Delete Access Profile(s)

This API initiates a bulk deletion of one or more Access Profiles.

By default, if any of the indicated Access Profiles are in use, no deletions will be performed and the inUse field of the response indicates the usages that must be removed first. If the request field bestEffortOnly is true, however, usages are reported in the inUse response field but all other indicated Access Profiles will be deleted.

A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to delete Access Profiles which are associated with Sources they are able to administer.

application/json

Request Body required

• accessProfileIds string[]

  List of IDs of Access Profiles to be deleted.

• bestEffortOnly boolean

  If true, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If false, no deletions will be attempted if any of the Access Profiles are in use.

Responses

• 200
• 202
• 400
• 401
• 403
• 429
• 500

---

Returned only if bestEffortOnly is false, and one or more Access Profiles are in use.

application/json

• Schema
• Example (from schema)
• Example

---

Schema

• taskId string

  ID of the task which is executing the bulk deletion. This can be passed to the /task-status API to track status.

• pending string[]

  List of IDs of Access Profiles which are pending deletion.

• inUse object[]

  List of usages of Access Profiles targeted for deletion.

  accessProfileId string

  ID of the Access Profile that is in use

  usedBy object[]

  List of references to objects which are using the indicated Access Profile

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  DTO type

  id string

  ID of the object to which this reference applies

  name string

  Human-readable display name of the object to which this reference applies

{
  "taskId": "2c9180867817ac4d017817c491119a20",
  "pending": [
    "2c91808876438bbb017668c21919ecca",
    "2c91808876438bb201766e129f151816"
  ],
  "inUse": [
    {
      "accessProfileId": "2c91808876438bbb017668c21919ecca",
      "usedBy": [
        {
          "type": "IDENTITY",
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "William Wilson"
        }
      ]
    }
  ]
}

{
  "pending": [],
  "inUse": [
    {
      "accessProfileId": "2c91808876438ba801766e129f151816",
      "usages": [
        {
          "type": "Role",
          "id": "2c9180887643764201766e9f6e121518"
        }
      ]
    }
  ]
}

Returned if at least one deletion will be performed.

application/json

• Schema
• Example (from schema)
• Example

---

Schema

• taskId string

  ID of the task which is executing the bulk deletion. This can be passed to the /task-status API to track status.

• pending string[]

  List of IDs of Access Profiles which are pending deletion.

• inUse object[]

  List of usages of Access Profiles targeted for deletion.

  accessProfileId string

  ID of the Access Profile that is in use

  usedBy object[]

  List of references to objects which are using the indicated Access Profile

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  DTO type

  id string

  ID of the object to which this reference applies

  name string

  Human-readable display name of the object to which this reference applies

{
  "taskId": "2c9180867817ac4d017817c491119a20",
  "pending": [
    "2c91808876438bbb017668c21919ecca",
    "2c91808876438bb201766e129f151816"
  ],
  "inUse": [
    {
      "accessProfileId": "2c91808876438bbb017668c21919ecca",
      "usedBy": [
        {
          "type": "IDENTITY",
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "William Wilson"
        }
      ]
    }
  ]
}

{
  "taskId": "2c91808a7813090a01781412a1119a20",
  "pending": [
    "2c91808a7813090a017813fe1919ecca"
  ],
  "inUse": [
    {
      "accessProfileId": "2c91808876438ba801766e129f151816",
      "usages": [
        {
          "type": "Role",
          "id": "2c9180887643764201766e9f6e121518"
        }
      ]
    }
  ]
}

Client Error - Returned if the request body is invalid.

application/json

• Schema
• Example (from schema)

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

• Schema
• Example (from schema)

---

Schema

• error

  A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

• Schema
• Example (from schema)
• 403

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

• Schema
• Example (from schema)

---

Schema

• message

  A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

• Schema
• Example (from schema)
• 500

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Loading...