All URIs are relative to https://sailpoint.api.identitynow.com/beta
create-potential-role-provision-request
This method starts a job to provision a potential role
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Query | MinEntitlementPopularity | Int32 | (optional) (default to 0) | Minimum popularity required for an entitlement to be included in the provisioned role. |
| Query | IncludeCommonAccess | Boolean | (optional) (default to $true) | Boolean determining whether common access entitlements will be included in the provisioned role. |
| Body | RoleMiningPotentialRoleProvisionRequest | RoleMiningPotentialRoleProvisionRequest | (optional) | Required information to create a new role |
Return type
RoleMiningPotentialRoleSummary
Responses
| Code | Description | Data Type |
|---|
| 202 | Accepted. Returns a potential role summary including the status of the provison request | RoleMiningPotentialRoleSummary |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$MinEntitlementPopularity = 56
$IncludeCommonAccess = $true
$RoleMiningPotentialRoleProvisionRequest = @"{
"includeIdentities" : true,
"roleName" : "Finance - Accounting",
"ownerId" : "2b568c65bc3c4c57a43bd97e3a8e41",
"roleDescription" : "General access for accounting department",
"directlyAssignedEntitlements" : false
}"@
try {
New-BetaPotentialRoleProvisionRequest -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-BetaPotentialRoleProvisionRequest"
Write-Host $_.ErrorDetails
}
[Back to top]
create-role-mining-sessions
This submits a create role mining session request to the role mining application.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Body | RoleMiningSessionDto | RoleMiningSessionDto | True | Role mining session parameters |
Return type
RoleMiningSessionResponse
Responses
| Code | Description | Data Type |
|---|
| 201 | Submitted a role mining session request | RoleMiningSessionResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$RoleMiningSessionDto = @"{
"emailRecipientId" : "2c918090761a5aac0176215c46a62d58",
"prescribedPruneThreshold" : 10,
"pruneThreshold" : 50,
"saved" : true,
"potentialRolesReadyCount" : 0,
"scope" : {
"identityIds" : [ "2c918090761a5aac0176215c46a62d58", "2c918090761a5aac01722015c46a62d42" ],
"attributeFilterCriteria" : {
"displayName" : {
"untranslated" : "Location: Miami"
},
"ariaLabel" : {
"untranslated" : "Location: Miami"
},
"data" : {
"displayName" : {
"translateKey" : "IDN.IDENTITY_ATTRIBUTES.LOCATION"
},
"name" : "location",
"operator" : "EQUALS",
"values" : [ "Miami" ]
}
},
"criteria" : "source.name:DataScienceDataset"
},
"potentialRoleCount" : 0,
"name" : "Saved RM Session - 07/10",
"minNumIdentitiesInPotentialRole" : 20,
"identityCount" : 0,
"type" : "SPECIALIZED"
}"@
try {
$Result = ConvertFrom-JsonToRoleMiningSessionDto -Json $RoleMiningSessionDto
New-BetaRoleMiningSessions -BetaRoleMiningSessionDto $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-BetaRoleMiningSessions"
Write-Host $_.ErrorDetails
}
[Back to top]
download-role-mining-potential-role-zip
This endpoint downloads a completed export of information for a potential role in a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Path | ExportId | String | True | The id of a previously run export job for this potential role |
Return type
System.IO.FileInfo
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role. | System.IO.FileInfo |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/zip, application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "278359a6-04b7-4669-9468-924cf580964a"
$ExportId = "4940ffd4-836f-48a3-b2b0-6d498c3fdf40"
try {
Invoke-BetaDownloadRoleMiningPotentialRoleZip -SessionId $SessionId -PotentialRoleId $PotentialRoleId -ExportId $ExportId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Invoke-BetaDownloadRoleMiningPotentialRoleZip"
Write-Host $_.ErrorDetails
}
[Back to top]
export-role-mining-potential-role
This endpoint downloads all the information for a potential role in a role mining session. Includes identities and entitlements in the potential role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
Return type
System.IO.FileInfo
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role. | System.IO.FileInfo |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/zip, application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
try {
Export-BetaRoleMiningPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Export-BetaRoleMiningPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
export-role-mining-potential-role-async
This endpoint uploads all the information for a potential role in a role mining session to S3 as a downloadable zip archive. Includes identities and entitlements in the potential role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Body | RoleMiningPotentialRoleExportRequest | RoleMiningPotentialRoleExportRequest | (optional) | |
Return type
RoleMiningPotentialRoleExportResponse
Responses
| Code | Description | Data Type |
|---|
| 202 | Job Submitted. Returns a reportId that can be used to download the zip once complete | RoleMiningPotentialRoleExportResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "278359a6-04b7-4669-9468-924cf580964a"
$RoleMiningPotentialRoleExportRequest = @"{
"minEntitlementPopularity" : 0,
"includeCommonAccess" : true
}"@
try {
Export-BetaRoleMiningPotentialRoleAsync -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Export-BetaRoleMiningPotentialRoleAsync"
Write-Host $_.ErrorDetails
}
[Back to top]
export-role-mining-potential-role-status
This endpoint retrieves information about the current status of a potential role export.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Path | ExportId | String | True | The id of a previously run export job for this potential role |
