Role assignment details
GET/identities/:identityId/role-assignments/:assignmentId
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true
to use this endpoint.
Role assignment details
Request
Path Parameters
Identity Id
Assignment Id
Header Parameters
Default value: true
Use this header to enable this experimental API.
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
A role assignment object
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
- MOD1
- MOD2
Array [
]
]
Array [
Array [
- MOD1
- MOD2
Array [
]
]
]
Array [
]
Assignment Id
role
object
Role Id and Name related to this assignment
the application ID
the application name
Comments added by the user when the assignment was made
Source describing how this assignment was made
assigner
object
The identity that performed the assignment. This could be blank or system
the application ID
the application name
assignedDimensions
object[]
Dimensions assigned related to this role
the application ID
the application name
assignmentContext
object
The context around the role assignment
requested
object
contextAttributes
object[]
The name of the attribute
value
object
The value of the attribute. This can be either a string or a multi-valued string
oneOf
string
string
True if the attribute was derived.
matched
object[]
roleRef
object
Role Id and Name related to this match
the application ID
the application name
matchedAttributes
object[]
The name of the attribute
value
object
The value of the attribute. This can be either a string or a multi-valued string
oneOf
string
string
True if the attribute was derived.
Date that the assignment will was evaluated
accountTargets
object[]
source
object
Source Id and Name related to this assignment
the application ID
the application name
accountInfo
object
The unique ID of the account generated by the source system
Display name for this account
UUID associated with this account
Specific role name for this target if using multiple accounts
Date that the assignment will be removed
{
"id": "1cbb0705b38c4226b1334eadd8874086",
"role": {
"id": "e7697a1e96d04db1ac7b0f4544915d2c",
"type": "ROLE",
"name": "Engineer"
},
"comments": "I'm a new Engineer and need this role to do my work",
"assignmentSource": "UI",
"assigner": {
"id": "2c9180867c184ff6017c2a2fbf031666",
"type": "IDENTITY",
"name": "Jeff Richardson"
},
"assignedDimensions": [
{
"id": "1acc8ffe5fcf457090de28bee2af36ee",
"type": "DIMENSION",
"name": "Northeast region"
}
],
"assignmentContext": {
"requested": {
"contextAttributes": [
{
"attribute": "department",
"value": "Engineering",
"derived": false
}
]
},
"matched": [
{
"id": "e7697a1e96d04db1ac7b0f4544915d2c",
"type": "DIMENSION",
"name": "Engineer"
}
],
"computedDate": "Wed Feb 14 10:58:42"
},
"accountTargets": [
{
"source": {
"id": "d18b74853739439986501ad180b27db6",
"type": "SOURCE",
"name": "Active Directory"
},
"accountInfo": {
"nativeIdentity": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com",
"displayName": "Abby.Smith",
"uuid": "{ad9fc391-246d-40af-b248-b6556a2b7c01}"
},
"roleName": "Marketing"
}
],
"removeDate": "Wed Feb 14 10:58:42"
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 404 response object
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}