AccessModelMetadata
Use this API to create and manage metadata attributes for your Access Model. Access Model Metadata allows you to add contextual information to your ISC Access Model items using pre-defined metadata for risk, regulations, privacy levels, etc., or by creating your own metadata attributes to reflect the unique needs of your organization. This release of the API includes support for entitlement metadata. Support for role and access profile metadata will be introduced in a subsequent release.
Common usages for Access Model metadata include:
-
Organizing and categorizing access items to make it easier for your users to search for and find the access rights they want to request, certify, or manage.
-
Providing richer information about access that is being acted on to allow stakeholders to make better decisions when approving, certifying, or managing access rights.
-
Identifying access that may requires additional approval requirements or be subject to more frequent review.
All URIs are relative to https://sailpoint.api.identitynow.com/v2025
| Method | HTTP request | Description |
|---|---|---|
| Get-V2025AccessModelMetadataAttribute | GET /access-model-metadata/attributes/{key} | Get access model metadata attribute |
| Get-V2025AccessModelMetadataAttributeValue | GET /access-model-metadata/attributes/{key}/values/{value} | Get access model metadata value |
| Get-V2025AccessModelMetadataAttribute | GET /access-model-metadata/attributes | List access model metadata attributes |
| Get-V2025AccessModelMetadataAttributeValue | GET /access-model-metadata/attributes/{key}/values | List access model metadata values |
| Update-V2025AccessModelMetadataByFilter | POST /access-model-metadata/bulk-update/filter | Metadata Attribute update by filter |
| Update-V2025AccessModelMetadataByIds | POST /access-model-metadata/bulk-update/ids | Metadata Attribute update by ids |
| Update-V2025AccessModelMetadataByQuery | POST /access-model-metadata/bulk-update/query | Metadata Attribute update by query |
get-access-model-metadata-attribute
Get single Access Model Metadata Attribute
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Key | String | True | Technical name of the Attribute. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | OK | AttributeDTO |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Key = "iscPrivacy" # String | Technical name of the Attribute.
# Get access model metadata attribute
try {
Get-V2025AccessModelMetadataAttribute -Key $Key
# Below is a request that includes all optional parameters
# Get-V2025AccessModelMetadataAttribute -Key $Key
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025AccessModelMetadataAttribute"
Write-Host $_.ErrorDetails
}
get-access-model-metadata-attribute-value
Get single Access Model Metadata Attribute Value
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Key | String | True | Technical name of the Attribute. |
| Path | Value | String | True | Technical name of the Attribute value. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | OK | AttributeValueDTO |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Key = "iscPrivacy" # String | Technical name of the Attribute.
$Value = "public" # String | Technical name of the Attribute value.
# Get access model metadata value
try {
Get-V2025AccessModelMetadataAttributeValue -Key $Key -Value $Value
# Below is a request that includes all optional parameters
# Get-V2025AccessModelMetadataAttributeValue -Key $Key -Value $Value
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025AccessModelMetadataAttributeValue"
Write-Host $_.ErrorDetails
}
list-access-model-metadata-attribute
Get a list of Access Model Metadata Attributes
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: key: eq name: eq type: eq status: eq objectTypes: eq Supported composite operators: and |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: name, key |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | OK | AttributeDTO[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Filters = 'name eq "Privacy"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **key**: *eq* **name**: *eq* **type**: *eq* **status**: *eq* **objectTypes**: *eq* **Supported composite operators**: *and* (optional)
$Sorters = "name,-key" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, key** (optional)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
# List access model metadata attributes
try {
Get-V2025AccessModelMetadataAttribute
# Below is a request that includes all optional parameters
# Get-V2025AccessModelMetadataAttribute -Filters $Filters -Sorters $Sorters -Offset $Offset -Limit $Limit -Count $Count
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025AccessModelMetadataAttribute"
Write-Host $_.ErrorDetails
}
list-access-model-metadata-attribute-value
Get a list of Access Model Metadata Attribute Values
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Key | String | True | Technical name of the Attribute. |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | OK | AttributeValueDTO[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Key = "iscPrivacy" # String | Technical name of the Attribute.
