From 403bca0589d13edbc85ff1e51a338c7e24f4fa3f Mon Sep 17 00:00:00 2001 From: GitHub Action Bot Date: Fri, 27 Sep 2024 19:41:13 +0000 Subject: [PATCH] Automated commit 'Moved user levels from description to x-sailpoint-userLevels attribute (#1835) * Moved user levels from description to x-sailpoint-userLevels attribute * Fix double quote' by github action: 11076731321 --- .../paths/access-profile-bulk-delete.yaml | 11 +- ...ccess-profile-bulk-update-requestable.yaml | 8 +- .../paths/access-profile-entitlements.yaml | 8 +- idn/beta/paths/access-profile.yaml | 11 +- idn/beta/paths/role.yaml | 60 +++++--- idn/beta/paths/roles.yaml | 4 +- idn/sailpoint-api.beta.yaml | 2 +- idn/sailpoint-api.v2024.yaml | 24 +++ ...ccess-profile-bulk-update-requestable.yaml | 7 +- idn/v2024/paths/access-request-close.yaml | 5 +- .../paths/account-aggregation-status.yaml | 8 +- idn/v2024/paths/attr-sync-config-source.yaml | 13 +- idn/v2024/paths/connector-rule-validate.yaml | 6 +- idn/v2024/paths/connector-rule.yaml | 32 ++-- idn/v2024/paths/connector-rules.yaml | 22 +-- .../paths/custom-password-instruction.yaml | 18 ++- .../paths/custom-password-instructions.yaml | 9 +- .../paths/ears-entitlement-bulk-update.yaml | 7 +- idn/v2024/paths/ears-entitlement.yaml | 17 +- idn/v2024/paths/ears-source-apps-all.yaml | 7 +- idn/v2024/paths/identities-process.yaml | 10 +- .../identity-profiles-identity-preview.yaml | 11 +- .../identity-synchronize-attributes.yaml | 11 +- idn/v2024/paths/load-accounts.yaml | 8 +- .../paths/native-change-detection-config.yaml | 28 ++-- .../role-bulk-update-filter.yaml | 56 +++++++ .../role-bulk-update-ids.yaml | 41 +++++ .../role-bulk-update-query.yaml | 79 ++++++++++ .../role-bulk-update-status-id.yaml | 50 ++++++ .../role-bulk-update-status.yaml | 32 ++++ .../role-filter.yaml | 143 +++++++++++++++++ .../role-id-access-model-metadata.yaml | 99 ++++++++++++ idn/v2024/paths/role-entitlements.yaml | 26 ++-- ...earchAttributeConfig-get-patch-delete.yaml | 31 ++-- idn/v2024/paths/searchAttributeConfig.yaml | 18 ++- ...integrations-before-provisioning-rule.yaml | 4 +- .../paths/sim-integrations-value-list.yaml | 10 +- idn/v2024/paths/sim-integrations.yaml | 36 +++-- .../source-connector-check-connection.yaml | 7 +- ...ource-connector-peek-resource-objects.yaml | 11 +- .../paths/source-connector-ping-cluster.yaml | 11 +- .../source-connector-test-configuration.yaml | 11 +- .../source-connectors-source-config.yaml | 9 +- .../paths/source-synchronize-attributes.yaml | 9 +- .../sources-entitlement-request-config.yaml | 22 +-- .../paths/ui-metadata/tenant-ui-metadata.yaml | 13 +- .../bulk-delete-workgroup-members.yaml | 10 +- idn/v2024/paths/workgroups/workgroup.yaml | 36 +++-- .../role-metadata/RoleBulkUpdateResponse.yaml | 29 ++++ .../role-metadata/RoleListFilterDTO.yaml | 59 +++++++ ...RoleMetadataBulkUpdateByFilterRequest.yaml | 81 ++++++++++ .../RoleMetadataBulkUpdateByIdRequest.yaml | 66 ++++++++ .../RoleMetadataBulkUpdateByQueryRequest.yaml | 73 +++++++++ idn/v3/paths/access-profile-bulk-delete.yaml | 8 +- idn/v3/paths/access-profile-entitlements.yaml | 145 +++++++++--------- idn/v3/paths/access-profile.yaml | 27 +++- idn/v3/paths/access-profiles.yaml | 20 ++- idn/v3/paths/access-request-cancel.yaml | 4 +- idn/v3/paths/access-request-close.yaml | 6 +- idn/v3/paths/access-request-config.yaml | 4 +- idn/v3/paths/access-request-status.yaml | 6 +- idn/v3/paths/access-requests.yaml | 8 +- idn/v3/paths/account.yaml | 24 ++- idn/v3/paths/accounts-id-disable.yaml | 9 +- idn/v3/paths/accounts-id-enable.yaml | 9 +- idn/v3/paths/accounts-id-entitlements.yaml | 9 +- idn/v3/paths/accounts-id-reload.yaml | 9 +- idn/v3/paths/accounts-id-unlock.yaml | 7 +- idn/v3/paths/accounts.yaml | 13 +- idn/v3/paths/branding.yaml | 19 ++- idn/v3/paths/brandings.yaml | 11 +- idn/v3/paths/bulk-add-tagged-objects.yaml | 13 +- idn/v3/paths/bulk-remove-tagged-objects.yaml | 13 +- idn/v3/paths/campaign-activate.yaml | 5 +- .../paths/campaign-admin-cert-reassign.yaml | 7 +- idn/v3/paths/campaign-complete.yaml | 5 +- .../paths/campaign-reports-configuration.yaml | 12 +- idn/v3/paths/campaign-reports.yaml | 6 +- .../paths/campaign-run-remediation-scan.yaml | 6 +- idn/v3/paths/campaign-run-report.yaml | 6 +- idn/v3/paths/campaign-template-generate.yaml | 5 +- idn/v3/paths/campaign-template-schedule.yaml | 15 +- idn/v3/paths/campaign-template.yaml | 15 +- idn/v3/paths/campaign-templates.yaml | 10 +- idn/v3/paths/campaign.yaml | 10 +- idn/v3/paths/campaigns-delete.yaml | 5 +- idn/v3/paths/campaigns.yaml | 13 +- idn/v3/paths/certification-task.yaml | 6 +- .../paths/certifications-reassign-async.yaml | 6 +- idn/v3/paths/certifications-reviewers.yaml | 6 +- idn/v3/paths/connector.yaml | 13 +- .../paths/connectors-correlation-config.yaml | 14 +- idn/v3/paths/connectors-source-config.yaml | 14 +- idn/v3/paths/connectors-source-template.yaml | 14 +- idn/v3/paths/connectors-translations.yaml | 14 +- idn/v3/paths/connectors.yaml | 12 +- idn/v3/paths/identity-certification.yaml | 8 +- ...ty-certifications-access-review-items.yaml | 8 +- ...ntity-certifications-access-summaries.yaml | 8 +- .../paths/identity-certifications-decide.yaml | 8 +- ...ntity-certifications-decision-summary.yaml | 8 +- ...ity-certifications-identity-summaries.yaml | 8 +- ...ntity-certifications-identity-summary.yaml | 8 +- ...ntity-certifications-item-permissions.yaml | 6 +- .../identity-certifications-sign-off.yaml | 8 +- .../identity-profile-default-config.yaml | 4 +- .../identity-profile-lifecycle-state.yaml | 14 +- .../identity-profile-lifecycle-states.yaml | 10 +- .../identity-profile-process-identities.yaml | 4 +- idn/v3/paths/identity-profile.yaml | 24 ++- .../paths/identity-profiles-bulk-delete.yaml | 5 +- .../identity-profiles-identity-preview.yaml | 4 +- idn/v3/paths/identity-profiles.yaml | 13 +- .../paths/identity-set-lifecycle-state.yaml | 5 +- idn/v3/paths/mfa-config-delete.yaml | 4 +- idn/v3/paths/mfa-config-test.yaml | 4 +- idn/v3/paths/mfa-duo-config.yaml | 6 +- idn/v3/paths/mfa-kba-config-answers.yaml | 6 +- idn/v3/paths/mfa-kba-config.yaml | 4 +- idn/v3/paths/mfa-okta-config.yaml | 6 +- idn/v3/paths/mfa-poll.yaml | 3 +- idn/v3/paths/password-change-status.yaml | 7 +- idn/v3/paths/password-dictionary.yaml | 8 +- idn/v3/paths/password-policies.yaml | 3 +- idn/v3/paths/password-policy.yaml | 9 +- idn/v3/paths/password-sync-group.yaml | 9 +- idn/v3/paths/password-sync-groups.yaml | 6 +- .../provisioning-policies-bulk-update.yaml | 5 +- idn/v3/paths/provisioning-policies.yaml | 11 +- idn/v3/paths/provisioning-policy.yaml | 26 +++- idn/v3/paths/public-identities-config.yaml | 18 ++- idn/v3/paths/query-password-info.yaml | 11 +- idn/v3/paths/requestable-object-list.yaml | 5 +- idn/v3/paths/role-bulk-delete.yaml | 7 +- idn/v3/paths/role.yaml | 49 ++++-- idn/v3/paths/roles.yaml | 19 +-- ...earchAttributeConfig-get-patch-delete.yaml | 12 +- idn/v3/paths/searchAttributeConfig.yaml | 8 +- idn/v3/paths/segment.yaml | 17 +- idn/v3/paths/segments.yaml | 10 +- ...ervice-desk-integration-configuration.yaml | 9 +- .../service-desk-integration-template.yaml | 4 +- .../paths/service-desk-integration-types.yaml | 4 +- idn/v3/paths/service-desk-integration.yaml | 14 +- idn/v3/paths/service-desk-integrations.yaml | 8 +- idn/v3/paths/set-password.yaml | 5 +- idn/v3/paths/sod-violations-check.yaml | 6 +- idn/v3/paths/sod-violations-predict.yaml | 7 +- idn/v3/paths/source-connections.yaml | 6 +- .../paths/source-upload-connector-file.yaml | 4 +- idn/v3/paths/source.yaml | 24 ++- idn/v3/paths/sources.yaml | 13 +- idn/v3/paths/transform.yaml | 15 +- idn/v3/paths/transforms.yaml | 11 +- idn/v3/schemas/access/Role.yaml | 28 ++++ 155 files changed, 1911 insertions(+), 675 deletions(-) create mode 100644 idn/v2024/paths/role-access-model-metadata/role-bulk-update-filter.yaml create mode 100644 idn/v2024/paths/role-access-model-metadata/role-bulk-update-ids.yaml create mode 100644 idn/v2024/paths/role-access-model-metadata/role-bulk-update-query.yaml create mode 100644 idn/v2024/paths/role-access-model-metadata/role-bulk-update-status-id.yaml create mode 100644 idn/v2024/paths/role-access-model-metadata/role-bulk-update-status.yaml create mode 100644 idn/v2024/paths/role-access-model-metadata/role-filter.yaml create mode 100644 idn/v2024/paths/role-access-model-metadata/role-id-access-model-metadata.yaml create mode 100644 idn/v2024/schemas/role-metadata/RoleBulkUpdateResponse.yaml create mode 100644 idn/v2024/schemas/role-metadata/RoleListFilterDTO.yaml create mode 100644 idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByFilterRequest.yaml create mode 100644 idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByIdRequest.yaml create mode 100644 idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByQueryRequest.yaml diff --git a/idn/beta/paths/access-profile-bulk-delete.yaml b/idn/beta/paths/access-profile-bulk-delete.yaml index 7fbf672d..f328aa9a 100644 --- a/idn/beta/paths/access-profile-bulk-delete.yaml +++ b/idn/beta/paths/access-profile-bulk-delete.yaml @@ -15,10 +15,6 @@ post: field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated access profiles will be deleted. - - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this endpoint. In addition, - a SOURCE_SUBADMIN can only use this endpoint to delete access profiles associated with sources they're able - to administer. requestBody: required: true content: @@ -86,3 +82,10 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:manage] + - applicationAuth: [idn:access-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN \ No newline at end of file diff --git a/idn/beta/paths/access-profile-bulk-update-requestable.yaml b/idn/beta/paths/access-profile-bulk-update-requestable.yaml index 61d5a86b..45a508e7 100644 --- a/idn/beta/paths/access-profile-bulk-update-requestable.yaml +++ b/idn/beta/paths/access-profile-bulk-update-requestable.yaml @@ -13,8 +13,7 @@ post: > If any of the indicated Access Profiles is not does not exists in Organization,then those Access Profiles will be added in **notFound** list of the response. Access Profiles marked as **notFound** will not be updated. - > A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, - a SOURCE_SUBADMIN may only use this API to update Access Profiles which are associated with Sources they are able + A SOURCE_SUBADMIN user may only use this API to update Access Profiles which are associated with Sources they are able to administer. requestBody: required: true @@ -59,3 +58,8 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:manage] + - applicationAuth: [idn:access-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN diff --git a/idn/beta/paths/access-profile-entitlements.yaml b/idn/beta/paths/access-profile-entitlements.yaml index b1545e1a..92685520 100644 --- a/idn/beta/paths/access-profile-entitlements.yaml +++ b/idn/beta/paths/access-profile-entitlements.yaml @@ -6,8 +6,7 @@ get: description: >- Use this API to get a list of an access profile's entitlements. - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In - addition, a token with SOURCE_SUBADMIN authority must have access to the source associated with the specified + A user with SOURCE_SUBADMIN authority must have access to the source associated with the specified access profile. parameters: - name: id @@ -91,6 +90,11 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:read, idn:access-profile:manage] + - applicationAuth: [idn:access-profile:read, idn:access-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN diff --git a/idn/beta/paths/access-profile.yaml b/idn/beta/paths/access-profile.yaml index 4bfa1b3f..fcf1ee03 100644 --- a/idn/beta/paths/access-profile.yaml +++ b/idn/beta/paths/access-profile.yaml @@ -5,10 +5,6 @@ get: summary: Get an Access Profile description: >- This API returns an Access Profile by its ID. - - - A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to - call this API. parameters: - in: path name: id @@ -37,6 +33,13 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:read, idn:access-profile:manage] + - applicationAuth: [idn:access-profile:read, idn:access-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN patch: operationId: patchAccessProfile tags: diff --git a/idn/beta/paths/role.yaml b/idn/beta/paths/role.yaml index 6b20dcc6..8df96752 100644 --- a/idn/beta/paths/role.yaml +++ b/idn/beta/paths/role.yaml @@ -5,7 +5,6 @@ get: summary: Get a Role description: >- This API returns a Role by its ID. - A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated @@ -37,7 +36,9 @@ get: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + + - UserContextAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + patch: operationId: patchRole tags: @@ -69,7 +70,8 @@ patch: * revokeRequestConfig * segments - + + * accessModelMetadata A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated @@ -136,16 +138,16 @@ patch: "op": "replace", "path": "/membership", "value": { - "type": "IDENTITY_LIST", - "identities": [ - { - "id": "2c91808973fe906c0174262092014ed9" - }, - { - "id": "2c918086262092014ed94fb8a47612f3" - } - ] - } + "type": "IDENTITY_LIST", + "identities": [ + { + "id": "2c91808973fe906c0174262092014ed9" + }, + { + "id": "2c918086262092014ed94fb8a47612f3" + } + ] + } } ] @@ -180,9 +182,9 @@ patch: Add a New Clause as the Child of an Existing Standard Expression: description: >- - This example shows how to add a child clause to an existing STANDARD criteria expression. + This example shows how to add a child clause to an existing STANDARD criteria expression. value: - [ + [ { "op": "add", "path": "/membership/criteria/children/-", @@ -196,7 +198,25 @@ patch: } } ] - + + Assign a Access Model Metadata to a role: + description: This example