sailpoint.beta.SegmentsApi
Use this API to implement and customize access request segment functionality. With this functionality in place, administrators can create and manage access request segments. Segments provide organizations with a way to make the access their users have even more granular - this can simply the access request process for the organization's users and improves security by reducing the risk of overprovisoning access.
Segments represent sets of identities, all grouped by specified identity attributes, who are only able to see and access the access items associated with their segments. For example, administrators could group all their organization's London office employees into one segment, "London Office Employees," by their shared location. The administrators could then define the access items the London employees would need, and the identities in the "London Office Employees" would then only be able to see and access those items.
In Identity Security Cloud, administrators can use the 'Access' drop-down menu and select 'Segments' to reach the 'Access Requests Segments' page. This page lists all the existing access request segments, along with their statuses, enabled or disabled. Administrators can use this page to create, edit, enable, disable, and delete segments. To create a segment, an administrator must provide a name, define the identities grouped in the segment, and define the items the identities in the segment can access. These items can be access profiles, roles, or entitlements.
When administrators use the API to create and manage segments, they use a JSON expression in the `visibilityCriteria` object to define the segment's identities and access items.
Refer to Managing Access Request Segments for more information about segments in Identity Security Cloud.
All URIs are relative to https://sailpoint.api.identitynow.com/beta
Method | HTTP request | Description |
---|---|---|
create-segment | POST /segments | Create Segment |
delete-segment | DELETE /segments/{id} | Delete Segment by ID |
get-segment | GET /segments/{id} | Get Segment by ID |
list-segments | GET /segments | List Segments |
patch-segment | PATCH /segments/{id} | Update Segment |
create-segment
Create Segment This API creates a segment.
Note: Segment definitions may take time to propagate to all identities. A token with ORG_ADMIN or API authority is required to call this API.
Parameters
Param Type | Name | Data Type | Required | Description |
---|---|---|---|---|
Body | segment | Segment | True |
Return type
Responses
Code | Description | Data Type | Response headers |
---|---|---|---|
201 | Segment created | Segment | - |
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.segment import Segment
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
segment = '''{
"owner" : {
"name" : "support",
"id" : "2c9180a46faadee4016fb4e018c20639",
"type" : "IDENTITY"
},
"created" : "2020-01-01T00:00:00Z",
"visibilityCriteria" : {
"expression" : {
"children" : [ ],
"attribute" : "location",
"value" : {
"type" : "STRING",
"value" : "Austin"
},
"operator" : "EQUALS"
}
},
"name" : "segment-xyz",
"modified" : "2020-01-01T00:00:00Z",
"description" : "This segment represents xyz",
"active" : true,
"id" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde"
}''' # Segment |
try:
# Create Segment
new_segment = Segment.from_json(segment)
results = SegmentsApi(api_client).create_segment(segment=new_segment)
# Below is a request that includes all optional parameters
# results = SegmentsApi(api_client).create_segment(new_segment)
print("The response of SegmentsApi->create_segment:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling SegmentsApi->create_segment: %s\n" % e)
delete-segment
Delete Segment by ID This API deletes the segment specified by the given ID.
Note: Segment deletion may take some time to go into effect. A token with ORG_ADMIN or API authority is required to call this API.
Parameters
Param Type | Name | Data Type | Required | Description |
---|---|---|---|---|
Path | id | str | True | The segment ID to delete. |
Return type
(empty response body)
Responses
Code | Description | Data Type | Response headers |
---|---|---|---|
204 | No content. | - | |
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The segment ID to delete. # str | The segment ID to delete.
try:
# Delete Segment by ID
SegmentsApi(api_client).delete_segment(id=id)
# Below is a request that includes all optional parameters
# SegmentsApi(api_client).delete_segment(id)
except Exception as e:
print("Exception when calling SegmentsApi->delete_segment: %s\n" % e)
get-segment
Get Segment by ID This API returns the segment specified by the given ID. A token with ORG_ADMIN or API authority is required to call this API.
Parameters
Param Type | Name | Data Type | Required | Description |
---|---|---|---|---|
Path | id | str | True | The segment ID to retrieve. |
Return type
Responses
Code | Description | Data Type | Response headers |
---|---|---|---|
200 | Segment | Segment | - |
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.segment import Segment
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The segment ID to retrieve. # str | The segment ID to retrieve.
try:
# Get Segment by ID
results = SegmentsApi(api_client).get_segment(id=id)
# Below is a request that includes all optional parameters
# results = SegmentsApi(api_client).get_segment(id)
print("The response of SegmentsApi->get_segment:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling SegmentsApi->get_segment: %s\n" % e)
list-segments
List Segments This API returns a list of all segments. A token with ORG_ADMIN or API authority is required to call this API.
Parameters
Param Type | Name | Data Type | Required | Description |
---|---|---|---|---|
Query | limit | int | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
Query | offset | int | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
Query | count | bool | (optional) (default to False) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
Responses
Code | Description | Data Type | Response headers |
---|---|---|---|
200 | List of all segments | List[Segment] | - |
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.segment import Segment
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
limit = 250 # int | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250) # int | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
offset = 0 # int | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0) # int | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
count = False # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to False) # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to False)
try:
# List Segments
results = SegmentsApi(api_client).list_segments()
# Below is a request that includes all optional parameters
# results = SegmentsApi(api_client).list_segments(limit, offset, count)
print("The response of SegmentsApi->list_segments:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling SegmentsApi->list_segments: %s\n" % e)
patch-segment
Update Segment Use this API to update segment fields by using the JSON Patch standard.
Note: Changes to a segment may take some time to propagate to all identities. A token with ORG_ADMIN or API authority is required to call this API.
Parameters
Param Type | Name | Data Type | Required | Description |
---|---|---|---|---|
Path | id | str | True | The segment ID to modify. |
Body | request_body | []object | True | A list of segment update operations according to the JSON Patch standard. The following fields are patchable: * name * description * owner * visibilityCriteria * active |
Return type
Responses
Code | Description | Data Type | Response headers |
---|---|---|---|
200 | Indicates the PATCH operation succeeded, and returns the segment's new representation. | Segment | - |
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json-patch+json
- Accept: application/json
Example
from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.segment import Segment
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The segment ID to modify. # str | The segment ID to modify.
request_body = '''[{op=replace, path=/visibilityCriteria, value={expression={operator=AND, children=[{operator=EQUALS, attribute=location, value={type=STRING, value=Philadelphia}}, {operator=EQUALS, attribute=department, value={type=STRING, value=HR}}]}}}]''' # List[object] | A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * owner * visibilityCriteria * active
try:
# Update Segment
new_request_body = RequestBody.from_json(request_body)
results = SegmentsApi(api_client).patch_segment(id=id, request_body=new_request_body)
# Below is a request that includes all optional parameters
# results = SegmentsApi(api_client).patch_segment(id, new_request_body)
print("The response of SegmentsApi->patch_segment:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling SegmentsApi->patch_segment: %s\n" % e)