Skip to main content

AccessModelMetadata

Use this API to create and manage metadata attributes for your Access Model. Access Model Metadata allows you to add contextual information to your ISC Access Model items using pre-defined metadata for risk, regulations, privacy levels, etc., or by creating your own metadata attributes to reflect the unique needs of your organization. This release of the API includes support for entitlement metadata. Support for role and access profile metadata will be introduced in a subsequent release.

Common usages for Access Model metadata include:

  • Organizing and categorizing access items to make it easier for your users to search for and find the access rights they want to request, certify, or manage.

  • Providing richer information about access that is being acted on to allow stakeholders to make better decisions when approving, certifying, or managing access rights.

  • Identifying access that may requires additional approval requirements or be subject to more frequent review.

All URIs are relative to https://sailpoint.api.identitynow.com/v2025

MethodHTTP requestDescription
Get-V2025AccessModelMetadataAttributeGET /access-model-metadata/attributes/{key}Get access model metadata attribute
Get-V2025AccessModelMetadataAttributeValueGET /access-model-metadata/attributes/{key}/values/{value}Get access model metadata value
Get-V2025AccessModelMetadataAttributeGET /access-model-metadata/attributesList access model metadata attributes
Get-V2025AccessModelMetadataAttributeValueGET /access-model-metadata/attributes/{key}/valuesList access model metadata values
Update-V2025AccessModelMetadataByFilterPOST /access-model-metadata/bulk-update/filterMetadata Attribute update by filter
Update-V2025AccessModelMetadataByIdsPOST /access-model-metadata/bulk-update/idsMetadata Attribute update by ids
Update-V2025AccessModelMetadataByQueryPOST /access-model-metadata/bulk-update/queryMetadata Attribute update by query

get-access-model-metadata-attribute

Get single Access Model Metadata Attribute

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
PathKeyStringTrueTechnical name of the Attribute.

Return type

AttributeDTO

Responses

CodeDescriptionData Type
200OKAttributeDTO
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessProfiles401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessProfiles429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

$Key = "iscPrivacy" # String | Technical name of the Attribute.

# Get access model metadata attribute

try {
Get-V2025AccessModelMetadataAttribute -Key $Key

# Below is a request that includes all optional parameters
# Get-V2025AccessModelMetadataAttribute -Key $Key
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025AccessModelMetadataAttribute"
Write-Host $_.ErrorDetails
}

[Back to top]

get-access-model-metadata-attribute-value

Get single Access Model Metadata Attribute Value

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
PathKeyStringTrueTechnical name of the Attribute.
PathValueStringTrueTechnical name of the Attribute value.

Return type

AttributeValueDTO

Responses

CodeDescriptionData Type
200OKAttributeValueDTO
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessProfiles401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessProfiles429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

$Key = "iscPrivacy" # String | Technical name of the Attribute.
$Value = "public" # String | Technical name of the Attribute value.

# Get access model metadata value

try {
Get-V2025AccessModelMetadataAttributeValue -Key $Key -Value $Value

# Below is a request that includes all optional parameters
# Get-V2025AccessModelMetadataAttributeValue -Key $Key -Value $Value
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025AccessModelMetadataAttributeValue"
Write-Host $_.ErrorDetails
}

[Back to top]

list-access-model-metadata-attribute

Get a list of Access Model Metadata Attributes

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
QueryFiltersString(optional)Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: key: eq name: eq type: eq status: eq objectTypes: eq Supported composite operators: and
QuerySortersString(optional)Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: name, key
QueryOffsetInt32(optional) (default to 0)Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
QueryLimitInt32(optional) (default to 250)Max number of results to return. See V3 API Standard Collection Parameters for more information.
QueryCountBoolean(optional) (default to $false)If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.