shows how to assign a existing metadata to a role. + value: + [ + { + "op": "add", + "path": "/accessModelMetadata/attributes/0", + "value": { + "key": "iscFederalClassifications", + "values": [ + { + "value": "secret" + } + ] + } + } + ] + required: true responses: '200': @@ -216,7 +236,9 @@ patch: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [idn:role-unchecked:manage,idn:role-checked:manage] + + - UserContextAuth: [idn:role-unchecked:manage,idn:role-checked:manage] + delete: operationId: deleteRole tags: @@ -252,4 +274,6 @@ delete: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [idn:role-unchecked:manage,idn:role-checked:manage] + + - UserContextAuth: [idn:role-unchecked:manage,idn:role-checked:manage] + diff --git a/idn/beta/paths/roles.yaml b/idn/beta/paths/roles.yaml index fe568cd4..90948c71 100644 --- a/idn/beta/paths/roles.yaml +++ b/idn/beta/paths/roles.yaml @@ -109,7 +109,7 @@ get: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + - UserContextAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] post: operationId: createRole tags: @@ -153,4 +153,4 @@ post: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [idn:role-unchecked:manage, idn:role-checked:manage] + - UserContextAuth: [idn:role-unchecked:manage, idn:role-checked:manage] diff --git a/idn/sailpoint-api.beta.yaml b/idn/sailpoint-api.beta.yaml index 8d7f3cd0..9797d469 100644 --- a/idn/sailpoint-api.beta.yaml +++ b/idn/sailpoint-api.beta.yaml @@ -1889,4 +1889,4 @@ paths: /suggested-entitlement-description-assignments: $ref: "./beta/paths/suggested-entitlement-description-assignments.yaml" /suggested-entitlement-descriptions: - $ref: "./beta/paths/suggested-entitlement-descriptions.yaml" + $ref: "./beta/paths/suggested-entitlement-descriptions.yaml" \ No newline at end of file diff --git a/idn/sailpoint-api.v2024.yaml b/idn/sailpoint-api.v2024.yaml index dd70deff..eb1673fa 100644 --- a/idn/sailpoint-api.v2024.yaml +++ b/idn/sailpoint-api.v2024.yaml @@ -2042,6 +2042,20 @@ paths: $ref: './v2024/paths/ears-user-apps.yaml' /user-apps/all: $ref: './v2024/paths/ears-user-apps-all.yaml' + /roles/{id}/access-model-metadata/{attributeKey}/values/{attributeValue}: + $ref: './v2024/paths/role-access-model-metadata/role-id-access-model-metadata.yaml' + /roles/access-model-metadata/bulk-update/ids: + $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-ids.yaml' + /roles/access-model-metadata/bulk-update/filter: + $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-filter.yaml' + /roles/access-model-metadata/bulk-update/query: + $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-query.yaml' + /roles/access-model-metadata/bulk-update/id: + $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-status-id.yaml' + /roles/access-model-metadata/bulk-update: + $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-status.yaml' + /roles/filter: + $ref: './v2024/paths/role-access-model-metadata/role-filter.yaml' security: - userAuth: - "sp:scopes:all" @@ -2188,3 +2202,13 @@ components: $ref: ./v3/schemas/BrandingItem.yaml BrandingItemCreate: $ref: ./v3/schemas/BrandingItemCreate.yaml + RoleBulkUpdateResponse: + $ref: "./v2024/schemas/role-metadata/RoleBulkUpdateResponse.yaml" + RoleListFilterDTO: + $ref: "./v2024/schemas/role-metadata/RoleListFilterDTO.yaml" + RoleMetadataBulkUpdateByFilterRequest: + $ref: "./v2024/schemas/role-metadata/RoleMetadataBulkUpdateByFilterRequest.yaml" + RoleMetadataBulkUpdateByIdRequest: + $ref: "./v2024/schemas/role-metadata/RoleMetadataBulkUpdateByIdRequest.yaml" + RoleMetadataBulkUpdateByQueryRequest: + $ref: "./v2024/schemas/role-metadata/RoleMetadataBulkUpdateByQueryRequest.yaml" \ No newline at end of file diff --git a/idn/v2024/paths/access-profile-bulk-update-requestable.yaml b/idn/v2024/paths/access-profile-bulk-update-requestable.yaml index 0fa5a1cf..82e90b9a 100644 --- a/idn/v2024/paths/access-profile-bulk-update-requestable.yaml +++ b/idn/v2024/paths/access-profile-bulk-update-requestable.yaml @@ -10,8 +10,7 @@ post: \ or **false**.\n\n> If any of the indicated Access Profiles is not does not\ \ exists in Organization,then those Access Profiles will be added in **notFound**\ \ list of the response. Access Profiles marked as **notFound** will not be updated.\n\ - > A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is\ - \ required to call this API. In addition, a SOURCE_SUBADMIN may only use this\ + \ A SOURCE_SUBADMIN may only use this\ \ API to update Access Profiles which are associated with Sources they are able\ \ to administer." requestBody: @@ -50,6 +49,10 @@ post: security: - userAuth: - idn:access-profile:manage + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN parameters: - name: X-SailPoint-Experimental in: header diff --git a/idn/v2024/paths/access-request-close.yaml b/idn/v2024/paths/access-request-close.yaml index d0241229..1b965c6f 100644 --- a/idn/v2024/paths/access-request-close.yaml +++ b/idn/v2024/paths/access-request-close.yaml @@ -3,10 +3,13 @@ post: tags: - Access Requests summary: Close Access Request + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN description: 'This endpoint closes access requests that are stuck in a pending state. It can be used throughout a request''s lifecycle even after the approval state, unlike the [Cancel Access Request endpoint](https://developer.sailpoint.com/idn/api/v3/cancel-access-request/). - A token with ORG_ADMIN authority is required. To find pending access requests with the UI, navigate to Search and use this query: diff --git a/idn/v2024/paths/account-aggregation-status.yaml b/idn/v2024/paths/account-aggregation-status.yaml index 7db78a11..f12b3681 100644 --- a/idn/v2024/paths/account-aggregation-status.yaml +++ b/idn/v2024/paths/account-aggregation-status.yaml @@ -3,6 +3,12 @@ get: tags: - Account Aggregations summary: In-progress Account Aggregation status + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN description: 'This API returns the status of an *in-progress* account aggregation, along with the total number of **NEW**, **CHANGED** and **DELETED** accounts found since the previous aggregation, and the number of those accounts that have been @@ -22,8 +28,6 @@ get: *Only available up to an hour after the aggregation completes. May respond with *404 Not Found* after that.* - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN or DASHBOARD authority is required to call this API.' parameters: - in: path diff --git a/idn/v2024/paths/attr-sync-config-source.yaml b/idn/v2024/paths/attr-sync-config-source.yaml index 905859f1..a51f4d31 100644 --- a/idn/v2024/paths/attr-sync-config-source.yaml +++ b/idn/v2024/paths/attr-sync-config-source.yaml @@ -3,15 +3,17 @@ get: tags: - Sources summary: Attribute Sync Config - description: 'This API returns the existing attribute synchronization configuration + description: >- + This API returns the existing attribute synchronization configuration for a source specified by the given ID. The response contains all attributes, regardless of whether they enabled or not. - - A token with ORG_ADMIN or HELPDESK authority is required to call this API.' security: - userAuth: - idn:attr-sync-source-config:read - idn:attr-sync-source-config:manage + x-sailpoint-userLevels: + - ORG_ADMIN + - HELPDESK parameters: - in: path name: id @@ -56,11 +58,12 @@ put: \ specified by the given ID with the configuration provided in the request body.\ \ Only the \"enabled\" field of the values in the \"attributes\" array is mutable.\ \ Attempting to change other attributes or add new values to the \"attributes\"\ - \ array will result in an error.\n \nA token with ORG_ADMIN authority is required\ - \ to call this API." + \ array will result in an error.\n" security: - userAuth: - idn:attr-sync-source-config:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: id diff --git a/idn/v2024/paths/connector-rule-validate.yaml b/idn/v2024/paths/connector-rule-validate.yaml index a9140fd2..881bbd1b 100644 --- a/idn/v2024/paths/connector-rule-validate.yaml +++ b/idn/v2024/paths/connector-rule-validate.yaml @@ -3,9 +3,7 @@ post: - Connector Rule Management operationId: validateConnectorRule summary: Validate Connector Rule - description: 'Returns a list of issues within the code to fix, if any. - - A token with ORG_ADMIN authority is required to call this API.' + description: Returns a list of issues within the code to fix, if any. requestBody: required: true description: The code to validate @@ -34,6 +32,8 @@ post: - userAuth: - idn:rule-management-connector:read - idn:rule-management-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header diff --git a/idn/v2024/paths/connector-rule.yaml b/idn/v2024/paths/connector-rule.yaml index 96896c0e..ad3547a8 100644 --- a/idn/v2024/paths/connector-rule.yaml +++ b/idn/v2024/paths/connector-rule.yaml @@ -3,9 +3,7 @@ get: - Connector Rule Management summary: Connector-Rule by ID operationId: getConnectorRule - description: 'Returns the connector rule specified by ID. - - A token with ORG_ADMIN authority is required to call this API.' + description: Returns the connector rule specified by ID. parameters: - name: id in: path @@ -44,17 +42,17 @@ get: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:rule-management-connector:read - - idn:rule-management-connector:manage + - userAuth: + - idn:rule-management-connector:read + - idn:rule-management-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN put: tags: - Connector Rule Management summary: Update a Connector Rule description: 'Updates an existing connector rule with the one provided in the request - body. Note that the fields ''id'', ''name'', and ''type'' are immutable. - - A token with ORG_ADMIN authority is required to call this API.' + body. Note that the fields ''id'', ''name'', and ''type'' are immutable.' operationId: updateConnectorRule parameters: - name: id @@ -100,15 +98,15 @@ put: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:rule-management-connector:manage + - userAuth: + - idn:rule-management-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN delete: tags: - Connector Rule Management summary: Delete a Connector-Rule - description: 'Deletes the connector rule specified by the given ID. - - A token with ORG_ADMIN authority is required to call this API.' + description: Deletes the connector rule specified by the given ID. operationId: deleteConnectorRule parameters: - name: id @@ -144,5 +142,7 @@ delete: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:rule-management-connector:manage + - userAuth: + - idn:rule-management-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v2024/paths/connector-rules.yaml b/idn/v2024/paths/connector-rules.yaml index 0483c50d..0f69582f 100644 --- a/idn/v2024/paths/connector-rules.yaml +++ b/idn/v2024/paths/connector-rules.yaml @@ -3,9 +3,7 @@ get: - Connector Rule Management operationId: getConnectorRuleList summary: List Connector Rules - description: 'Returns the list of connector rules. - - A token with ORG_ADMIN authority is required to call this API.' + description: Returns the list of connector rules. responses: '200': description: A list of connector rules @@ -26,9 +24,11 @@ get: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:rule-management-connector:read - - idn:rule-management-connector:manage + - userAuth: + - idn:rule-management-connector:read + - idn:rule-management-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header @@ -43,9 +43,7 @@ post: - Connector Rule Management operationId: createConnectorRule summary: Create Connector Rule - description: 'Creates a new connector rule. - - A token with ORG_ADMIN authority is required to call this API.' + description: Creates a new connector rule. requestBody: required: true description: The connector rule to create @@ -71,8 +69,10 @@ post: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:rule-management-connector:manage + - userAuth: + - idn:rule-management-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header diff --git a/idn/v2024/paths/custom-password-instruction.yaml b/idn/v2024/paths/custom-password-instruction.yaml index 1e0605ad..e4130fcc 100644 --- a/idn/v2024/paths/custom-password-instruction.yaml +++ b/idn/v2024/paths/custom-password-instruction.yaml @@ -3,8 +3,13 @@ get: tags: - Custom Password Instructions summary: Get Custom Password Instructions by Page ID - description: This API returns the custom password instructions for the specified - page ID. A token with ORG_ADMIN authority is required to call this API. + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API returns the custom password instructions for the specified + page ID. parameters: - in: path name: pageId @@ -65,8 +70,13 @@ delete: tags: - Custom Password Instructions summary: Delete Custom Password Instructions by page ID - description: This API delete the custom password instructions for the specified - page ID. A token with ORG_ADMIN authority is required to call this API. + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API delete the custom password instructions for the specified + page ID. parameters: - in: path name: pageId diff --git a/idn/v2024/paths/custom-password-instructions.yaml b/idn/v2024/paths/custom-password-instructions.yaml index f5a02c2d..314ca302 100644 --- a/idn/v2024/paths/custom-password-instructions.yaml +++ b/idn/v2024/paths/custom-password-instructions.yaml @@ -3,8 +3,13 @@ post: tags: - Custom Password Instructions summary: Create Custom Password Instructions - description: This API creates the custom password instructions for the specified - page ID. A token with ORG_ADMIN authority is required to call this API. + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API creates the custom password instructions for the specified + page ID. requestBody: required: true content: diff --git a/idn/v2024/paths/ears-entitlement-bulk-update.yaml b/idn/v2024/paths/ears-entitlement-bulk-update.yaml index e8099904..7f52244e 100644 --- a/idn/v2024/paths/ears-entitlement-bulk-update.yaml +++ b/idn/v2024/paths/ears-entitlement-bulk-update.yaml @@ -3,13 +3,16 @@ post: tags: - Entitlements summary: Bulk update an entitlement list + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN description: "This API applies an update to every entitlement of the list.