Return type
RoleMiningPotentialRoleExportResponse
Responses
| Code | Description | Data Type |
|---|
| 200 | Success. Returns the current status of this export | RoleMiningPotentialRoleExportResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "278359a6-04b7-4669-9468-924cf580964a"
$ExportId = "4940ffd4-836f-48a3-b2b0-6d498c3fdf40"
try {
Export-BetaRoleMiningPotentialRoleStatus -SessionId $SessionId -PotentialRoleId $PotentialRoleId -ExportId $ExportId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Export-BetaRoleMiningPotentialRoleStatus"
Write-Host $_.ErrorDetails
}
[Back to top]
get-all-potential-role-summaries
Returns all potential role summaries that match the query parameters
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdDate, identityCount, entitlementCount, freshness, quality |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: createdById: eq, sw, co createdByName: eq, sw, co description: sw, co endDate: le, lt freshness: eq, ge, gt, le, lt name: eq, sw, co, ge, gt, le, lt quality: eq, ge, gt, le, lt startDate: ge, gt saved: eq type: eq, ge, gt, le, lt scopingMethod: eq sessionState: eq identityAttribute: co |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleSummary[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns all potential role summaries that match the query parameters. | RoleMiningPotentialRoleSummary[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$Sorters = "createdDate"
$Filters = '(createdByName co "int") and (createdById sw "2c9180907") and (type eq "COMMON") and ((name co "entt") or (saved eq true))'
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaAllPotentialRoleSummaries
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaAllPotentialRoleSummaries"
Write-Host $_.ErrorDetails
}
[Back to top]
get-entitlement-distribution-potential-role
This method returns entitlement popularity distribution for a potential role in a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Query | IncludeCommonAccess | Boolean | (optional) | Boolean determining whether common access entitlements will be included or not |
Return type
System.Collections.Hashtable
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a map containing entitlement popularity distribution for a potential role. | System.Collections.Hashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$IncludeCommonAccess = $true
try {
Get-BetaEntitlementDistributionPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaEntitlementDistributionPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
get-entitlements-potential-role
This method returns entitlements for a potential role in a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Query | IncludeCommonAccess | Boolean | (optional) (default to $true) | Boolean determining whether common access entitlements will be included or not |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: popularity, entitlementName, applicationName The default sort is popularity in descending order. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: sw entitlementRef.name: sw |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningEntitlement[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of entitlements for a potential role. | RoleMiningEntitlement[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$IncludeCommonAccess = $true
$Sorters = "popularity"
$Filters = 'applicationName sw "AD"'
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaEntitlementsPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaEntitlementsPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
get-excluded-entitlements-potential-role
This method returns excluded entitlements for a potential role in a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: popularity |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: sw entitlementRef.name: sw |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningEntitlement[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of excluded entitlements for a potential roles. | RoleMiningEntitlement[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$Sorters = "populariity"
$Filters = 'applicationName sw "AD"'
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaExcludedEntitlementsPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaExcludedEntitlementsPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
get-identities-potential-role
This method returns identities for a potential role in a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: name |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: name: sw |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningIdentity[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of identities for a potential role. | RoleMiningIdentity[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$Sorters = "name"
$Filters = 'MyFilters'
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaIdentitiesPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaIdentitiesPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
get-potential-role
This method returns a specific potential role for a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
Return type
RoleMiningPotentialRole
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of potential roles for a role mining session. | RoleMiningPotentialRole |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
try {
Get-BetaPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
get-potential-role-applications
This method returns the applications of a potential role for a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: applicationName: sw |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleApplication[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of potential roles for a role mining session. | RoleMiningPotentialRoleApplication[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "62f28d91-7d9f-4d17-be15-666d5b41d77f"
