List access profiles for the specified source app
GET/source-apps/:id/access-profiles
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true
to use this endpoint.
This API returns the list of access profiles for the specified source app
Request
Path Parameters
ID of the source app
Query Parameters
Possible values: <= 250
Default value: 250
Max number of results to return. See V3 API Standard Collection Parameters for more information.
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
id: eq, in
name: eq, in
created: gt, lt, ge, le
modified: gt, lt, ge, le
Header Parameters
Default value: true
Use this header to enable this experimental API.
Responses
- 200
- 400
- 401
- 403
- 429
- 500
List of access profiles for the specified source app
- application/json
- Schema
- Example (from schema)
Schema
Array [
Array [
Array [
]
]
]
The ID of the Access Profile
Name of the Access Profile
Information about the Access Profile
Date the Access Profile was created
Date the Access Profile was last modified.
Default value: true
Whether the Access Profile is enabled.
Whether the Access Profile is requestable via access request.
Whether the Access Profile is protected.
The owner ID of the Access Profile
The source ID of the Access Profile
The source name of the Access Profile
The source app ID of the Access Profile
The source app name of the Access Profile
The id of the application
The type of the access profile
List of IDs of entitlements
The number of entitlements in the access profile
List of IDs of segments, if any, to which this Access Profile is assigned.
Comma-separated list of approval schemes. Each approval scheme is one of - manager - appOwner - sourceOwner - accessProfileOwner - workgroup:
Comma-separated list of revoke request approval schemes. Each approval scheme is one of - manager - sourceOwner - accessProfileOwner - workgroup:
Whether the access profile require request comment for access request.
Whether denied comment is required when access request is denied.
accountSelector
object
How to select account when there are multiple accounts for the user
selectors
object[]
nullable
The application id
accountMatchConfig
object
matchExpression
object
matchTerms
object[]
The attribute name
The attribute value
The operator between name and value
If it is a container or a real match term
If it is AND logical operator for the children match terms
The children under this match term
Default value: true
If it is AND operators for match terms
[
{
"id": "2c91808a7190d06e01719938fcd20792",
"name": "Employee-database-read-write",
"description": "Collection of entitlements to read/write the employee database",
"created": "2021-03-01T22:32:58.104Z",
"modified": "2021-03-02T20:22:28.104Z",
"disabled": true,
"requestable": true,
"protected": false,
"ownerId": "9870808a7190d06e01719938fcd20792",
"sourceId": 10360661,
"sourceName": "AD Source",
"appId": 10360661,
"appName": "mail app",
"applicationId": "edcb0951812949d085b60cd8bf35bc78",
"type": "source",
"entitlements": [
"2c9180857725c14301772a93bb77242d",
"c9dc28e148a24d65b3ccb5fb8ca5ddd9"
],
"entitlementCount": 12,
"segments": [
"f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
"29cb6c06-1da8-43ea-8be4-b3125f248f2a"
],
"approvalSchemes": "accessProfileOwner",
"revokeRequestApprovalSchemes": "accessProfileOwner",
"requestCommentsRequired": true,
"deniedCommentsRequired": true,
"accountSelector": {
"selectors": [
{
"applicationId": "2c91808874ff91550175097daaec161c\"",
"accountMatchConfig": {
"matchExpression": {
"matchTerms": [
{
"name": "",
"value": "",
"op": null,
"container": true,
"and": false,
"children": [
{
"name": "businessCategory",
"value": "Service",
"op": "eq",
"container": false,
"and": false,
"children": null
}
]
}
],
"and": true
}
}
}
]
}
}
]
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}