\n\nThe\ \ number of entitlements to update is limited to 50 items maximum.\n\nThe JsonPatch\ \ update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\ \ allowed operations : **{ \"op\": \"replace\", \"path\": \"/privileged\", \"\ value\": boolean }** **{ \"op\": \"replace\", \"path\": \"/requestable\",\"value\"\ - : boolean }** \n\nA token with ORG_ADMIN or API authority is required to call\ - \ this API." + : boolean }**" requestBody: required: true content: diff --git a/idn/v2024/paths/ears-entitlement.yaml b/idn/v2024/paths/ears-entitlement.yaml index bb25f9fe..8eea43ea 100644 --- a/idn/v2024/paths/ears-entitlement.yaml +++ b/idn/v2024/paths/ears-entitlement.yaml @@ -80,7 +80,8 @@ patch: tags: - Entitlements summary: Patch an entitlement - description: 'This API updates an existing entitlement using [JSON Patch](https://tools.ietf.org/html/rfc6902) + description: >- + This API updates an existing entitlement using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. @@ -88,16 +89,16 @@ patch: **owner**, **name**, **description**, and **manuallyUpdatedFields** - When you''re patching owner, only owner type and owner id must be provided. Owner - name is optional, and it won''t be modified. If the owner name is provided, it + When you're patching owner, only owner type and owner id must be provided. Owner + name is optional, and it won't be modified. If the owner name is provided, it should correspond to the real name. The only owner type currently supported is IDENTITY. - - - A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.' security: - - userAuth: - - idn:entitlement:manage + - userAuth: + - idn:entitlement:manage + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN parameters: - name: id in: path diff --git a/idn/v2024/paths/ears-source-apps-all.yaml b/idn/v2024/paths/ears-source-apps-all.yaml index 56c20fd8..91ecebe3 100644 --- a/idn/v2024/paths/ears-source-apps-all.yaml +++ b/idn/v2024/paths/ears-source-apps-all.yaml @@ -5,11 +5,10 @@ get: summary: List all source apps security: - userAuth: [idn:app-roles:manage] + x-sailpoint-userLevels: + - ORG_ADMIN description: >- - This API returns the list of all source apps for the org. - - - A token with ORG_ADMIN authority is required to call this API. + This API returns the list of all source apps for the org. parameters: - $ref: '../../v3/parameters/limit.yaml' - $ref: '../../v3/parameters/count.yaml' diff --git a/idn/v2024/paths/identities-process.yaml b/idn/v2024/paths/identities-process.yaml index 8083cb8f..7baeef46 100644 --- a/idn/v2024/paths/identities-process.yaml +++ b/idn/v2024/paths/identities-process.yaml @@ -15,14 +15,16 @@ post: \ existing roles.\n3. Enforce provisioning for any assigned accesses that haven't\ \ been fulfilled (e.g. failure due to source health).\n4. Recalculate manager\ \ relationships.\n5. Potentially clean-up identity processing errors, assuming\ - \ the error has been resolved.\n\nA token with ORG_ADMIN or HELPDESK authority\ - \ is required to call this API.\n" + \ the error has been resolved." externalDocs: description: Learn more about manually processing identities here url: https://documentation.sailpoint.com/saas/help/setup/identity_processing.html security: - - userAuth: - - idn:identity:manage + - userAuth: + - idn:identity:manage + x-sailpoint-userLevels: + - ORG_ADMIN + - HELPDESK requestBody: required: true content: diff --git a/idn/v2024/paths/identity-profiles-identity-preview.yaml b/idn/v2024/paths/identity-profiles-identity-preview.yaml index a5ca818c..af8d5ab9 100644 --- a/idn/v2024/paths/identity-profiles-identity-preview.yaml +++ b/idn/v2024/paths/identity-profiles-identity-preview.yaml @@ -3,12 +3,9 @@ post: tags: - Identity Profiles summary: Generate Identity Profile Preview - description: 'This generates a non-persisted IdentityDetails object that will represent + description: This generates a non-persisted IdentityDetails object that will represent as the preview of the identities attribute when the given policy''s attribute config is applied. - - A token with ORG_ADMIN authority is required to call this API to generate an identity - preview.' requestBody: description: Identity Preview request body. required: true @@ -35,8 +32,10 @@ post: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:identity-profile:manage + - userAuth: + - idn:identity-profile:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header diff --git a/idn/v2024/paths/identity-synchronize-attributes.yaml b/idn/v2024/paths/identity-synchronize-attributes.yaml index 1d88fdc5..634e0cc6 100644 --- a/idn/v2024/paths/identity-synchronize-attributes.yaml +++ b/idn/v2024/paths/identity-synchronize-attributes.yaml @@ -3,9 +3,14 @@ post: tags: - Identities summary: Attribute synchronization for single identity. - description: This end-point performs attribute synchronization for a selected identity. - The endpoint can be called once in 10 seconds per identity. A token with ORG_ADMIN - or API authority is required to call this API. + security: + - userAuth: [] + - applicationAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This end-point performs attribute synchronization for a selected identity. + The endpoint can be called once in 10 seconds per identity. parameters: - in: path name: identityId diff --git a/idn/v2024/paths/load-accounts.yaml b/idn/v2024/paths/load-accounts.yaml index 65a36e2f..f18b89ab 100644 --- a/idn/v2024/paths/load-accounts.yaml +++ b/idn/v2024/paths/load-accounts.yaml @@ -5,12 +5,14 @@ post: operationId: importAccounts description: "Starts an account aggregation on the specified source. \nIf the target\ \ source is a delimited file source, then the CSV file needs to be included in\ - \ the request body.\nYou will also need to set the Content-Type header to `multipart/form-data`.\n\ - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required\ - \ to call this API." + \ the request body.\nYou will also need to set the Content-Type header to `multipart/form-data`." security: - userAuth: - idn:sources:manage + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN parameters: - in: path name: id diff --git a/idn/v2024/paths/native-change-detection-config.yaml b/idn/v2024/paths/native-change-detection-config.yaml index ac13fc89..45edf962 100644 --- a/idn/v2024/paths/native-change-detection-config.yaml +++ b/idn/v2024/paths/native-change-detection-config.yaml @@ -6,10 +6,11 @@ get: security: - userAuth: - idn:sources:read - description: 'This API returns the existing native change detection configuration + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API returns the existing native change detection configuration for a source specified by the given ID. - - A token with ORG_ADMIN authority is required to call this API.' parameters: - in: path name: id @@ -53,9 +54,11 @@ put: security: - userAuth: - idn:sources:update - description: "Replaces the native change detection configuration for the source\ - \ specified by the given ID with the configuration provided in the request body.\n\ - \ \nA token with ORG_ADMIN authority is required to call this API." + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + Replaces the native change detection configuration for the source + specified by the given ID with the configuration provided in the request body. parameters: - in: path name: id @@ -102,13 +105,16 @@ delete: tags: - Sources summary: Delete Native Change Detection Configuration - description: 'Deletes the native change detection configuration for the source specified + description: >- + Deletes the native change detection configuration for the source specified by the given ID. - - A token with API, or ORG_ADMIN authority is required to call this API.' security: - - userAuth: - - idn:sources:update + - userAuth: + - idn:sources:update + - applicationAuth: + - idn:sources:update + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: id diff --git a/idn/v2024/paths/role-access-model-metadata/role-bulk-update-filter.yaml b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-filter.yaml new file mode 100644 index 00000000..9b2083b1 --- /dev/null +++ b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-filter.yaml @@ -0,0 +1,56 @@ +post: + operationId: updateRolesMetadataByFilter + summary: Bulk-Update Roles' Metadata by Filters + description: >- + This API initiates a bulk update of metadata for one or more Roles + by filter. + + A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. + + The maximum metadata value count for a single role is 25. + + Custom metadata update, including add, replace need suit licensed. + tags: + - Roles + security: + - UserContextAuth: + - idn:role:update + - idn:role-checked:update + requestBody: + required: true + content: + application/json: + schema: + $ref: "../../schemas/role-metadata/RoleMetadataBulkUpdateByFilterRequest.yaml" + example: + operation: ADD + replaceScope: ALL + filters: requestable eq false + values: + - attribute: iscFederalClassifications + values: + - topSecret + responses: + "202": + description: Returned if bulk update request created + content: + application/json: + schema: + $ref: "../../schemas/role-metadata/RoleBulkUpdateResponse.yaml" + examples: + Update request created successfully: + value: + id: 2d82ac17-eb0d-4ba6-9918-dcad6ee0294d + type: ROLE + status: CREATED + created: 2024-09-16T18:59:06.871594Z + "400": + $ref: ../../../v3/responses/400.yaml + "401": + $ref: ../../../v3/responses/401.yaml + "403": + $ref: ../../../v3/responses/403.yaml + "429": + $ref: ../../../v3/responses/429.yaml + "500": + $ref: ../../../v3/responses/500.yaml \ No newline at end of file diff --git a/idn/v2024/paths/role-access-model-metadata/role-bulk-update-ids.yaml b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-ids.yaml new file mode 100644 index 00000000..208acc2c --- /dev/null +++ b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-ids.yaml @@ -0,0 +1,41 @@ +post: + operationId: updateRolesMetadataByIds + summary: Bulk-Update Roles' Metadata by ID + description: >- + This API initiates a bulk update of metadata for one or more Roles by a list of Role Ids. + + A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. + + The maximum role count in a single update request is 3000. + The maximum metadata value count for a single role is 25. + + Custom metadata update, including add, replace need suit licensed. + tags: + - Roles + security: + - UserContextAuth: + - idn:role:update + - idn:role-checked:update + requestBody: + required: true + content: + application/json: + schema: + $ref: "../../schemas/role-metadata/RoleMetadataBulkUpdateByIdRequest.yaml" + responses: + "202": + description: Returned if bulk update request created + content: + application/json: + schema: + $ref: "../../schemas/role-metadata/RoleBulkUpdateResponse.yaml" + '400': + $ref: '../../../v3/responses/400.yaml' + '401': + $ref: '../../../v3/responses/401.yaml' + '403': + $ref: '../../../v3/responses/403.yaml' + '429': + $ref: '../../../v3/responses/429.yaml' + '500': + $ref: '../../../v3/responses/500.yaml' \ No newline at end of file diff --git a/idn/v2024/paths/role-access-model-metadata/role-bulk-update-query.yaml b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-query.yaml new file mode 100644 index 00000000..dc6e96ac --- /dev/null +++ b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-query.yaml @@ -0,0 +1,79 @@ +post: + operationId: updateRolesMetadataByQuery + summary: Bulk-Update Roles' Metadata by Query + description: >- + This API initiates a bulk update of metadata for one or more Roles by query. + + A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. + + The maximum metadata value count for a single role is 25. + + Custom metadata update, including add, replace need suit licensed. + tags: + - Roles + security: + - UserContextAuth: [ idn:role:update, idn:role-checked:update ] + requestBody: + required: true + content: + application/json: + schema: + $ref: '../../schemas/role-metadata/RoleMetadataBulkUpdateByQueryRequest.yaml' + example: + example of a success update: + { + "query": { + "indices": [ + "roles" + ], + "queryType": "TEXT", + "textQuery": { + "terms": [ + "test123" + ], + "fields": [ + "id" + ], + "matchAny": false, + "contains": true + }, + "includeNested": false + }, + "operation": "REPLACE", + "replaceScope": "ALL", + "values": [ + { + "attribute": "iscFederalClassifications", + "values": [ + "secret" + ] + } + ] + } + responses: + '202': + description: Returned if bulk update request created + content: + application/json: + schema: + $ref: '../../schemas/role-metadata/RoleBulkUpdateResponse.yaml' + examples: + Update request created successfully: + value: + { + "id": "2d82ac17-eb0d-4ba6-9918-dcad6ee0294d", + "type": "ROLE", + "status": "CREATED", + "created": "2024-09-16T18:59:06.871594Z" + } + + '400': + $ref: '../../../v3/responses/400.yaml' + '401': + $ref: '../../../v3/responses/401.yaml' + '403': + $ref: '../../../v3/responses/403.yaml' + '429': + $ref: '../../../v3/responses/429.yaml' + '500': + $ref: '../../../v3/responses/500.yaml' \ No newline at end of file diff --git a/idn/v2024/paths/role-access-model-metadata/role-bulk-update-status-id.yaml