$Filters = 'applicationName sw "test"'
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaPotentialRoleApplications -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaPotentialRoleApplications"
Write-Host $_.ErrorDetails
}
[Back to top]
get-potential-role-entitlements
This method returns the entitlements of a potential role for a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: entitlementRef.name: sw |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleEntitlements[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns the entitlements of a potential role for a role mining session. | RoleMiningPotentialRoleEntitlements[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "62f28d91-7d9f-4d17-be15-666d5b41d77f"
$Filters = 'entitlementRef.name sw "test"'
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaPotentialRoleEntitlements -SessionId $SessionId -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaPotentialRoleEntitlements"
Write-Host $_.ErrorDetails
}
[Back to top]
get-potential-role-source-identity-usage
This method returns source usageCount (as number of days in the last 90 days) for each identity in a potential role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | PotentialRoleId | String | True | A potential role id |
| Path | SourceId | String | True | A source id |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: displayName, email, usageCount |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleSourceUsage[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of source usage for the identities in a potential role. | RoleMiningPotentialRoleSourceUsage[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$PotentialRoleId = "e0cc5d7d-bf7f-4f81-b2af-8885b09d9923"
$SourceId = "2c9180877620c1460176267f336a106f"
$Sorters = "-usageCount"
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaPotentialRoleSourceIdentityUsage -PotentialRoleId $PotentialRoleId -SourceId $SourceId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaPotentialRoleSourceIdentityUsage"
Write-Host $_.ErrorDetails
}
[Back to top]
get-potential-role-summaries
This method returns the potential role summaries for a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdDate |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: createdById: eq, sw, co createdByName: eq, sw, co description: sw, co endDate: le, lt freshness: eq, ge, gt, le, lt name: eq, sw, co quality: eq, ge, gt, le, lt startDate: ge, gt saved: eq type: eq |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningPotentialRoleSummary[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of potential role summaries for a role mining session. | RoleMiningPotentialRoleSummary[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$Sorters = "createdDate"
$Filters = '(createdByName co "int")and (createdById sw "2c9180907")and (type eq "COMMON")and ((name co "entt")or (saved eq true))'
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaPotentialRoleSummaries -SessionId $SessionId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaPotentialRoleSummaries"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-mining-potential-role
This method returns a specific potential role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | PotentialRoleId | String | True | A potential role id |
Return type
RoleMiningPotentialRole
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of potential roles for a role mining session. | RoleMiningPotentialRole |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
try {
Get-BetaRoleMiningPotentialRole -PotentialRoleId $PotentialRoleId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleMiningPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-mining-session
The method retrieves a role mining session.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id to be retrieved. |
Return type
RoleMiningSessionResponse
Responses
| Code | Description | Data Type |
|---|
| 200 | Returns a role mining session | RoleMiningSessionResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
try {
Get-BetaRoleMiningSession -SessionId $SessionId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleMiningSession"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-mining-session-status
This method returns a role mining session status for a customer.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
Return type
RoleMiningSessionStatus
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns session status | RoleMiningSessionStatus |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
try {
Get-BetaRoleMiningSessionStatus -SessionId $SessionId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleMiningSessionStatus"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-mining-sessions
Returns all role mining sessions that match the query parameters
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: saved: eq name: eq, sw |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: createdBy, createdDate |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningSessionResponse[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns all role mining sessions that match the query parameters. | RoleMiningSessionResponse[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$Filters = 'saved eq "true" and name sw "RM Session"'
$Sorters = "createdBy,createdDate"
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaRoleMiningSessions
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleMiningSessions"
Write-Host $_.ErrorDetails
}
[Back to top]
get-saved-potential-roles
This method returns all saved potential roles (draft roles).