Return type

AttributeDTO[]

Responses

CodeDescriptionData Type
200OKAttributeDTO[]
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessProfiles401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessProfiles429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

$Filters = 'name eq "Privacy"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **key**: *eq*  **name**: *eq*  **type**: *eq*  **status**: *eq*  **objectTypes**: *eq*  **Supported composite operators**: *and* (optional)
$Sorters = "name,-key" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, key** (optional)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)

# List access model metadata attributes

try {
Get-V2025AccessModelMetadataAttribute

# Below is a request that includes all optional parameters
# Get-V2025AccessModelMetadataAttribute -Filters $Filters -Sorters $Sorters -Offset $Offset -Limit $Limit -Count $Count
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025AccessModelMetadataAttribute"
Write-Host $_.ErrorDetails
}

[Back to top]

list-access-model-metadata-attribute-value

Get a list of Access Model Metadata Attribute Values

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
PathKeyStringTrueTechnical name of the Attribute.
QueryOffsetInt32(optional) (default to 0)Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
QueryLimitInt32(optional) (default to 250)Max number of results to return. See V3 API Standard Collection Parameters for more information.
QueryCountBoolean(optional) (default to $false)If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.

Return type

AttributeValueDTO[]

Responses

CodeDescriptionData Type
200OKAttributeValueDTO[]
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessProfiles401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessProfiles429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

$Key = "iscPrivacy" # String | Technical name of the Attribute.
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)

# List access model metadata values

try {
Get-V2025AccessModelMetadataAttributeValue -Key $Key

# Below is a request that includes all optional parameters
# Get-V2025AccessModelMetadataAttributeValue -Key $Key -Offset $Offset -Limit $Limit -Count $Count
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025AccessModelMetadataAttributeValue"
Write-Host $_.ErrorDetails
}

[Back to top]

update-access-model-metadata-by-filter

Bulk update Access Model Metadata Attribute Values using a filter

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodyEntitlementAttributeBulkUpdateFilterRequestEntitlementAttributeBulkUpdateFilterRequestTrueAttribute metadata bulk update request body.

Return type

AccessModelMetadataBulkUpdateResponse

Responses

CodeDescriptionData Type
200OKAccessModelMetadataBulkUpdateResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessProfiles401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessProfiles429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$EntitlementAttributeBulkUpdateFilterRequest = @"{
"values" : [ {
"attribute" : "iscFederalClassifications",
"values" : [ "topSecret" ]
} ],
"filters" : "id eq 2c9180867817ac4d017817c491119a20",
"replaceScope" : "attribute",
"operation" : "add"
}"@

# Metadata Attribute update by filter

try {
$Result = ConvertFrom-JsonToEntitlementAttributeBulkUpdateFilterRequest -Json $EntitlementAttributeBulkUpdateFilterRequest
Update-V2025AccessModelMetadataByFilter -EntitlementAttributeBulkUpdateFilterRequest $Result

# Below is a request that includes all optional parameters
# Update-V2025AccessModelMetadataByFilter -EntitlementAttributeBulkUpdateFilterRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2025AccessModelMetadataByFilter"
Write-Host $_.ErrorDetails
}

[Back to top]

update-access-model-metadata-by-ids

Bulk update Access Model Metadata Attribute Values using ids.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodyEntitlementAttributeBulkUpdateIdsRequestEntitlementAttributeBulkUpdateIdsRequestTrueAttribute metadata bulk update request body.

Return type

AccessModelMetadataBulkUpdateResponse

Responses

CodeDescriptionData Type
200OKAccessModelMetadataBulkUpdateResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessProfiles401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessProfiles429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$EntitlementAttributeBulkUpdateIdsRequest = @"{
"entitlements" : [ "2c9180867817ac4d017817c491119a20", "2c9180867817ac4d017817c491119a21" ],
"values" : [ {
"attribute" : "iscFederalClassifications",
"values" : [ "topSecret" ]
} ],
"replaceScope" : "attribute",
"operation" : "add"
}"@

# Metadata Attribute update by ids

try {
$Result = ConvertFrom-JsonToEntitlementAttributeBulkUpdateIdsRequest -Json $EntitlementAttributeBulkUpdateIdsRequest
Update-V2025AccessModelMetadataByIds -EntitlementAttributeBulkUpdateIdsRequest $Result

# Below is a request that includes all optional parameters
# Update-V2025AccessModelMetadataByIds -EntitlementAttributeBulkUpdateIdsRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2025AccessModelMetadataByIds"
Write-Host $_.ErrorDetails
}

[Back to top]

update-access-model-metadata-by-query

Bulk update Access Model Metadata Attribute Values using a query

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodyEntitlementAttributeBulkUpdateQueryRequestEntitlementAttributeBulkUpdateQueryRequestTrueAttribute metadata bulk update request body.