b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-status-id.yaml new file mode 100644 index 00000000..e2202060 --- /dev/null +++ b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-status-id.yaml @@ -0,0 +1,50 @@ +get: + operationId: getBulkUpdateStatusById + summary: Get Bulk-Update Status by ID + description: >- + + This API initial a request for one bulk update's status by bulk update Id + returns the status of the bulk update process. + + A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. + + security: + - UserContextAuth: [ idn:role:update, idn:role-checked:update ] + tags: + - Roles + parameters: + - name: "id" + in: path + required: true + schema: + type: string + description: The Id of the bulk update task. + example: c24359c389374d0fb8585698a2189e3d + + responses: + '202': + description: return if bulk update status could be found. + content: + application/json: + schema: + $ref: '../../../v2024/schemas/role-metadata/RoleBulkUpdateResponse.yaml' + examples: + Update request created successfully: + value: + { + "id": "2d82ac17-eb0d-4ba6-9918-dcad6ee0294d", + "type": "ROLE", + "status": "CREATED", + "created": "2024-09-16T18:59:06.871594Z" + } + + '400': + $ref: '../../../v3/responses/400.yaml' + '401': + $ref: '../../../v3/responses/401.yaml' + '403': + $ref: '../../../v3/responses/403.yaml' + '429': + $ref: '../../../v3/responses/429.yaml' + '500': + $ref: '../../../v3/responses/500.yaml' diff --git a/idn/v2024/paths/role-access-model-metadata/role-bulk-update-status.yaml b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-status.yaml new file mode 100644 index 00000000..7bc6be05 --- /dev/null +++ b/idn/v2024/paths/role-access-model-metadata/role-bulk-update-status.yaml @@ -0,0 +1,32 @@ +get: + operationId: getBulkUpdateStatus + summary: Get Bulk-Update Statuses + description: >- + This API returns a list of all bulk update process status of the tenant. + + A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. + + security: + - UserContextAuth: [ idn:role:update, idn:role-checked:update ] + tags: + - Roles + responses: + '200': + description: successfully get the status of all bulk updates. + content: + application/json: + schema: + type: array + items: + $ref: '../../schemas/role-metadata/RoleBulkUpdateResponse.yaml' + + '400': + $ref: '../../../v3/responses/400.yaml' + '401': + $ref: '../../../v3/responses/401.yaml' + '403': + $ref: '../../../v3/responses/403.yaml' + '429': + $ref: '../../../v3/responses/429.yaml' + '500': + $ref: '../../../v3/responses/500.yaml' diff --git a/idn/v2024/paths/role-access-model-metadata/role-filter.yaml b/idn/v2024/paths/role-access-model-metadata/role-filter.yaml new file mode 100644 index 00000000..2c9c927d --- /dev/null +++ b/idn/v2024/paths/role-access-model-metadata/role-filter.yaml @@ -0,0 +1,143 @@ +post: + operationId: searchRolesByFilter + summary: Filter Roles by Metadata + description: >- + This API returns a list of Role that filter by metadata and filter, it support filter by both path parameter and + attribute key and values. + + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, HELPDESK, CERT_ADMIN, REPORT_ADMIN or SOURCE_ADMIN authority is required to call this API. + + security: + - UserContextAuth: [ idn:role:read, idn:role-checked:read ] + tags: + - Roles + parameters: + - name: for-subadmin + in: query + schema: + type: string + description: >- + If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. + The value of the parameter is either an Identity ID, or the special value **me**, + which is shorthand for the calling Identity's ID. + A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not + a subadmin. + example: 5168015d32f890ca15812c9180835d2e + required: false + - name: limit + in: query + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 50 + description: >- + Max number of results to return + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) + for more information. + example: 50 + required: false + + - name: offset + in: query + description: >- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) + for more information. + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + required: false + example: 0 + + - name: count + in: query + description: >- + Boolean indicating whether a total count is returned, factoring in any filter parameters, in the X-Total-Count response header. + The value is the total size of the collection that would be returned if limit and offset were ignored. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) + for more information. + schema: + type: boolean + default: false + required: false + example: true + + - name: sorters + in: query + schema: + type: string + description: >- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + + Sorting is supported for the following fields: **name, created, modified** + example: name,-modified + required: false + + - name: for-segment-ids + in: query + schema: + type: string + description: >- + If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) + with the specified IDs. + + If segmentation is currently unavailable, specifying this parameter results in an error. + example: 0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d + required: false + + - name: include-unsegmented + in: query + description: >- + Whether or not the response list should contain unsegmented Roles. + If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error. + schema: + type: boolean + default: true + required: false + example: false + - $ref: '../../../v3/parameters/count.yaml' + + requestBody: + content: + application/json: + schema: + $ref: '../../schemas/role-metadata/RoleListFilterDTO.yaml' + example: + { + "filters": "dimensional eq false", + "ammKeyValues": [ + { + "attribute": "iscFederalClassifications", + "values": [ + "secret" + ] + } + ] + } + + responses: + '200': + description: Responds with A list of Roles + content: + application/json: + schema: + type: array + allOf: + - $ref: '../../../v3/schemas/access/Role.yaml' + '400': + $ref: '../../../v3/responses/400.yaml' + '401': + $ref: '../../../v3/responses/401.yaml' + '403': + $ref: '../../../v3/responses/403.yaml' + '429': + $ref: '../../../v3/responses/429.yaml' + '500': + $ref: '../../../v3/responses/500.yaml' diff --git a/idn/v2024/paths/role-access-model-metadata/role-id-access-model-metadata.yaml b/idn/v2024/paths/role-access-model-metadata/role-id-access-model-metadata.yaml new file mode 100644 index 00000000..78196ab7 --- /dev/null +++ b/idn/v2024/paths/role-access-model-metadata/role-id-access-model-metadata.yaml @@ -0,0 +1,99 @@ +post: + operationId: updateAttributeKeyAndValueToRole + summary: Add a Metadata to Role. + description: + This API initialize a request to add a single Access Model Metadata to a role by attribute key and attribute value. + A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. + Custom metadata update, including ADD and REPLACE need suit licensed. + tags: + - Roles + security: + - UserContextAuth: [ idn:role:update, idn:role-checked:update ] + parameters: + - name: "id" + in: "path" + required: true + schema: + type: "string" + description: The Id of a role + example: c24359c389374d0fb8585698a2189e3d + - name: "attributeKey" + in: "path" + required: true + schema: + type: "string" + description: Technical name of the Attribute. + example: "iscPrivacy" + - name: "attributeValue" + in: "path" + required: true + schema: + type: "string" + description: Technical name of the Attribute Value. + example: "public" + responses: + "200": + description: Responds with the Role as updated. + content: + application/json: + schema: + $ref: "../../../v3/schemas/access/Role.yaml" + '400': + $ref: '../../../v3/responses/400.yaml' + '401': + $ref: '../../../v3/responses/401.yaml' + '403': + $ref: '../../../v3/responses/403.yaml' + '429': + $ref: '../../../v3/responses/429.yaml' + '500': + $ref: '../../../v3/responses/500.yaml' +delete: + operationId: deleteMetadataFromRoleByKeyAndValue + summary: Remove a Metadata From Role. + description: + This API initialize a request to remove a single Access Model Metadata from a role by attribute key and value. + A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. + tags: + - Roles + security: + - UserContextAuth: [ idn:role:delete, idn:role-checked:delete, idn:role:update, idn:role-checked:update ] + parameters: + - name: id + in: path + required: true + schema: + type: string + description: The role's id. + example: 2c91808c74ff913f0175097daa9d59cd + - name: attributeKey + in: path + required: true + schema: + type: string + description: Technical name of the Attribute. + example: "iscPrivacy" + - name: attributeValue + in: "path" + required: true + schema: + type: string + description: Technical name of the Attribute Value. + example: "public" + responses: + "200": + description: Responds with the Role as updated. + content: + application/json: + schema: + $ref: "../../../v3/schemas/access/Role.yaml" + '400': + $ref: '../../../v3/responses/400.yaml' + '401': + $ref: '../../../v3/responses/401.yaml' + '403': + $ref: '../../../v3/responses/403.yaml' + '429': + $ref: '../../../v3/responses/429.yaml' + '500': + $ref: '../../../v3/responses/500.yaml' \ No newline at end of file diff --git a/idn/v2024/paths/role-entitlements.yaml b/idn/v2024/paths/role-entitlements.yaml index 8cd8d263..372270a0 100644 --- a/idn/v2024/paths/role-entitlements.yaml +++ b/idn/v2024/paths/role-entitlements.yaml @@ -3,11 +3,8 @@ get: tags: - Roles summary: List role's Entitlements - description: 'This API lists the Entitlements associated with a given role. - - - A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required - to call this API.' + description: >- + This API lists the Entitlements associated with a given role. parameters: - name: id in: path @@ -95,8 +92,17 @@ get: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:role-unchecked:read - - idn:role-unchecked:manage - - idn:role-checked:manage - - idn:role-checked:read + - userAuth: + - idn:role-unchecked:read + - idn:role-unchecked:manage + - idn:role-checked:manage + - idn:role-checked:read + - applicationAuth: + - idn:role-unchecked:read + - idn:role-unchecked:manage + - idn:role-checked:manage + - idn:role-checked:read + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN diff --git a/idn/v2024/paths/searchAttributeConfig-get-patch-delete.yaml b/idn/v2024/paths/searchAttributeConfig-get-patch-delete.yaml index 6ab50415..ed878a4c 100644 --- a/idn/v2024/paths/searchAttributeConfig-get-patch-delete.yaml +++ b/idn/v2024/paths/searchAttributeConfig-get-patch-delete.yaml @@ -3,10 +3,13 @@ get: tags: - Search Attribute Configuration summary: Get the details of a specific extended search attribute in IdentityNow. - description: 'This API accepts an extended attribute name and retrieves the corresponding + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API accepts an extended attribute name and retrieves the corresponding extended attribute configuration. - - A token with ORG_ADMIN authority is required to call this API.' parameters: - name: name in: path @@ -49,10 +52,13 @@ delete: tags: - Search Attribute Configuration summary: Delete an extended search attribute in IdentityNow. - description: 'This API accepts an extended attribute name and deletes the corresponding + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API accepts an extended attribute name and deletes the corresponding extended attribute configuration. - - A token with ORG_ADMIN authority is required to call this API.' parameters: - name: name in: path @@ -87,12 +93,13 @@ patch: tags: - Search Attribute Configuration summary: Update the details of a specific extended search attribute in IdentityNow. - description: 'This API updates an existing Search Attribute Configuration. The following - fields are patchable: - - **name**, **displayName**, **applicationAttributes** - - A token with ORG_ADMIN authority is required to call this API.' + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API updates an existing Search Attribute Configuration. The following + fields are patchable: **name**, **displayName**, **applicationAttributes** parameters: - name: name in: path diff --git a/idn/v2024/paths/searchAttributeConfig.yaml b/idn/v2024/paths/searchAttributeConfig.yaml index 67b1cdb4..085648a2 100644 --- a/idn/v2024/paths/searchAttributeConfig.yaml +++ b/idn/v2024/paths/searchAttributeConfig.yaml @@ -3,12 +3,15 @@ post: tags: - Search Attribute Configuration summary: Configure/create extended search attributes in IdentityNow. - description: 'This API accepts an attribute name, an attribute display name and + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API accepts an attribute name, an attribute display name and a list of name/value pair associates of application IDs to attribute names. It will then validate the inputs and configure/create and attribute promotion configuration in the Link ObjectConfig. - - A token with ORG_ADMIN authority is required to call this API.' requestBody: required: true content: @@ -50,10 +53,13 @@ get: tags: - Search Attribute Configuration summary: Retrieve a list of extended search attributes in IdentityNow. - description: 'This API retrieves a list of attribute/application associates currently + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + This API retrieves a list of attribute/application associates currently configured in IdentityNow. - - A token with ORG_ADMIN authority is required to call this API.' responses: '200': description: List of attribute configurations in IdentityNow. diff --git a/idn/v2024/paths/sim-integrations-before-provisioning-rule.yaml b/idn/v2024/paths/sim-integrations-before-provisioning-rule.yaml index 107ee3e2..7fd246e6 100644 --- a/idn/v2024/paths/sim-integrations-before-provisioning-rule.yaml +++ b/idn/v2024/paths/sim-integrations-before-provisioning-rule.yaml @@ -3,8 +3,6 @@ patch: - SIM Integrations summary: Patch a SIM beforeProvisioningRule attribute. description: Patch a SIM beforeProvisioningRule attribute given a JsonPatch object. - A token with Org Admin or Service Desk Admin authority is required to access this - endpoint. operationId: patchBeforeProvisioningRule requestBody: required: true @@ -51,3 +49,5 @@ patch: security: - userAuth: - idn:service-desk-admin:write + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v2024/paths/sim-integrations-value-list.yaml b/idn/v2024/paths/sim-integrations-value-list.yaml index ae6ce837..d9e0f113 100644 --- a/idn/v2024/paths/sim-integrations-value-list.yaml +++ b/idn/v2024/paths/sim-integrations-value-list.yaml @@ -2,8 +2,7 @@ get: tags: - SIM Integrations summary: List the existing SIM integrations. - description: List the existing SIM integrations. A token with Org Admin or Service - Desk Admin authority is required to access this endpoint. + description: List the existing SIM integrations. operationId: getSIMIntegrations responses: '200': @@ -27,6 +26,8 @@ get: security: - userAuth: - idn:service-desk-admin:read + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header @@ -40,8 +41,7 @@ post: tags: - SIM Integrations summary: Create new SIM integration - description: Create a new SIM Integrations. A token with Org Admin or Service Desk - Admin authority is required to access this endpoint. + description: Create a new SIM Integrations. operationId: createSIMIntegration requestBody: description: DTO containing the details of the SIM integration @@ -72,6 +72,8 @@ post: security: - userAuth: - idn:service-desk-admin:create + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header diff --git a/idn/v2024/paths/sim-integrations.yaml b/idn/v2024/paths/sim-integrations.yaml index a802f308..bf47ac34 100644 --- a/idn/v2024/paths/sim-integrations.yaml +++ b/idn/v2024/paths/sim-integrations.yaml @@ -2,8 +2,7 @@ put: tags: - SIM Integrations summary: Update an existing SIM integration - description: Update an existing SIM integration. A token with Org Admin or Service - Desk Admin authority is required to access this endpoint. + description: Update an existing SIM integration. operationId: putSIMIntegration requestBody: description: The full DTO of the integration containing the updated model @@ -48,14 +47,15 @@ put: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:service-desk-admin:create + - userAuth: + - idn:service-desk-admin:create + x-sailpoint-userLevels: + - ORG_ADMIN get: tags: - SIM Integrations summary: Get a SIM integration details. - description: Get the details of a SIM integration. A token with Org Admin or Service - Desk Admin authority is required to access this endpoint. + description: Get the details of a SIM integration. operationId: getSIMIntegration parameters: - name: id @@ -93,14 +93,15 @@ get: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:service-desk-admin:read + - userAuth: + - idn:service-desk-admin:read + x-sailpoint-userLevels: + - ORG_ADMIN delete: tags: - SIM Integrations summary: Delete a SIM integration - description: Get the details of a SIM integration. A token with Org Admin or Service - Desk Admin authority is required to access this endpoint. + description: Get the details of a SIM integration. operationId: deleteSIMIntegration parameters: - name: id @@ -134,14 +135,15 @@ delete: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:service-desk-admin:write + - userAuth: + - idn:service-desk-admin:write + x-sailpoint-userLevels: + - ORG_ADMIN patch: tags: - SIM Integrations summary: Patch a SIM attribute. - description: Patch a SIM attribute given a JsonPatch object. A token with Org Admin - or Service Desk Admin authority is required to access this endpoint. + description: Patch a SIM attribute given a JsonPatch object. operationId: patchSIMAttributes requestBody: required: true @@ -186,5 +188,7 @@ patch: '500': $ref: ../../v3/responses/500.yaml security: - - userAuth: - - idn:service-desk-admin:write + - userAuth: + - idn:service-desk-admin:write + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v2024/paths/source-connector-check-connection.yaml b/idn/v2024/paths/source-connector-check-connection.yaml index f1195ade..46e082cd 100644 --- a/idn/v2024/paths/source-connector-check-connection.yaml +++ b/idn/v2024/paths/source-connector-check-connection.yaml @@ -3,14 +3,15 @@ post: tags: - Sources summary: Check connection for source connector. - description: 'This endpoint validates that the configured credentials are valid + description: >- + This endpoint validates that the configured credentials are valid and will properly authenticate with the source identified by the sourceId path parameter. - - A token with ORG_ADMIN authority is required to call this API.' security: - userAuth: - idn:source-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: sourceId diff --git a/idn/v2024/paths/source-connector-peek-resource-objects.yaml b/idn/v2024/paths/source-connector-peek-resource-objects.yaml index 4ad98174..f08d18ac 100644 --- a/idn/v2024/paths/source-connector-peek-resource-objects.yaml +++ b/idn/v2024/paths/source-connector-peek-resource-objects.yaml @@ -3,13 +3,14 @@ post: tags: - Sources summary: Peek source connector's resource objects - description: 'Retrieves a sample of data returned from account and group aggregation + description: >- + Retrieves a sample of data returned from account and group aggregation requests. - - A token with ORG_ADMIN authority is required to call this API.' security: - - userAuth: - - idn:source-connector:manage + - userAuth: + - idn:source-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: sourceId diff --git a/idn/v2024/paths/source-connector-ping-cluster.yaml b/idn/v2024/paths/source-connector-ping-cluster.yaml index 8f35dde4..5a55ab07 100644 --- a/idn/v2024/paths/source-connector-ping-cluster.yaml +++ b/idn/v2024/paths/source-connector-ping-cluster.yaml @@ -3,13 +3,14 @@ post: tags: - Sources summary: Ping cluster for source connector - description: 'This endpoint validates that the cluster being used by the source + description: >- + This endpoint validates that the cluster being used by the source is reachable from IdentityNow. - - A token with ORG_ADMIN authority is required to call this API.' security: - - userAuth: - - idn:source-connector:manage + - userAuth: + - idn:source-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: sourceId diff --git a/idn/v2024/paths/source-connector-test-configuration.yaml b/idn/v2024/paths/source-connector-test-configuration.yaml index e63d0667..595f1e5a 100644 --- a/idn/v2024/paths/source-connector-test-configuration.yaml +++ b/idn/v2024/paths/source-connector-test-configuration.yaml @@ -3,14 +3,15 @@ post: tags: - Sources summary: Test configuration for source connector - description: 'This endpoint performs a more detailed validation of the source''s + description: >- + This endpoint performs a more detailed validation of the source''s configuration that can take longer than the lighter weight credential validation performed by the checkConnection API. - - A token with ORG_ADMIN authority is required to call this API.' security: - - userAuth: - - idn:source-connector:manage + - userAuth: + - idn:source-connector:manage + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: sourceId diff --git a/idn/v2024/paths/source-connectors-source-config.yaml b/idn/v2024/paths/source-connectors-source-config.yaml index c2d39ff4..31b6113b 100644 --- a/idn/v2024/paths/source-connectors-source-config.yaml +++ b/idn/v2024/paths/source-connectors-source-config.yaml @@ -3,10 +3,13 @@ get: tags: - Sources summary: Gets source config with language translations - description: 'Looks up and returns the source config for the requested source id + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + description: >- + Looks up and returns the source config for the requested source id after populating the source config values and applying language translations. - - A token with ORG_ADMIN authority is required to call this API.' parameters: - in: path name: id diff --git a/idn/v2024/paths/source-synchronize-attributes.yaml b/idn/v2024/paths/source-synchronize-attributes.yaml index 942c9b2c..bd5103bf 100644 --- a/idn/v2024/paths/source-synchronize-attributes.yaml +++ b/idn/v2024/paths/source-synchronize-attributes.yaml @@ -3,9 +3,12 @@ post: tags: - Sources summary: Synchronize single source attributes. - description: 'This end-point performs attribute synchronization for a selected source. - - A token with ORG_ADMIN or SOURCE_ADMIN authority is required to call this API.' + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + description: This end-point performs attribute synchronization for a selected source. parameters: - in: path name: id diff --git a/idn/v2024/paths/sources-entitlement-request-config.yaml b/idn/v2024/paths/sources-entitlement-request-config.yaml index 4474588d..2c8e777a 100644 --- a/idn/v2024/paths/sources-entitlement-request-config.yaml +++ b/idn/v2024/paths/sources-entitlement-request-config.yaml @@ -3,11 +3,16 @@ get: - userAuth: - idn:sources:read - idn:sources:manage + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN operationId: getSourceEntitlementRequestConfig summary: Get Source Entitlement Request Configuration tags: - Sources - description: 'This API gets the current entitlement request configuration for a + description: >- + This API gets the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source. @@ -20,10 +25,6 @@ get: - However, the entitlement-level configuration (if defined) overrides this source-level configuration. - - - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required - to call this API.' responses: '200': description: Source Entitlement Request Configuration Details. @@ -88,11 +89,16 @@ put: security: - userAuth: - idn:sources:manage + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN operationId: updateSourceEntitlementRequestConfig summary: Update Source Entitlement Request Configuration tags: - Sources - description: 'This API replaces the current entitlement request configuration for + description: >- + This API replaces the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source. @@ -105,10 +111,6 @@ put: - However, the entitlement-level configuration (if defined) overrides this source-level configuration. - - - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required - to call this API.' requestBody: required: true content: diff --git a/idn/v2024/paths/ui-metadata/tenant-ui-metadata.yaml b/idn/v2024/paths/ui-metadata/tenant-ui-metadata.yaml index a2fc5eb3..98965fca 100644 --- a/idn/v2024/paths/ui-metadata/tenant-ui-metadata.yaml +++ b/idn/v2024/paths/ui-metadata/tenant-ui-metadata.yaml @@ -3,12 +3,12 @@ get: tags: - UI Metadata summary: Get a tenant UI metadata - description: 'This API endpoint retrieves UI metadata configured for your tenant. - - A token with ORG_ADMIN authority is required to call this API.' + description: This API endpoint retrieves UI metadata configured for your tenant. security: - userAuth: - idn:ui-access-metadata-page:read + x-sailpoint-userLevels: + - ORG_ADMIN responses: '200': description: A tenant UI metadata object @@ -42,10 +42,9 @@ put: tags: - UI Metadata summary: Update tenant UI metadata - description: 'This API endpoint updates UI metadata for your tenant. These changes + description: >- + This API endpoint updates UI metadata for your tenant. These changes may require up to 5 minutes to take effect on the UI. - - A token with ORG_ADMIN authority is required to call this API.' requestBody: required: true content: @@ -55,6 +54,8 @@ put: security: - userAuth: - idn:ui-access-metadata-page:manage + x-sailpoint-userLevels: + - ORG_ADMIN responses: '200': description: A tenant UI metadata object diff --git a/idn/v2024/paths/workgroups/bulk-delete-workgroup-members.yaml b/idn/v2024/paths/workgroups/bulk-delete-workgroup-members.yaml index a7b3a090..6baaa297 100644 --- a/idn/v2024/paths/workgroups/bulk-delete-workgroup-members.yaml +++ b/idn/v2024/paths/workgroups/bulk-delete-workgroup-members.yaml @@ -1,14 +1,16 @@ post: operationId: deleteWorkgroupMembers security: - - userAuth: - - idn:workgroup:write + - userAuth: + - idn:workgroup:write + - applicationAuth: + - idn:workgroup:write + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Governance Groups summary: Remove members from Governance Group description: 'This API removes one or more members from a Governance Group. A - token with API, ORG_ADMIN authority is required to call this API. - > **Following field of Identity is an optional field in the request.