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
# List access model metadata values
try {
Get-V2025AccessModelMetadataAttributeValue -Key $Key
# Below is a request that includes all optional parameters
# Get-V2025AccessModelMetadataAttributeValue -Key $Key -Offset $Offset -Limit $Limit -Count $Count
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025AccessModelMetadataAttributeValue"
Write-Host $_.ErrorDetails
}
update-access-model-metadata-by-filter
Bulk update Access Model Metadata Attribute Values using a filter
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | EntitlementAttributeBulkUpdateFilterRequest | EntitlementAttributeBulkUpdateFilterRequest | True | Attribute metadata bulk update request body. |
Return type
AccessModelMetadataBulkUpdateResponse
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | OK | AccessModelMetadataBulkUpdateResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$EntitlementAttributeBulkUpdateFilterRequest = @"{
"values" : [ {
"attribute" : "iscFederalClassifications",
"values" : [ "topSecret" ]
} ],
"filters" : "id eq 2c9180867817ac4d017817c491119a20",
"replaceScope" : "attribute",
"operation" : "add"
}"@
# Metadata Attribute update by filter
try {
$Result = ConvertFrom-JsonToEntitlementAttributeBulkUpdateFilterRequest -Json $EntitlementAttributeBulkUpdateFilterRequest
Update-V2025AccessModelMetadataByFilter -EntitlementAttributeBulkUpdateFilterRequest $Result
# Below is a request that includes all optional parameters
# Update-V2025AccessModelMetadataByFilter -EntitlementAttributeBulkUpdateFilterRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2025AccessModelMetadataByFilter"
Write-Host $_.ErrorDetails
}
update-access-model-metadata-by-ids
Bulk update Access Model Metadata Attribute Values using ids.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | EntitlementAttributeBulkUpdateIdsRequest | EntitlementAttributeBulkUpdateIdsRequest | True | Attribute metadata bulk update request body. |
Return type
AccessModelMetadataBulkUpdateResponse
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | OK | AccessModelMetadataBulkUpdateResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$EntitlementAttributeBulkUpdateIdsRequest = @"{
"entitlements" : [ "2c9180867817ac4d017817c491119a20", "2c9180867817ac4d017817c491119a21" ],
"values" : [ {
"attribute" : "iscFederalClassifications",
"values" : [ "topSecret" ]
} ],
"replaceScope" : "attribute",
"operation" : "add"
}"@
# Metadata Attribute update by ids
try {
$Result = ConvertFrom-JsonToEntitlementAttributeBulkUpdateIdsRequest -Json $EntitlementAttributeBulkUpdateIdsRequest
Update-V2025AccessModelMetadataByIds -EntitlementAttributeBulkUpdateIdsRequest $Result
# Below is a request that includes all optional parameters
# Update-V2025AccessModelMetadataByIds -EntitlementAttributeBulkUpdateIdsRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2025AccessModelMetadataByIds"
Write-Host $_.ErrorDetails
}
update-access-model-metadata-by-query
Bulk update Access Model Metadata Attribute Values using a query
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | EntitlementAttributeBulkUpdateQueryRequest | EntitlementAttributeBulkUpdateQueryRequest | True | Attribute metadata bulk update request body. |
Return type
AccessModelMetadataBulkUpdateResponse
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | OK | AccessModelMetadataBulkUpdateResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$EntitlementAttributeBulkUpdateQueryRequest = @"{
"query" : {
"queryDsl" : {
"match" : {
"name" : "john.doe"
}
},
"aggregationType" : "DSL",
"aggregationsVersion" : "",
"query" : {
"query" : "name:a*",
"timeZone" : "America/Chicago",
"fields" : "[firstName,lastName,email]",
"innerHit" : {
"query" : "source.name:\\\"Active Directory\\\"",
"type" : "access"
}
},
"aggregationsDsl" : { },
"sort" : [ "displayName", "+id" ],
"filters" : { },
"queryVersion" : "",
"queryType" : "SAILPOINT",
"includeNested" : true,
"queryResultFilter" : {
"excludes" : [ "stacktrace" ],
"includes" : [ "name", "displayName" ]
},
"indices" : [ "identities" ],
"typeAheadQuery" : {
"field" : "source.name",
"size" : 100,
"query" : "Work",
"sortByValue" : true,
"nestedType" : "access",
"sort" : "asc",
"maxExpansions" : 10
},
"textQuery" : {
"contains" : true,
"terms" : [ "The quick brown fox", "3141592", "7" ],
"matchAny" : false,
"fields" : [ "displayName", "employeeNumber", "roleCount" ]
},
"searchAfter" : [ "John Doe", "2c91808375d8e80a0175e1f88a575221" ],
"aggregations" : {
"filter" : {
"field" : "access.type",
"name" : "Entitlements",
"type" : "TERM",
"value" : "ENTITLEMENT"
},
"bucket" : {
"field" : "attributes.city",
"size" : 100,
"minDocCount" : 2,
"name" : "Identity Locations",
"type" : "TERMS"
},
"metric" : {
"field" : "@access.name",
"name" : "Access Name Count",
"type" : "COUNT"
},
"subAggregation" : {
"filter" : {
"field" : "access.type",
"name" : "Entitlements",
"type" : "TERM",
"value" : "ENTITLEMENT"
},
"bucket" : {
"field" : "attributes.city",
"size" : 100,
"minDocCount" : 2,
"name" : "Identity Locations",
"type" : "TERMS"
},
"metric" : {
"field" : "@access.name",
"name" : "Access Name Count",
"type" : "COUNT"
},
"subAggregation" : {
"filter" : {
"field" : "access.type",
"name" : "Entitlements",
"type" : "TERM",
"value" : "ENTITLEMENT"
},
"bucket" : {
"field" : "attributes.city",
"size" : 100,
"minDocCount" : 2,
"name" : "Identity Locations",
"type" : "TERMS"
},
"metric" : {
"field" : "@access.name",
"name" : "Access Name Count",
"type" : "COUNT"
},
"nested" : {
"name" : "id",
"type" : "access"
}
},
"nested" : {
"name" : "id",
"type" : "access"
}
},
"nested" : {
"name" : "id",
"type" : "access"
}
}
},
"values" : [ {
"attribute" : "iscFederalClassifications",
"values" : [ "topSecret" ]
} ],
"replaceScope" : "attribute",
"operation" : "add"
}"@
# Metadata Attribute update by query
try {
$Result = ConvertFrom-JsonToEntitlementAttributeBulkUpdateQueryRequest -Json $EntitlementAttributeBulkUpdateQueryRequest
Update-V2025AccessModelMetadataByQuery -EntitlementAttributeBulkUpdateQueryRequest $Result
# Below is a request that includes all optional parameters
# Update-V2025AccessModelMetadataByQuery -EntitlementAttributeBulkUpdateQueryRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2025AccessModelMetadataByQuery"
Write-Host $_.ErrorDetails
}