RoleMiningSessionState (string)

    Possible values: [CREATED, UPDATED, IDENTITIES_OBTAINED, PRUNE_THRESHOLD_OBTAINED, POTENTIAL_ROLES_PROCESSING, POTENTIAL_ROLES_CREATED]

    Role mining session state

    scopingMethod RoleMiningSessionScopingMethod (string)

    Possible values: [MANUAL, AUTO_RM]

    Scoping method used in current role mining session

Loading...