** diff --git a/idn/v2024/paths/workgroups/workgroup.yaml b/idn/v2024/paths/workgroups/workgroup.yaml index 1b6e42b3..50623bab 100644 --- a/idn/v2024/paths/workgroups/workgroup.yaml +++ b/idn/v2024/paths/workgroups/workgroup.yaml @@ -38,8 +38,12 @@ get: '500': $ref: ../../../v3/responses/500.yaml security: - - userAuth: - - idn:workgroup:read + - userAuth: + - idn:workgroup:read + - applicationAuth: + - idn:workgroup:read + x-sailpoint-userLevels: + - ORG_ADMIN delete: operationId: deleteWorkgroup tags: @@ -76,16 +80,26 @@ delete: '500': $ref: ../../../v3/responses/500.yaml security: - - userAuth: - - idn:workgroup:write + - userAuth: + - idn:workgroup:write + - applicationAuth: + - idn:workgroup:write + x-sailpoint-userLevels: + - ORG_ADMIN patch: operationId: patchWorkgroup tags: - Governance Groups summary: Patch a Governance Group - description: "This API updates an existing governance group by ID. \nThe following\ - \ fields and objects are patchable:\n * name\n * description\n * owner\n\n\ - A token with API or ORG_ADMIN authority is required to call this API." + description: >- + This API updates an existing governance group by ID. The following + fields and objects are patchable: + + * name + + * description + + * owner parameters: - in: path name: id @@ -134,5 +148,9 @@ patch: '500': $ref: ../../../v3/responses/500.yaml security: - - userAuth: - - idn:workgroup:write + - userAuth: + - idn:workgroup:write + - applicationAuth: + - idn:workgroup:write + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v2024/schemas/role-metadata/RoleBulkUpdateResponse.yaml b/idn/v2024/schemas/role-metadata/RoleBulkUpdateResponse.yaml new file mode 100644 index 00000000..7ec030ad --- /dev/null +++ b/idn/v2024/schemas/role-metadata/RoleBulkUpdateResponse.yaml @@ -0,0 +1,29 @@ +type: object +properties: + id: + type: string + description: ID of the task which is executing the bulk update. This also used + in to the bulk-update/** API to track status. + example: 2c9180867817ac4d017817c491119a20 + type: + type: string + description: Type of the bulk update object. + example: Role + status: + type: string + description: The status of the bulk update request, could also checked by + getBulkUpdateStatus API + enum: + - CREATED + - PRE_PROCESS + - PRE_PROCESS_COMPLETED + - POST_PROCESS + - COMPLETED + - CHUNK_PENDING + - CHUNK_PROCESSING + example: CREATED + created: + type: string + description: Time when the bulk update request was created + format: date-time + example: 2020-10-08T18:33:52.029Z \ No newline at end of file diff --git a/idn/v2024/schemas/role-metadata/RoleListFilterDTO.yaml b/idn/v2024/schemas/role-metadata/RoleListFilterDTO.yaml new file mode 100644 index 00000000..a6f23909 --- /dev/null +++ b/idn/v2024/schemas/role-metadata/RoleListFilterDTO.yaml @@ -0,0 +1,59 @@ +description: AMMFilterValues +type: object +properties: + filters: + type: string + description: >- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + + **id**: *eq, in* + + + **name**: *eq, sw* + + + **created**: *gt, lt, ge, le* + + + **modified**: *gt, lt, ge, le* + + + **owner.id**: *eq, in* + + + **requestable**: *eq* + + + example: "dimensional eq false" + nullable: true + ammKeyValues: + nullable: true + type: array + items: + type: object + properties: + attribute: + description: attribute key of a metadata. + type: string + example: + "iscFederalClassifications" + values: + description: A list of attribute key names to filter roles. + If the values is empty, will only filter by attribute key. + type: array + items: + type: string + example: "secret" + example: ["secret"] + example: + [ + { + "attribute": "iscFederalClassifications", + "values": [ + "secret" + ] + } + ] \ No newline at end of file diff --git a/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByFilterRequest.yaml b/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByFilterRequest.yaml new file mode 100644 index 00000000..26ba4e14 --- /dev/null +++ b/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByFilterRequest.yaml @@ -0,0 +1,81 @@ +description: >- + This API initialize a a Bulk update by filter request of Role metadata. + The maximum meta data values that one single role assigned can not exceed 25. + Custom metadata need suit licensed. +type: object +properties: + filters: + description: >- + Filtering is supported for the following fields and operators: + + + **id** : *eq, in* + + + **name** : *eq, sw* + + + **created** : *gt, lt, ge, le* + + + **modified** : *gt, lt, ge, le* + + + **owner.id** : *eq, in* + + + **requestable** : *eq* + type: string + example: + " requestable eq false" + operation: + description: The operation to be performed + type: string + enum: + - "add" + - "remove" + - "replace" + example: "replace" + replaceScope: + description: The choice of update scope. + type: string + enum: + - "ALL" + - "ATTRIBUTE" + example: + "ALL" + values: + description: The metadata to be updated, including attribute key and value. + type: array + nullable: false + items: + type: object + required: + - attribute + - values + properties: + attributeKey: + type: string + description: the key of metadata attribute + example: "iscFederalClassifications" + values: + type: array + description: the values of attribute to be updated + items: + type: string + example: "secret" + nullable: true + example: [ "secret" ] + example: + [ + { + "attribute": "iscFederalClassifications", + "values": [ + "topSecret" + ] + } + ] +required: + - filters + - operation + - values \ No newline at end of file diff --git a/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByIdRequest.yaml b/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByIdRequest.yaml new file mode 100644 index 00000000..0aaf1705 --- /dev/null +++ b/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByIdRequest.yaml @@ -0,0 +1,66 @@ +description: >- + This API initialize a Bulk update by Id request of Role metadata. + The maximum role count in a single update request is 3000. + The maximum meta data values that one single role assigned can not exceed 25. + Custom metadata need suit licensed. +type: object +properties: + roles: + description: Roles' Id to be updated + type: array + items: + type: string + example: + ["b1db89554cfa431cb8b9921ea38d9367"] + + operation: + description: The operation to be performed + type: string + enum: + - "add" + - "remove" + - "replace" + example: "replace" + replaceScope: + description: The choice of update scope. + type: string + enum: + - "ALL" + - "ATTRIBUTE" + example: + "ALL" + values: + description: The metadata to be updated, including attribute key and value. + type: array + nullable: false + items: + type: object + required: + - attribute + - values + properties: + attribute: + type: string + description: the key of metadata attribute + example: "iscFederalClassifications" + values: + type: array + description: the values of attribute to be updated + items: + type: string + example: "secret" + nullable: true + example: [ "secret" ] + example: + [ + { + "attribute": "iscFederalClassifications", + "values": [ + "topSecret" + ] + } + ] +required: + - roles + - operation + - values \ No newline at end of file diff --git a/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByQueryRequest.yaml b/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByQueryRequest.yaml new file mode 100644 index 00000000..1522b84e --- /dev/null +++ b/idn/v2024/schemas/role-metadata/RoleMetadataBulkUpdateByQueryRequest.yaml @@ -0,0 +1,73 @@ +description: >- + Bulk update by query request of Role metadata. + The maximum meta data values that one single role assigned can not exceed 25. + Custom metadata need suit licensed. + + For more information about the query could refer to + [V3 API Perform Search](https://developer.sailpoint.com/docs/api/v3/search-post) +type: object +properties: + query: + description: query the identities to be updated + type: object + items: + $ref: '../../../v3/schemas/search/Search.yaml' + example: + query": { + "indices": [ + "roles" + ], + "queryType": "TEXT", + "textQuery": { + "terms": [ + "test123" + ], + "fields": [ + "id" + ], + "matchAny": false, + "contains": true + }, + "includeNested": false + } + operation: + description: The operation to be performed + type: string + enum: + - "add" + - "remove" + - "replace" + example: "replace" + replaceScope: + description: The choice of update scope. + type: string + enum: + - "ALL" + - "ATTRIBUTE" + example: + "ALL" + values: + description: The metadata to be updated, including attribute key and value. + type: array + nullable: false + items: + type: object + required: + - attribute + - values + properties: + attributeKey: + type: string + description: the key of metadata attribute + example: "iscFederalClassifications" + attributeValue: + type: array + description: the values of attribute to be updated + items: + type: string + example: "topSecret" + example: ["topSecret"] +required: + - query + - operation + - values \ No newline at end of file diff --git a/idn/v3/paths/access-profile-bulk-delete.yaml b/idn/v3/paths/access-profile-bulk-delete.yaml index 7fbf672d..3d174f50 100644 --- a/idn/v3/paths/access-profile-bulk-delete.yaml +++ b/idn/v3/paths/access-profile-bulk-delete.yaml @@ -16,8 +16,7 @@ post: **true**, however, usages are reported in the **inUse** response field but all other indicated access profiles will be deleted. - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this endpoint. In addition, - a SOURCE_SUBADMIN can only use this endpoint to delete access profiles associated with sources they're able + A SOURCE_SUBADMIN user can only use this endpoint to delete access profiles associated with sources they're able to administer. requestBody: required: true @@ -86,3 +85,8 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:manage] + - applicationAuth: [idn:access-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN diff --git a/idn/v3/paths/access-profile-entitlements.yaml b/idn/v3/paths/access-profile-entitlements.yaml index b6136186..74f12e82 100644 --- a/idn/v3/paths/access-profile-entitlements.yaml +++ b/idn/v3/paths/access-profile-entitlements.yaml @@ -1,98 +1,101 @@ get: - operationId: getAccessProfileEntitlements - tags: - - Access Profiles - summary: List Access Profile's Entitlements - description: >- - Use this API to get a list of an access profile's entitlements. + operationId: getAccessProfileEntitlements + tags: + - Access Profiles + summary: List Access Profile's Entitlements + description: >- + Use this API to get a list of an access profile's entitlements. - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In - addition, a token with SOURCE_SUBADMIN authority must have access to the source associated with the specified - access profile. + A SOURCE_SUBADMIN user must have access to the source associated with the specified + access profile. - >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. - parameters: - - name: id - in: path - description: ID of the access profile containing the entitlements. - required: true - schema: - type: string - example: 2c91808a7813090a017814121919ecca - - $ref: '../../v3/parameters/limit.yaml' - - $ref: '../../v3/parameters/offset.yaml' - - $ref: '../../v3/parameters/count.yaml' - - in: query - name: filters - schema: - type: string - description: >- - Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. + parameters: + - name: id + in: path + description: ID of the access profile containing the entitlements. + required: true + schema: + type: string + example: 2c91808a7813090a017814121919ecca + - $ref: '../../v3/parameters/limit.yaml' + - $ref: '../../v3/parameters/offset.yaml' + - $ref: '../../v3/parameters/count.yaml' + - in: query + name: filters + schema: + type: string + description: >- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) - Filtering is supported for the following fields and operators: + Filtering is supported for the following fields and operators: - **id**: *eq, in* + **id**: *eq, in* - **name**: *eq, sw* + **name**: *eq, sw* - **attribute**: *eq, sw* + **attribute**: *eq, sw* - **value**: *eq, sw* + **value**: *eq, sw* - **created**: *gt, lt, ge, le* + **created**: *gt, lt, ge, le* - **modified**: *gt, lt, ge, le* + **modified**: *gt, lt, ge, le* - **owner.id**: *eq, in* + **owner.id**: *eq, in* - **source.id**: *eq, in* + **source.id**: *eq, in* - Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. - example: attribute eq "memberOf" - required: false - - in: query - name: sorters - schema: - type: string - format: comma-separated - description: >- - Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. + example: attribute eq "memberOf" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: >- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) - Sorting is supported for the following fields: **name, attribute, value, created, modified** - example: name,-modified - required: false - responses: - '200': - description: List of entitlements. - content: - application/json: - schema: - type: array - items: - $ref: '../schemas/Entitlement.yaml' - '400': - $ref: '../../v3/responses/400.yaml' - '401': - $ref: '../../v3/responses/401.yaml' - '403': - $ref: '../../v3/responses/403.yaml' - '429': - $ref: '../../v3/responses/429.yaml' - '500': - $ref: '../../v3/responses/500.yaml' - security: - - userAuth: [idn:access-profile:read] - + Sorting is supported for the following fields: **name, attribute, value, created, modified** + example: name,-modified + required: false + responses: + '200': + description: List of entitlements. + content: + application/json: + schema: + type: array + items: + $ref: '../schemas/Entitlement.yaml' + '400': + $ref: '../../v3/responses/400.yaml' + '401': + $ref: '../../v3/responses/401.yaml' + '403': + $ref: '../../v3/responses/403.yaml' + '429': + $ref: '../../v3/responses/429.yaml' + '500': + $ref: '../../v3/responses/500.yaml' + security: + - userAuth: [idn:access-profile:read] + - applicationAuth: [idn:access-profile:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN diff --git a/idn/v3/paths/access-profile.yaml b/idn/v3/paths/access-profile.yaml index bb6026d4..07dd4589 100644 --- a/idn/v3/paths/access-profile.yaml +++ b/idn/v3/paths/access-profile.yaml @@ -5,10 +5,6 @@ get: summary: Get an Access Profile description: >- This API returns an Access Profile by its ID. - - - A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to - call this API. parameters: - in: path name: id @@ -37,6 +33,13 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:read] + - applicationAuth: [idn:access-profile:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN patch: