Patch an entitlement

PATCH /entitlements/:id

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

This API updates an existing entitlement using JSON Patch syntax.

The following fields are patchable: requestable, privileged, segments, owner, name, description, and manuallyUpdatedFields

When you're patching owner, only owner type and owner id must be provided. Owner name is optional, and it won't be modified. If the owner name is provided, it should correspond to the real name. The only owner type currently supported is IDENTITY.

Request

Path Parameters

id stringrequired

ID of the entitlement to patch

Header Parameters

X-SailPoint-Experimental stringrequired

Default value: true

Use this header to enable this experimental API.

Example: true

application/json-patch+json

Body

array

Array [

op stringrequired

Possible values: [add, remove, replace, move, copy, test]

The operation to be performed

path stringrequired

A string JSON Pointer representing the target path to an element to be affected by the operation

value

object

The value to be used for the operation, required for "add" and "replace" operations

oneOf

string
boolean
integer
object
array

string

]

Responses

Responds with the entitlement as updated.

application/json

Schema
Example (from schema)

Schema

id string

The entitlement id

name string

The entitlement name

created date-time

Time when the entitlement was created

modified date-time

Time when the entitlement was last modified

attribute stringnullable

The entitlement attribute name

value string

The value of the entitlement

sourceSchemaObjectType string

The object type of the entitlement from the source schema

privileged boolean

True if the entitlement is privileged

cloudGoverned boolean

True if the entitlement is cloud governed

description stringnullable

The description of the entitlement

requestable boolean

True if the entitlement is requestable

attributes

object

A map of free-form key-value pairs from the source system

property name* any

A map of free-form key-value pairs from the source system

source

object

id string

The source ID

type string

The source type, will always be "SOURCE"

name stringnullable

The source name

owner

object

Simplified DTO for the owner object of the entitlement

id string

The owner id for the entitlement

name string

The owner name for the entitlement

type string

Possible values: [IDENTITY]

The type of the owner. Initially only type IDENTITY is supported

directPermissions

object[]

Array [

rights string[]

All the rights (e.g. actions) that this permission allows on the target

target string

The target the permission would grants rights on.

]

segments string[]nullable

List of IDs of segments, if any, to which this Entitlement is assigned.

manuallyUpdatedFields

object

Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.

DISPLAY_NAME boolean

True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > name property.

DESCRIPTION boolean

True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > description property.

accessModelMetadata

object

Access Model Metadata (beta).

attributes

object[]

nullable

Array [

key string

Technical name of the Attribute. This is unique and cannot be changed after creation.

name string

The display name of the key.

multiselect boolean

Indicates whether the attribute can have multiple values.

status string

The status of the Attribute.

type string

The type of the Attribute. This can be either "custom" or "governance".

objectTypes string[]nullable

An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.

description string

The description of the Attribute.

values

object[]

nullable

Array [

value string

Technical name of the Attribute value. This is unique and cannot be changed after creation.

name string

The display name of the Attribute value.

status string

The status of the Attribute value.

]

{
  "id": "2c91808874ff91550175097daaec161c",
  "name": "LauncherTest2",
  "created": "2020-10-08T18:33:52.029Z",
  "modified": "2020-10-08T18:33:52.029Z",
  "attribute": "memberOf",
  "value": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local",
  "sourceSchemaObjectType": "group",
  "privileged": true,
  "cloudGoverned": true,
  "description": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local",
  "requestable": true,
  "attributes": {
    "fieldName": "fieldValue"
  },
  "source": {
    "id": "2c9180827ca885d7017ca8ce28a000eb",
    "type": "SOURCE",
    "name": "ODS-AD-Source"
  },
  "owner": {
    "id": "2a2fdacca5e345f18bf7970cfbb8fec2",
    "name": "identity 1",
    "type": "IDENTITY"
  },
  "directPermissions": [
    {
      "rights": [
        "SELECT"
      ],
      "target": "SYS.GV_$TRANSACTION"
    }
  ],
  "segments": [
    "f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
    "29cb6c06-1da8-43ea-8be4-b3125f248f2a"
  ],
  "manuallyUpdatedFields": {
    "DISPLAY_NAME": true,
    "DESCRIPTION": true
  },
  "accessModelMetadata": {
    "attributes": [
      {
        "key": "iscPrivacy",
        "name": "Privacy",
        "multiselect": false,
        "status": "active",
        "type": "governance",
        "objectTypes": [
          "all"
        ],
        "description": "Specifies the level of privacy associated with an access item.",
        "values": [
          {
            "value": "public",
            "name": "Public",
            "status": "active"
          }
        ]
      }
    ]
  }
}

Client Error - Returned if the request body is invalid.

application/json

Schema
Example (from schema)

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema
Example (from schema)

Schema

error

A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema
Example (from schema)
403

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Not Found - returned if the request URL refers to a resource or object that does not exist

application/json

Schema
Example (from schema)
404

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 404 response object

{
  "detailCode": "404 Not found",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server did not find a current representation for the target resource."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema
Example (from schema)

Schema

message

A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema
Example (from schema)
500

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Patch an entitlement

/entitlements/:id

Request​

Path Parameters

Header Parameters

Body

Responses​

Request

Responses