Edit entitlements for a potential role to exclude some entitlements​
This endpoint adds or removes entitlements from an exclusion list for a potential role.
Path Parameters
- sessionId string required
The role mining session id
Example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - potentialRoleId string required
A potential role id in a role mining session
Example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- application/json
Request Body required
Role mining session parameters
- ids string[]
The list of entitlement ids to be edited
- exclude boolean
If true, add ids to be exclusion list. If false, remove ids from the exclusion list.
- 201
- 400
- 401
- 403
- 500
Adds or removes entitlements from a potential role's entitlement exclusion list.
- application/json
- Schema
- Example (from schema)
Schema
createdBy object
The session created by details.
id stringID of the creator
displayName stringThe display name of the creator
- density int32
The density of a potential role.
- description string
The description of a potential role.
- entitlementCount int32
The number of entitlements in a potential role.
- excludedEntitlements string[]
The list of entitlement ids to be excluded.
- freshness int32
The freshness of a potential role.
- identityCount int32
The number of identities in a potential role.
identityDistribution object[]
Identity attribute distribution.
attributeName stringId of the potential role
distribution object[]- identityIds string[]
The list of ids in a potential role.
- name string
Name of the potential role.
- provisionState string
Possible values: [
POTENTIAL,PENDING,COMPLETE,FAILED]The provisioning state of a potential role.
- quality int32
The quality of a potential role.
- roleId string
The roleId of a potential role.
- saved boolean
The potential role's saved status.
session object
The session parameters of the potential role.
minNumIdentitiesInPotentialRole int32Minimum number of identities in a potential role
name stringThe session's saved name
pruneThreshold int32The prune threshold to be used or null to calculate prescribedPruneThreshold
saved booleanThe session's saved status
scope object
The scope of identities for this role mining session
identityIds string[]The list of identities for this role mining session.
criteria stringThe "search" criteria that produces the list of identities for this role mining session.
attributeFilterCriteria object[]The filter criteria for this role mining session.
type stringPossible values: [
SPECIALIZED,COMMON]Role mining potential type
- type string
Possible values: [
SPECIALIZED,COMMON]Role mining potential type.
{
"createdBy": {
"id": "2c918090761a5aac0176215c46a62d58",
"displayName": "Ashley.Pierce"
},
"density": 75,
"description": "Potential Role for Accounting dept",
"entitlementCount": 25,
"excludedEntitlements": [
"07a0b4e2",
"13b4e2a0"
],
"freshness": 75,
"identityCount": 25,
"identityDistribution": [
{
"attributeName": "department",
"distribution": [
{
"attributeValue": "NM Tier 3",
"count": 6
}
]
}
],
"identityIds": [
"07a0b4e2",
"13b4e2a0"
],
"name": "Saved Potential Role - 07/10",
"provisionState": "POTENTIAL",
"quality": 100,
"roleId": "07a0b4e2-7a76-44fa-bd0b-c64654b66519",
"saved": true,
"session": {
"minNumIdentitiesInPotentialRole": 20,
"name": "Saved RM Session - 07/10",
"pruneThreshold": 5,
"saved": true,
"scope": {
"identityIds": [],
"criteria": "source.name:DataScienceDataset",
"attributeFilterCriteria": {
"displayName": {
"untranslated": "Location: Miami"
},
"ariaLabel": {
"untranslated": "Location: Miami"
},
"data": {
"displayName": {
"translateKey": "IDN.IDENTITY_ATTRIBUTES.LOCATION"
},
"name": "location",
"operator": "EQUALS",
"values": [
"Miami"
]
}
}
},
"type": "SPECIALIZED"
},
"type": "SPECIALIZED"
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
- error
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}