List Roles
GEThttps://sailpoint.api.identitynow.com/v2024/roles
This API returns a list of Roles.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.
Request
Query Parameters
If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value me, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the for-subadmin parameter is specified for an Identity that is not a subadmin.
Possible values: <= 50
Note that for this API the maximum value for limit is 50. See V3 API Standard Collection Parameters for more information.
50
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
0
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
false
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
id: eq, in
name: eq, sw
created: gt, lt, ge, le
modified: gt, lt, ge, le
owner.id: eq, in
requestable: eq
Sort results using the standard syntax described in V3 API Standard Collection Parameters
Sorting is supported for the following fields: name, created, modified
If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
Whether or not the response list should contain unsegmented Roles. If for-segment-ids is absent or empty, specifying include-unsegmented as false results in an error.
true
Responses
- 200
- 400
- 401
- 403
- 429
- 500
List of Roles
- application/json
- Schema
- Example (auto)
Schema
- Array [
- ]
The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.
2c918086749d78830174a1a40e121518
The human-readable display name of the Role
Possible values: <= 128 characters
Role 2567
Date the Role was created
2021-03-01T22:32:58.104Z
Date the Role was last modified.
2021-03-02T20:22:28.104Z
A human-readable description of the Role
Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner objectrequired
accessProfiles object[]nullable
entitlements object[]
membership objectnullable
legacyMembershipInfo objectnullable
Whether the Role is enabled or not.
false
true
Whether the Role can be the target of access requests.
false
true
accessRequestConfig object
revocationRequestConfig object
List of IDs of segments, if any, to which this Role is assigned.
["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]
Whether the Role is dimensional.
false
dimensionRefs object[]nullable
accessModelMetadata object
[
{
"id": "2c918086749d78830174a1a40e121518",
"name": "Role 2567",
"created": "2021-03-01T22:32:58.104Z",
"modified": "2021-03-02T20:22:28.104Z",
"description": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.",
"owner": {
"type": "IDENTITY",
"id": "2c9180a46faadee4016fb4e018c20639",
"name": "support"
},
"accessProfiles": [
{
"id": "ff808081751e6e129f1518161919ecca",
"type": "ACCESS_PROFILE",
"name": "Access Profile 2567"
}
],
"entitlements": [
{
"type": "ENTITLEMENT",
"id": "2c91809773dee32014e13e122092014e",
"name": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local"
}
],
"membership": {
"type": "IDENTITY_LIST",
"criteria": {
"operation": "EQUALS",
"key": {
"type": "ACCOUNT",
"property": "attribute.email",
"sourceId": "2c9180867427f3a301745aec18211519"
},
"stringValue": "carlee.cert1c9f9b6fd@mailinator.com",
"children": [
{
"operation": "EQUALS",
"key": {
"type": "ACCOUNT",
"property": "attribute.email",
"sourceId": "2c9180867427f3a301745aec18211519"
},
"stringValue": "carlee.cert1c9f9b6fd@mailinator.com",
"children": [
{
"operation": "EQUALS",
"key": {
"type": "ACCOUNT",
"property": "attribute.email",
"sourceId": "2c9180867427f3a301745aec18211519"
},
"stringValue": "carlee.cert1c9f9b6fd@mailinator.com"
}
]
}
]
},
"identities": [
{
"type": "IDENTITY",
"id": "2c9180a46faadee4016fb4e018c20639",
"name": "Thomas Edison",
"aliasName": "t.edison"
}
]
},
"legacyMembershipInfo": {
"type": "IDENTITY_LIST"
},
"enabled": true,
"requestable": true,
"accessRequestConfig": {
"commentsRequired": true,
"denialCommentsRequired": true,
"approvalSchemes": [
{
"approverType": "GOVERNANCE_GROUP",
"approverId": "46c79819-a69f-49a2-becb-12c971ae66c6"
}
]
},
"revocationRequestConfig": {
"commentsRequired": false,
"denialCommentsRequired": false,
"approvalSchemes": [
{
"approverType": "GOVERNANCE_GROUP",
"approverId": "46c79819-a69f-49a2-becb-12c971ae66c6"
}
]
},
"segments": [
"f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
"29cb6c06-1da8-43ea-8be4-b3125f248f2a"
],
"dimensional": false,
"dimensionRefs": [
{
"type": "DIMENSION",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Role 2"
}
],
"accessModelMetadata": {
"attributes": [
{
"key": "iscPrivacy",
"name": "Privacy",
"multiselect": false,
"status": "active",
"type": "governance",
"objectTypes": [
"all"
],
"description": "Specifies the level of privacy associated with an access item.",
"values": [
{
"value": "public",
"name": "Public",
"status": "active"
}
]
}
]
}
}
]
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (auto)
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (auto)
Schema
A message describing the error
JWT validation failed: JWT is expired
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (auto)
- 403
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (auto)
Schema
A message describing the error
Rate Limit Exceeded
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (auto)
- 500
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}
Authorization: oauth2
type: Personal Access Tokenscopes: idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read
user levels: ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN
- go
- powershellSailPoint SDK
- pythonSailPoint SDK
- csharp
- curl
- dart
- http
- java
- javascript
- kotlin
- c
- nodejs
- objective-c
- ocaml
- php
- r
- ruby
- rust
- shell
- swift
- NATIVE
package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://sailpoint.api.identitynow.com/v2024/roles"
method := "GET"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Accept", "application/json")
req.Header.Add("Authorization", "Bearer <TOKEN>")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}