Retrieves a specific potential role

GET 
https://sailpoint.api.identitynow.com/v2025/role-mining-sessions/:sessionId/potential-role-summaries/:potentialRoleId

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

This method returns a specific potential role for a role mining session.

Request

Path Parameters

sessionId stringrequired
The role mining session id
Found in Get Role Mining Sessions
Example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
potentialRoleId stringrequired
A potential role id in a role mining session
Found in Get Potential Role Summaries
Example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb

Header Parameters

X-SailPoint-Experimental stringrequired
Use this header to enable this experimental API.
Default value: true
Example: true

Responses

200

Succeeded. Returns a list of potential roles for a role mining session.

application/json

Schema

Schema

createdBy object

The session created by details

oneOf

MOD1

idstring

ID of the creator

Example: 2c918090761a5aac0176215c46a62d58

displayNamestring

The display name of the creator

Example: Ashley.Pierce

MOD2

stringnullable

Workaround to support null

Example: Dummy

densityint32

The density of a potential role.

Example: 75

descriptionstringnullable

The description of a potential role.

Example: Potential Role for Accounting dept

entitlementCountint32

The number of entitlements in a potential role.

Example: 25

excludedEntitlementsstring[]nullable

The list of entitlement ids to be excluded.

Example: ["07a0b4e2","13b4e2a0"]

freshnessint32

The freshness of a potential role.

Example: 75

identityCountint32

The number of identities in a potential role.

Example: 25

identityDistribution object[]nullable

Identity attribute distribution.

Array [

attributeNamestring

Id of the potential role

Example: department

distributionobject[]

Example: [{"attributeValue":"NM Tier 3","count":6}]

]

identityIdsstring[]

The list of ids in a potential role.

Example: ["07a0b4e2","13b4e2a0"]

namestring

Name of the potential role.

Example: Saved Potential Role - 07/10

provisionStatestringnullable

The provisioning state of a potential role.

Possible values: [POTENTIAL, PENDING, COMPLETE, FAILED, null]

Example: POTENTIAL

qualityint32

The quality of a potential role.

Example: 100

roleIdstringnullable

The roleId of a potential role.

Example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519

savedboolean

The potential role's saved status.

Example: true

session object

idstring

The ID of the role mining session

Example: 9f36f5e5-1e81-4eca-b087-548959d91c71

namestringnullable

The session's saved name

Example: Saved RM Session - 07/10

minNumIdentitiesInPotentialRoleint32nullable

Minimum number of identities in a potential role

Example: 20

pruneThresholdint32nullable

The prune threshold to be used or null to calculate prescribedPruneThreshold

Example: 5

savedboolean

The session's saved status

Default value: true

Example: true

scope object

The scope of identities for this role mining session

identityIdsstring[]

The list of identities for this role mining session.

Example: ["2c918090761a5aac0176215c46a62d58","2c918090761a5aac01722015c46a62d42"]

criteriastringnullable

The "search" criteria that produces the list of identities for this role mining session.

Example: source.name:DataScienceDataset

attributeFilterCriteriaobject[]nullable

The filter criteria for this role mining session.

Example: {"displayName":{"untranslated":"Location: Miami"},"ariaLabel":{"untranslated":"Location: Miami"},"data":{"displayName":{"translateKey":"IDN.IDENTITY_ATTRIBUTES.LOCATION"},"name":"location","operator":"EQUALS","values":["Miami"]}}

typestring

Role mining potential type

Possible values: [SPECIALIZED, COMMON]

Example: SPECIALIZED

statestring

Role mining session state

Possible values: [CREATED, UPDATED, IDENTITIES_OBTAINED, PRUNE_THRESHOLD_OBTAINED, POTENTIAL_ROLES_PROCESSING, POTENTIAL_ROLES_CREATED]

Example: CREATED

scopingMethodstring

The scoping method used in the current role mining session.

Possible values: [MANUAL, AUTO_RM]

Example: MANUAL

typestring

Role type

Possible values: [SPECIALIZED, COMMON]

Example: SPECIALIZED

idstring

Id of the potential role

Example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923

createdDatedate-time

The date-time when this potential role was created.

modifiedDatedate-time

The date-time when this potential role was modified.

Example (auto)

{
  "createdBy": {
    "id": "2c918090761a5aac0176215c46a62d58",
    "displayName": "Ashley.Pierce"
  },
  "density": 75,
  "description": "Potential Role for Accounting dept",
  "entitlementCount": 25,
  "excludedEntitlements": [
    "07a0b4e2",
    "13b4e2a0"
  ],
  "freshness": 75,
  "identityCount": 25,
  "identityDistribution": [
    {
      "attributeName": "department",
      "distribution": [
        {
          "attributeValue": "NM Tier 3",
          "count": 6
        }
      ]
    }
  ],
  "identityIds": [
    "07a0b4e2",
    "13b4e2a0"
  ],
  "name": "Saved Potential Role - 07/10",
  "provisionState": "POTENTIAL",
  "quality": 100,
  "roleId": "07a0b4e2-7a76-44fa-bd0b-c64654b66519",
  "saved": true,
  "session": {
    "id": "9f36f5e5-1e81-4eca-b087-548959d91c71",
    "name": "Saved RM Session - 07/10",
    "minNumIdentitiesInPotentialRole": 20,
    "pruneThreshold": 5,
    "saved": true,
    "scope": {
      "identityIds": [],
      "criteria": "source.name:DataScienceDataset",
      "attributeFilterCriteria": {
        "displayName": {
          "untranslated": "Location: Miami"
        },
        "ariaLabel": {
          "untranslated": "Location: Miami"
        },
        "data": {
          "displayName": {
            "translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION"
          },
          "name": "location",
          "operator": "EQUALS",
          "values": [
            "Miami"
          ]
        }
      }
    },
    "type": "SPECIALIZED",
    "state": "CREATED",
    "scopingMethod": "MANUAL"
  },
  "type": "SPECIALIZED",
  "id": "e0cc5d7d-bf7f-4f81-b2af-8885b09d9923",
  "createdDate": "2024-07-29T15:51:28.071Z",
  "modifiedDate": "2024-07-29T15:51:28.071Z"
}

400

Client Error - Returned if the request body is invalid.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

401

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema

Schema

error
A message describing the error
Example: JWT validation failed: JWT is expired

Example (auto)

{
  "error": "JWT validation failed: JWT is expired"
}

403

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

403

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

429

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema

Schema

message
A message describing the error
Example: Rate Limit Exceeded

Example (auto)

{
  "message": " Rate Limit Exceeded "
}

500

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

500

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Authorization: oauth2

type: Personal Access Token
scopes: sp:scopes:all

• go
• powershell
  SailPoint SDK
• python
  SailPoint SDK
• csharp
• curl
• dart
• http
• java
• javascript
• kotlin
• c
• nodejs
• objective-c
• ocaml
• php
• r
• ruby
• rust
• shell
• swift

• NATIVE

package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "https://sailpoint.api.identitynow.com/v2025/role-mining-sessions/:sessionId/potential-role-summaries/:potentialRoleId"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Accept", "application/json")
  req.Header.Add("Authorization", "Bearer <TOKEN>")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

Request Collapse all

Base URL

https://sailpoint.api.identitynow.com/v2025

Auth

Bearer Token

Parameters

sessionId — pathrequired

potentialRoleId — pathrequired

X-SailPoint-Experimental — headerrequired

ResponseClear

Click the Send API Request button above and see the response here!