Return type

AccessModelMetadataBulkUpdateResponse

Responses

CodeDescriptionData Type
200OKAccessModelMetadataBulkUpdateResponse
400Client Error - Returned if the request body is invalid.ErrorResponseDto
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessProfiles401Response
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessProfiles429Response
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

$EntitlementAttributeBulkUpdateQueryRequest = @"{
"query" : {
"queryDsl" : {
"match" : {
"name" : "john.doe"
}
},
"aggregationType" : "DSL",
"aggregationsVersion" : "",
"query" : {
"query" : "name:a*",
"timeZone" : "America/Chicago",
"fields" : "[firstName,lastName,email]",
"innerHit" : {
"query" : "source.name:\\\"Active Directory\\\"",
"type" : "access"
}
},
"aggregationsDsl" : { },
"sort" : [ "displayName", "+id" ],
"filters" : { },
"queryVersion" : "",
"queryType" : "SAILPOINT",
"includeNested" : true,
"queryResultFilter" : {
"excludes" : [ "stacktrace" ],
"includes" : [ "name", "displayName" ]
},
"indices" : [ "identities" ],
"typeAheadQuery" : {
"field" : "source.name",
"size" : 100,
"query" : "Work",
"sortByValue" : true,
"nestedType" : "access",
"sort" : "asc",
"maxExpansions" : 10
},
"textQuery" : {
"contains" : true,
"terms" : [ "The quick brown fox", "3141592", "7" ],
"matchAny" : false,
"fields" : [ "displayName", "employeeNumber", "roleCount" ]
},
"searchAfter" : [ "John Doe", "2c91808375d8e80a0175e1f88a575221" ],
"aggregations" : {
"filter" : {
"field" : "access.type",
"name" : "Entitlements",
"type" : "TERM",
"value" : "ENTITLEMENT"
},
"bucket" : {
"field" : "attributes.city",
"size" : 100,
"minDocCount" : 2,
"name" : "Identity Locations",
"type" : "TERMS"
},
"metric" : {
"field" : "@access.name",
"name" : "Access Name Count",
"type" : "COUNT"
},
"subAggregation" : {
"filter" : {
"field" : "access.type",
"name" : "Entitlements",
"type" : "TERM",
"value" : "ENTITLEMENT"
},
"bucket" : {
"field" : "attributes.city",
"size" : 100,
"minDocCount" : 2,
"name" : "Identity Locations",
"type" : "TERMS"
},
"metric" : {
"field" : "@access.name",
"name" : "Access Name Count",
"type" : "COUNT"
},
"subAggregation" : {
"filter" : {
"field" : "access.type",
"name" : "Entitlements",
"type" : "TERM",
"value" : "ENTITLEMENT"
},
"bucket" : {
"field" : "attributes.city",
"size" : 100,
"minDocCount" : 2,
"name" : "Identity Locations",
"type" : "TERMS"
},
"metric" : {
"field" : "@access.name",
"name" : "Access Name Count",
"type" : "COUNT"
},
"nested" : {
"name" : "id",
"type" : "access"
}
},
"nested" : {
"name" : "id",
"type" : "access"
}
},
"nested" : {
"name" : "id",
"type" : "access"
}
}
},
"values" : [ {
"attribute" : "iscFederalClassifications",
"values" : [ "topSecret" ]
} ],
"replaceScope" : "attribute",
"operation" : "add"
}"@

# Metadata Attribute update by query

try {
$Result = ConvertFrom-JsonToEntitlementAttributeBulkUpdateQueryRequest -Json $EntitlementAttributeBulkUpdateQueryRequest
Update-V2025AccessModelMetadataByQuery -EntitlementAttributeBulkUpdateQueryRequest $Result

# Below is a request that includes all optional parameters
# Update-V2025AccessModelMetadataByQuery -EntitlementAttributeBulkUpdateQueryRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2025AccessModelMetadataByQuery"
Write-Host $_.ErrorDetails
}

[Back to top]