Skip to main content

List role's Entitlements

GET 

/roles/:id/entitlements

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

This API lists the Entitlements associated with a given role.

A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.

Request

Path Parameters

    id stringrequired

    ID of the containing role

Query Parameters

    limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
    offset int32

    Default value: 0

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

    Example: 0
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in

    name: eq, sw

    attribute: eq, sw

    value: eq, sw

    created: gt, lt, ge, le

    modified: gt, lt, ge, le

    owner.id: eq, in

    source.id: eq, in

    Example: attribute eq "memberOf"
    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: name, attribute, value, created, modified

    Example: name,-modified

Header Parameters

    X-SailPoint-Experimental stringrequired

    Default value: true

    Use this header to enable this experimental API.

    Example: true

Responses

List of Entitlements

Schema

  • Array [

  • id string

    The entitlement id

    name string

    The entitlement name

    created date-time

    Time when the entitlement was created

    modified date-time

    Time when the entitlement was last modified

    attribute stringnullable

    The entitlement attribute name

    value string

    The value of the entitlement

    sourceSchemaObjectType string

    The object type of the entitlement from the source schema

    privileged boolean

    True if the entitlement is privileged

    cloudGoverned boolean

    True if the entitlement is cloud governed

    description stringnullable

    The description of the entitlement

    requestable boolean

    True if the entitlement is requestable

    attributes

    object

    A map of free-form key-value pairs from the source system

    property name* any

    A map of free-form key-value pairs from the source system

    source

    object

    id string

    The source ID

    type string

    The source type, will always be "SOURCE"

    name stringnullable

    The source name

    owner

    object

    Simplified DTO for the owner object of the entitlement

    id string

    The owner id for the entitlement

    name string

    The owner name for the entitlement

    type string

    Possible values: [IDENTITY]

    The type of the owner. Initially only type IDENTITY is supported

    directPermissions

    object[]

  • Array [

  • rights string[]

    All the rights (e.g. actions) that this permission allows on the target

    target string

    The target the permission would grants rights on.

  • ]

  • segments string[]nullable

    List of IDs of segments, if any, to which this Entitlement is assigned.

    manuallyUpdatedFields

    object

    Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.

    DISPLAY_NAME boolean

    True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > name property.

    DESCRIPTION boolean

    True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > description property.

    accessModelMetadata

    object

    Access Model Metadata (beta).

    attributes

    object[]

    nullable

  • Array [

  • key string

    Technical name of the Attribute. This is unique and cannot be changed after creation.

    name string

    The display name of the key.

    multiselect boolean

    Indicates whether the attribute can have multiple values.

    status string

    The status of the Attribute.

    type string

    The type of the Attribute. This can be either "custom" or "governance".

    objectTypes string[]nullable

    An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.

    description string

    The description of the Attribute.

    values

    object[]

    nullable

  • Array [

  • value string

    Technical name of the Attribute value. This is unique and cannot be changed after creation.

    name string

    The display name of the Attribute value.

    status string

    The status of the Attribute value.

  • ]

  • ]

  • ]

Loading...