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: modified |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
RoleMiningSessionDraftRoleDto[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of draft roles for a role mining session. | RoleMiningSessionDraftRoleDto[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$Sorters = "modified"
$Offset = 0
$Limit = 250
$Count = $true
try {
Get-BetaSavedPotentialRoles
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaSavedPotentialRoles"
Write-Host $_.ErrorDetails
}
[Back to top]
patch-potential-role
This method updates an existing potential role using the role mining session id and the potential role summary id.
The following fields can be modified:
NOTE: All other fields cannot be modified.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | The potential role summary id |
| Body | PatchPotentialRoleRequestInner | []PatchPotentialRoleRequestInner | True | |
Return type
SystemCollectionsHashtable
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns the potential role summary based on the potentialRoleId provided. | SystemCollectionsHashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PatchPotentialRoleRequestInner = @"[{op=remove, path=/description}, {op=replace, path=/description, value=Acct I - Potential Role}, {op=remove, path=/saved}, {op=replace, path=/saved, value=false}, {op=remove, path=/name}, {op=replace, path=/name, value=Potential Role Accounting}]"@
try {
$Result = ConvertFrom-JsonToPatchPotentialRoleRequestInner -Json $PatchPotentialRoleRequestInner
Update-BetaPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -BetaPatchPotentialRoleRequestInner $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-BetaPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
patch-role-mining-potential-role
This method updates an existing potential role.
The following fields can be modified:
NOTE: All other fields cannot be modified.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | PotentialRoleId | String | True | The potential role summary id |
| Body | PatchPotentialRoleRequestInner | []PatchPotentialRoleRequestInner | True | |
Return type
SystemCollectionsHashtable
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns the potential role summary based on the potentialRoleId provided. | SystemCollectionsHashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PatchPotentialRoleRequestInner = @"[{op=remove, path=/description}, {op=replace, path=/description, value=Acct I - Potential Role}, {op=remove, path=/saved}, {op=replace, path=/saved, value=false}, {op=remove, path=/name}, {op=replace, path=/name, value=Potential Role Accounting}]"@
try {
$Result = ConvertFrom-JsonToPatchPotentialRoleRequestInner -Json $PatchPotentialRoleRequestInner
Update-BetaRoleMiningPotentialRole -PotentialRoleId $PotentialRoleId -BetaPatchPotentialRoleRequestInner $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-BetaRoleMiningPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]
patch-role-mining-session
The method updates an existing role mining session using PATCH. Supports op in replace and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id to be patched |
| Body | JsonPatchOperation | []JsonPatchOperation | True | Replace pruneThreshold and/or minNumIdentitiesInPotentialRole in role mining session. Update saved status or saved name for a role mining session. |
Return type
SystemCollectionsHashtable
Responses
| Code | Description | Data Type |
|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | SystemCollectionsHashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$JsonPatchOperation = @"{
"op" : "replace",
"path" : "/description",
"value" : "New description"
}"@
try {
$Result = ConvertFrom-JsonToJsonPatchOperation -Json $JsonPatchOperation
Update-BetaRoleMiningSession -SessionId $SessionId -BetaJsonPatchOperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-BetaRoleMiningSession"
Write-Host $_.ErrorDetails
}
[Back to top]
update-entitlements-potential-role
This endpoint adds or removes entitlements from an exclusion list for a potential role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | SessionId | String | True | The role mining session id |
| Path | PotentialRoleId | String | True | A potential role id in a role mining session |
| Body | RoleMiningPotentialRoleEditEntitlements | RoleMiningPotentialRoleEditEntitlements | True | Role mining session parameters |
Return type
RoleMiningPotentialRole
Responses
| Code | Description | Data Type |
|---|
| 201 | Adds or removes entitlements from a potential role's entitlement exclusion list. | RoleMiningPotentialRole |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$SessionId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$PotentialRoleId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$RoleMiningPotentialRoleEditEntitlements = @"{
"ids" : [ "entId1", "entId2" ],
"exclude" : true
}"@
try {
$Result = ConvertFrom-JsonToRoleMiningPotentialRoleEditEntitlements -Json $RoleMiningPotentialRoleEditEntitlements
Update-BetaEntitlementsPotentialRole -SessionId $SessionId -PotentialRoleId $PotentialRoleId -BetaRoleMiningPotentialRoleEditEntitlements $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-BetaEntitlementsPotentialRole"
Write-Host $_.ErrorDetails
}
[Back to top]