Role assignment details

GET /identities/:identityId/role-assignments/:assignmentId

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

Request

Path Parameters

identityId stringrequired

Identity Id

Example: ef38f94347e94562b5bb8424a56397d8

assignmentId stringrequired

Assignment Id

Example: 1cbb0705b38c4226b1334eadd8874086

Header Parameters

X-SailPoint-Experimental stringrequired

Default value: true

Use this header to enable this experimental API.

Example: true

Responses

A role assignment object

application/json

Schema
Example (from schema)

Schema

id string

Assignment Id

role

object

Role Id and Name related to this assignment

id string

the application ID

name string

the application name

comments string

Comments added by the user when the assignment was made

assignmentSource string

Source describing how this assignment was made

assigner

object

The identity that performed the assignment. This could be blank or system

id string

the application ID

name string

the application name

assignedDimensions

object[]

Dimensions assigned related to this role

Array [

id string

the application ID

name string

the application name

]

assignmentContext

object

The context around the role assignment

requested

object

contextAttributes

object[]

Array [

attribute string

The name of the attribute

value

object

The value of the attribute. This can be either a string or a multi-valued string

oneOf

MOD1
MOD2

string

derived boolean

True if the attribute was derived.

]

matched

object[]

Array [

roleRef

object

Role Id and Name related to this match

id string

the application ID

name string

the application name

matchedAttributes

object[]

Array [

attribute string

The name of the attribute

value

object

The value of the attribute. This can be either a string or a multi-valued string

oneOf

MOD1
MOD2

string

derived boolean

True if the attribute was derived.

]

computedDate string

Date that the assignment will was evaluated

accountTargets

object[]

Array [

source

object

Source Id and Name related to this assignment

id string

the application ID

name string

the application name

accountInfo

object

nativeIdentity string

The unique ID of the account generated by the source system

displayName string

Display name for this account

uuid string

UUID associated with this account

roleName string

Specific role name for this target if using multiple accounts

]

removeDate string

Date that the assignment will be removed

{
  "id": "1cbb0705b38c4226b1334eadd8874086",
  "role": {
    "id": "e7697a1e96d04db1ac7b0f4544915d2c",
    "type": "ROLE",
    "name": "Engineer"
  },
  "comments": "I'm a new Engineer and need this role to do my work",
  "assignmentSource": "UI",
  "assigner": {
    "id": "2c9180867c184ff6017c2a2fbf031666",
    "type": "IDENTITY",
    "name": "Jeff Richardson"
  },
  "assignedDimensions": [
    {
      "id": "1acc8ffe5fcf457090de28bee2af36ee",
      "type": "DIMENSION",
      "name": "Northeast region"
    }
  ],
  "assignmentContext": {
    "requested": {
      "contextAttributes": [
        {
          "attribute": "department",
          "value": "Engineering",
          "derived": false
        }
      ]
    },
    "matched": [
      {
        "id": "e7697a1e96d04db1ac7b0f4544915d2c",
        "type": "DIMENSION",
        "name": "Engineer"
      }
    ],
    "computedDate": "Wed Feb 14 10:58:42"
  },
  "accountTargets": [
    {
      "source": {
        "id": "d18b74853739439986501ad180b27db6",
        "type": "SOURCE",
        "name": "Active Directory"
      },
      "accountInfo": {
        "nativeIdentity": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com",
        "displayName": "Abby.Smith",
        "uuid": "{ad9fc391-246d-40af-b248-b6556a2b7c01}"
      },
      "roleName": "Marketing"
    }
  ],
  "removeDate": "Wed Feb 14 10:58:42"
}

Client Error - Returned if the request body is invalid.

application/json

Schema
Example (from schema)

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema
Example (from schema)

Schema

error

A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema
Example (from schema)
403

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Not Found - returned if the request URL refers to a resource or object that does not exist

application/json

Schema
Example (from schema)
404

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 404 response object

{
  "detailCode": "404 Not found",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server did not find a current representation for the target resource."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema
Example (from schema)

Schema

message

A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema
Example (from schema)
500

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Role assignment details

/identities/:identityId/role-assignments/:assignmentId

Request​

Path Parameters

Header Parameters

Responses​

Request

Responses