operationId: patchAccessProfile tags: @@ -82,8 +85,7 @@ patch: If you need to change the `source` of the access profile, you can do so only if you update the `entitlements` in the same API call. The new entitlements can only come from the target source that you want to change to. Look for the example "Replace Source" in the examples dropdown. - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a - SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to + A user with SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer. > The maximum supported length for the description field is 2000 characters. @@ -184,6 +186,11 @@ patch: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:manage] + - applicationAuth: [idn:access-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN delete: operationId: deleteAccessProfile tags: @@ -196,8 +203,7 @@ delete: The Access Profile must not be in use, for example, Access Profile can not be deleted if they belong to an Application, Life Cycle State or a Role. If it is, a 400 error is returned. - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, - a SOURCE_SUBADMIN token must be able to administer the Source associated with the Access Profile. + A user with SOURCE_SUBADMIN must be able to administer the Source associated with the Access Profile. parameters: - name: id in: path @@ -235,4 +241,9 @@ delete: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:manage] + - applicationAuth: [idn:access-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN diff --git a/idn/v3/paths/access-profiles.yaml b/idn/v3/paths/access-profiles.yaml index 9d914984..5582c719 100644 --- a/idn/v3/paths/access-profiles.yaml +++ b/idn/v3/paths/access-profiles.yaml @@ -6,9 +6,6 @@ get: description: >- Use this API to get a list of access profiles. - A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to - call this API. - >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. parameters: - in: query @@ -122,6 +119,13 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:read] + - applicationAuth: [idn:access-profile:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN post: operationId: createAccessProfile tags: @@ -130,8 +134,7 @@ post: description: >- Use this API to create an access profile. - A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to - call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the + A user with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the access profile's Source. The maximum supported length for the description field is 2000 characters. @@ -161,3 +164,10 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:access-profile:manage] + - applicationAuth: [idn:access-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN \ No newline at end of file diff --git a/idn/v3/paths/access-request-cancel.yaml b/idn/v3/paths/access-request-cancel.yaml index af277f41..c91ad526 100644 --- a/idn/v3/paths/access-request-cancel.yaml +++ b/idn/v3/paths/access-request-cancel.yaml @@ -2,13 +2,15 @@ post: operationId: cancelAccessRequest security: - userAuth: [ idn:access-request:cancel ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Access Requests summary: Cancel Access Request description: >- This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step. - Any token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it. + In addition to users with ORG_ADMIN, any user who originally submitted the access request may cancel it. requestBody: required: true content: diff --git a/idn/v3/paths/access-request-close.yaml b/idn/v3/paths/access-request-close.yaml index 2ca663c6..805c6693 100644 --- a/idn/v3/paths/access-request-close.yaml +++ b/idn/v3/paths/access-request-close.yaml @@ -3,8 +3,12 @@ post: tags: - Access Requests summary: Close Access Request + security: + - userAuth: [ sp:scopes:all ] + x-sailpoint-userLevels: + - ORG_ADMIN description: | - This endpoint closes access requests that are stuck in a pending state. It can be used throughout a request's lifecycle even after the approval state, unlike the [Cancel Access Request endpoint](https://developer.sailpoint.com/idn/api/v3/cancel-access-request/). A token with ORG_ADMIN authority is required. + This endpoint closes access requests that are stuck in a pending state. It can be used throughout a request's lifecycle even after the approval state, unlike the [Cancel Access Request endpoint](https://developer.sailpoint.com/idn/api/v3/cancel-access-request/). To find pending access requests with the UI, navigate to Search and use this query: status: Pending AND "Access Request". Use the Column Chooser to select 'Tracking Number', and use the 'Download' button to export a CSV containing the tracking numbers. diff --git a/idn/v3/paths/access-request-config.yaml b/idn/v3/paths/access-request-config.yaml index fa140744..bf25af03 100644 --- a/idn/v3/paths/access-request-config.yaml +++ b/idn/v3/paths/access-request-config.yaml @@ -29,13 +29,13 @@ put: operationId: setAccessRequestConfig security: - userAuth: [ idn:access-request-config:update ] + x-sailpoint-userLevels: + - ORG_ADMIN summary: Update Access Request Configuration tags: - Access Requests description: >- This endpoint replaces the current access-request configuration. - - A token with ORG_ADMIN authority is required to call this API. requestBody: required: true content: diff --git a/idn/v3/paths/access-request-status.yaml b/idn/v3/paths/access-request-status.yaml index 4fd11038..e65b9de4 100644 --- a/idn/v3/paths/access-request-status.yaml +++ b/idn/v3/paths/access-request-status.yaml @@ -2,6 +2,8 @@ get: operationId: listAccessRequestStatus security: - userAuth: [ idn:access-request-status:read ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Access Requests summary: Access Request Status @@ -12,8 +14,8 @@ get: If an access request was made for access that an identity already has, the API ignores the access request. These ignored requests do not display in the list of access request statuses. - Any token with any authority can request their own status. A token with - ORG_ADMIN authority is required to call this API to get a list of statuses + Any user with any user level can get the status of their own access requests. A user with + ORG_ADMIN is required to call this API to get a list of statuses for other users. parameters: - in: query diff --git a/idn/v3/paths/access-requests.yaml b/idn/v3/paths/access-requests.yaml index 1731d2d5..542b82e2 100644 --- a/idn/v3/paths/access-requests.yaml +++ b/idn/v3/paths/access-requests.yaml @@ -2,6 +2,9 @@ post: operationId: createAccessRequest security: - userAuth: [ idn:access-request:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN + - USER summary: Submit Access Request tags: - Access Requests @@ -35,10 +38,7 @@ post: * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn't already have a sunset date. The `removeDate` must be a future date, in the UTC timezone. - * Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone. - - A token with API authority cannot be used to call this endpoint. - + * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. requestBody: required: true content: diff --git a/idn/v3/paths/account.yaml b/idn/v3/paths/account.yaml index bb44489b..3113d766 100644 --- a/idn/v3/paths/account.yaml +++ b/idn/v3/paths/account.yaml @@ -5,10 +5,13 @@ get: summary: Account Details description: >- Use this API to return the details for a single account by its ID. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API. security: - userAuth: [idn:accounts:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - HELPDESK parameters: - in: path name: id @@ -43,7 +46,6 @@ patch: summary: Update Account description: | Use this API to update account details. - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. This API supports updating an account's correlation by modifying the `identityId` and `manuallyCorrelated` fields. To reassign an account from one identity to another, replace the current `identityId` with a new value. @@ -55,6 +57,10 @@ patch: >**Note:** The `attributes` field can only be modified for flat file accounts. security: - userAuth: [idn:accounts:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN parameters: - in: path name: id @@ -129,11 +135,13 @@ put: This endpoint submits an account update task and returns the task ID. - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. - >**Note: You can only use this PUT endpoint to update accounts from flat file sources.** security: - userAuth: [idn:accounts:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN parameters: - in: path name: id @@ -180,11 +188,13 @@ delete: This endpoint only deletes the account from IdentityNow, not the source itself, which can result in the account's returning with the next aggregation between the source and IdentityNow. To avoid this scenario, it is recommended that you [disable accounts](https://developer.sailpoint.com/idn/api/v3/disable-account) rather than delete them. This will also allow you to reenable the accounts in the future. - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. - >**NOTE: You can only delete accounts from sources of the "DelimitedFile" type.** security: - userAuth: [idn:accounts:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/accounts-id-disable.yaml b/idn/v3/paths/accounts-id-disable.yaml index 7f27076c..ae5eaae7 100644 --- a/idn/v3/paths/accounts-id-disable.yaml +++ b/idn/v3/paths/accounts-id-disable.yaml @@ -4,11 +4,14 @@ post: - Accounts summary: Disable Account description: >- - This API submits a task to disable the account and returns the task ID. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API. + This API submits a task to disable the account and returns the task ID. security: - userAuth: [idn:accounts-state:manage] + x-sailpont-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - HELPDESK parameters: - in: path name: id diff --git a/idn/v3/paths/accounts-id-enable.yaml b/idn/v3/paths/accounts-id-enable.yaml index 4e44011e..546473b2 100644 --- a/idn/v3/paths/accounts-id-enable.yaml +++ b/idn/v3/paths/accounts-id-enable.yaml @@ -4,11 +4,14 @@ post: - Accounts summary: Enable Account description: >- - This API submits a task to enable account and returns the task ID. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API. + This API submits a task to enable account and returns the task ID. security: - userAuth: [idn:accounts-state:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - HELPDESK parameters: - in: path name: id diff --git a/idn/v3/paths/accounts-id-entitlements.yaml b/idn/v3/paths/accounts-id-entitlements.yaml index 0f11eb22..b46b1b51 100644 --- a/idn/v3/paths/accounts-id-entitlements.yaml +++ b/idn/v3/paths/accounts-id-entitlements.yaml @@ -4,11 +4,14 @@ get: - Accounts summary: Account Entitlements description: >- - This API returns entitlements of the account. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API. + This API returns entitlements of the account. security: - userAuth: [idn:accounts:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - HELPDESK parameters: - $ref: '../parameters/limit.yaml' - $ref: '../parameters/offset.yaml' diff --git a/idn/v3/paths/accounts-id-reload.yaml b/idn/v3/paths/accounts-id-reload.yaml index cccb78c1..83fbef9e 100644 --- a/idn/v3/paths/accounts-id-reload.yaml +++ b/idn/v3/paths/accounts-id-reload.yaml @@ -4,11 +4,14 @@ post: - Accounts summary: Reload Account description: >- - This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API. + This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. security: - userAuth: [idn:accounts-state:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - HELPDESK parameters: - in: path name: id diff --git a/idn/v3/paths/accounts-id-unlock.yaml b/idn/v3/paths/accounts-id-unlock.yaml index 2b8cbbd3..4a6bf358 100644 --- a/idn/v3/paths/accounts-id-unlock.yaml +++ b/idn/v3/paths/accounts-id-unlock.yaml @@ -7,10 +7,13 @@ post: This API submits a task to unlock an account and returns the task ID. To use this endpoint to unlock an account that has the `forceProvisioning` option set to true, the `idn:accounts-provisioning:manage` scope is required. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API. security: - userAuth: [idn:accounts-state:manage, idn:accounts-provisioning:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - HELPDESK parameters: - in: path name: id diff --git a/idn/v3/paths/accounts.yaml b/idn/v3/paths/accounts.yaml index 90857dd3..6ed3e4ae 100644 --- a/idn/v3/paths/accounts.yaml +++ b/idn/v3/paths/accounts.yaml @@ -5,10 +5,13 @@ get: summary: Accounts List description: >- This returns a list of accounts. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API. security: - userAuth: [idn:accounts:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - HELPDESK parameters: - $ref: "../parameters/limit.yaml" - $ref: "../parameters/offset.yaml" @@ -119,10 +122,12 @@ post: The endpoint doesn't actually provision the account on the target source, which means that if the account doesn't also exist on the target source, an aggregation between the source and your tenant will remove it from your tenant. By providing the account ID of an existing account in the request body, this API will function as a PATCH operation and update the account. - - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - userAuth: [idn:accounts:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN requestBody: required: true content: diff --git a/idn/v3/paths/branding.yaml b/idn/v3/paths/branding.yaml index f9007dba..1b5a963d 100644 --- a/idn/v3/paths/branding.yaml +++ b/idn/v3/paths/branding.yaml @@ -4,11 +4,12 @@ get: - Branding summary: Get a branding item description: >- - This API endpoint retrieves information for an existing branding item by name. - - A token with API, ORG_ADMIN authority is required to call this API. + This API endpoint retrieves information for an existing branding item by name. security: - userAuth: [idn:branding:read] + - applicationAuth: [idn:branding:read] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: name @@ -43,8 +44,6 @@ put: summary: Update a branding item description: >- This API endpoint updates information for an existing branding item. - - A token with API, ORG_ADMIN authority is required to call this API. parameters: - in: path name: name @@ -61,6 +60,9 @@ put: $ref: '../schemas/BrandingItemCreate.yaml' security: - userAuth: [idn:branding:manage] + - applicationAuth: [idn:branding:manage] + x-sailpoint-userLevels: + - ORG_ADMIN responses: '200': description: Branding item updated @@ -86,11 +88,12 @@ delete: - Branding summary: Delete a branding item description: >- - This API endpoint delete information for an existing branding item by name. - - A token with API, ORG_ADMIN authority is required to call this API. + This API endpoint delete information for an existing branding item by name. security: - userAuth: [idn:branding:manage] + - applicationAuth: [idn:branding:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: name diff --git a/idn/v3/paths/brandings.yaml b/idn/v3/paths/brandings.yaml index 2c175702..373b9d08 100644 --- a/idn/v3/paths/brandings.yaml +++ b/idn/v3/paths/brandings.yaml @@ -5,11 +5,11 @@ get: summary: List of branding items description: >- This API endpoint returns a list of branding items. - - - A token with API, ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:branding:read] + - applicationAuth: [idn:branding:read] + x-sailpoint-userLevels: + - ORG_ADMIN responses: '200': description: A list of branding items. @@ -36,8 +36,6 @@ post: summary: Create a branding item description: >- This API endpoint creates a branding item. - - A token with API, ORG_ADMIN authority is required to call this API. requestBody: required: true content: @@ -46,6 +44,9 @@ post: $ref: '../schemas/BrandingItemCreate.yaml' security: - userAuth: [idn:branding:manage] + - applicationAuth: [idn:branding:manage] + x-sailpoint-userLevels: + - ORG_ADMIN responses: '201': description: Branding item created diff --git a/idn/v3/paths/bulk-add-tagged-objects.yaml b/idn/v3/paths/bulk-add-tagged-objects.yaml index 4c450191..37147934 100644 --- a/idn/v3/paths/bulk-add-tagged-objects.yaml +++ b/idn/v3/paths/bulk-add-tagged-objects.yaml @@ -2,15 +2,20 @@ post: operationId: setTagsToManyObjects security: - userAuth: [ idn:tag:manage ] + - applicationAuth: [ idn:tag:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN + - REPORT_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN tags: - Tagged Objects summary: Tag Multiple Objects description: >- This API adds tags to multiple objects. - - - A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN - authority is required to call this API. requestBody: required: true description: Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE. diff --git a/idn/v3/paths/bulk-remove-tagged-objects.yaml b/idn/v3/paths/bulk-remove-tagged-objects.yaml index 8717897a..6569f299 100644 --- a/idn/v3/paths/bulk-remove-tagged-objects.yaml +++ b/idn/v3/paths/bulk-remove-tagged-objects.yaml @@ -2,15 +2,20 @@ post: operationId: deleteTagsToManyObject security: - userAuth: [ idn:tag:manage ] + - applicationAuth: [ idn:tag:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN + - REPORT_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN tags: - Tagged Objects summary: Remove Tags from Multiple Objects description: >- This API removes tags from multiple objects. - - - A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN - authority is required to call this API. requestBody: description: Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE. required: true diff --git a/idn/v3/paths/campaign-activate.yaml b/idn/v3/paths/campaign-activate.yaml index 3c32b358..5e4ae3c4 100644 --- a/idn/v3/paths/campaign-activate.yaml +++ b/idn/v3/paths/campaign-activate.yaml @@ -5,10 +5,11 @@ post: summary: Activate a Campaign description: | Use this API to submit a job to activate the certified campaign with the specified ID. The campaign must be staged. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN requestBody: description: Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). diff --git a/idn/v3/paths/campaign-admin-cert-reassign.yaml b/idn/v3/paths/campaign-admin-cert-reassign.yaml index bfdd01c2..d074b6d2 100644 --- a/idn/v3/paths/campaign-admin-cert-reassign.yaml +++ b/idn/v3/paths/campaign-admin-cert-reassign.yaml @@ -1,14 +1,15 @@ post: security: - userAuth: [idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN operationId: move tags: - Certification Campaigns summary: Reassign Certifications description: | - This API reassigns the specified certifications from one identity to another. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. + This API reassigns the specified certifications from one identity to another. parameters: - in: path name: id diff --git a/idn/v3/paths/campaign-complete.yaml b/idn/v3/paths/campaign-complete.yaml index c056327d..9f019220 100644 --- a/idn/v3/paths/campaign-complete.yaml +++ b/idn/v3/paths/campaign-complete.yaml @@ -14,10 +14,11 @@ post: Use this API to complete a certification campaign. This functionality is provided to admins so that they can complete a certification even if all items have not been completed. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN requestBody: description: Optional. Default behavior is for the campaign to auto-approve upon completion, diff --git a/idn/v3/paths/campaign-reports-configuration.yaml b/idn/v3/paths/campaign-reports-configuration.yaml index e8f006c0..ae50b493 100644 --- a/idn/v3/paths/campaign-reports-configuration.yaml +++ b/idn/v3/paths/campaign-reports-configuration.yaml @@ -5,11 +5,11 @@ get: summary: Get Campaign Reports Configuration description: | Use this API to fetch the configuration for certification campaign reports. The configuration includes only one element - identity attributes defined as custom report columns. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. - security: - userAuth: [idn:campaign:read, idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN responses: '200': description: Campaign report configuration. @@ -34,11 +34,11 @@ put: summary: Set Campaign Reports Configuration description: | Use this API to overwrite the configuration for campaign reports. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. - security: - userAuth: [idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN requestBody: required: true description: Campaign report configuration. diff --git a/idn/v3/paths/campaign-reports.yaml b/idn/v3/paths/campaign-reports.yaml index 1a04647a..b52e6ebc 100644 --- a/idn/v3/paths/campaign-reports.yaml +++ b/idn/v3/paths/campaign-reports.yaml @@ -5,10 +5,12 @@ get: summary: Get Campaign Reports description: | Use this API to fetch all reports for a certification campaign by campaign ID. - - A token with ORG_ADMIN, CERT_ADMIN or REPORT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign-report:read, idn:campaign-report:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN + - REPORT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/campaign-run-remediation-scan.yaml b/idn/v3/paths/campaign-run-remediation-scan.yaml index fbeaf6eb..6691e4d8 100644 --- a/idn/v3/paths/campaign-run-remediation-scan.yaml +++ b/idn/v3/paths/campaign-run-remediation-scan.yaml @@ -5,10 +5,12 @@ post: summary: Run Campaign Remediation Scan description: | Use this API to run a remediation scan task for a certification campaign. - - A token with ORG_ADMIN, CERT_ADMIN or REPORT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign-report:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN + - REPORT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/campaign-run-report.yaml b/idn/v3/paths/campaign-run-report.yaml index 9506c604..2a32efcc 100644 --- a/idn/v3/paths/campaign-run-report.yaml +++ b/idn/v3/paths/campaign-run-report.yaml @@ -5,10 +5,12 @@ post: summary: Run Campaign Report description: | Use this API to run a report for a certification campaign. - - A token with ORG_ADMIN, CERT_ADMIN or REPORT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign-report:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN + - REPORT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/campaign-template-generate.yaml b/idn/v3/paths/campaign-template-generate.yaml index d66694c7..c131569b 100644 --- a/idn/v3/paths/campaign-template-generate.yaml +++ b/idn/v3/paths/campaign-template-generate.yaml @@ -5,6 +5,9 @@ post: summary: Generate a Campaign from Template security: - userAuth: [idn:campaign-template:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN description: | Use this API to generate a new certification campaign from a campaign template. @@ -17,8 +20,6 @@ post: campaign called "Campaign for 2020" (assuming the year at generation time is 2020). Valid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html). - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. parameters: - in: path name: id diff --git a/idn/v3/paths/campaign-template-schedule.yaml b/idn/v3/paths/campaign-template-schedule.yaml index 0d3eda41..626aa7bc 100644 --- a/idn/v3/paths/campaign-template-schedule.yaml +++ b/idn/v3/paths/campaign-template-schedule.yaml @@ -5,10 +5,11 @@ get: summary: Get Campaign Template Schedule description: | Use this API to get the schedule for a certification campaign template. The API returns a 404 if there is no schedule set. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id @@ -45,10 +46,11 @@ put: summary: Set Campaign Template Schedule description: | Use this API to set the schedule for a certification campaign template. If a schedule already exists, the API overwrites it with the new one. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id @@ -151,10 +153,11 @@ delete: summary: Delete Campaign Template Schedule description: | Use this API to delete the schedule for a certification campaign template. The API returns a 404 if there is no schedule set. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/campaign-template.yaml b/idn/v3/paths/campaign-template.yaml index dba72857..e4ebd240 100644 --- a/idn/v3/paths/campaign-template.yaml +++ b/idn/v3/paths/campaign-template.yaml @@ -5,10 +5,11 @@ patch: summary: Update a Campaign Template description: | Use this API to update individual fields on a certification campaign template, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign-template:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id @@ -76,10 +77,11 @@ get: summary: Get a Campaign Template description: | Use this API to fetch a certification campaign template by ID. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign-template:read, idn:campaign-template:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id @@ -123,10 +125,11 @@ delete: summary: Delete a Campaign Template description: | Use this API to delete a certification campaign template by ID. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign-template:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/campaign-templates.yaml b/idn/v3/paths/campaign-templates.yaml index a88cdfd5..bd9a1d70 100644 --- a/idn/v3/paths/campaign-templates.yaml +++ b/idn/v3/paths/campaign-templates.yaml @@ -5,10 +5,11 @@ post: summary: Create a Campaign Template description: | Use this API to create a certification campaign template based on campaign. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign-template:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN requestBody: required: true content: @@ -59,10 +60,11 @@ get: Use this API to get a list of all campaign templates. Scope can be reduced through standard V3 query params. The API returns all campaign templates matching the query parameters. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign-template:read, idn:campaign-template:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - $ref: '../parameters/limit.yaml' - $ref: '../parameters/offset.yaml' diff --git a/idn/v3/paths/campaign.yaml b/idn/v3/paths/campaign.yaml index 6190ce20..ffc4c45c 100644 --- a/idn/v3/paths/campaign.yaml +++ b/idn/v3/paths/campaign.yaml @@ -5,10 +5,11 @@ get: summary: Get Campaign description: | Use this API to get information for an existing certification campaign by the campaign's ID. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign:read, idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id @@ -65,10 +66,11 @@ patch: summary: Update a Campaign description: | Use this API to update individual fields on a certification campaign, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign:read, idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/campaigns-delete.yaml b/idn/v3/paths/campaigns-delete.yaml index 8797146d..25b2d04c 100644 --- a/idn/v3/paths/campaigns-delete.yaml +++ b/idn/v3/paths/campaigns-delete.yaml @@ -5,10 +5,11 @@ post: summary: Delete Campaigns description: | Use this API to delete certification campaigns whose IDs are specified in the provided list of campaign IDs. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN requestBody: description: IDs of the campaigns to delete. required: true diff --git a/idn/v3/paths/campaigns.yaml b/idn/v3/paths/campaigns.yaml index 5a0d4f15..211cf6ca 100644 --- a/idn/v3/paths/campaigns.yaml +++ b/idn/v3/paths/campaigns.yaml @@ -5,10 +5,12 @@ get: summary: List Campaigns description: | Use this API to get a list of campaigns. This API can provide increased level of detail for each campaign for the correct provided query. - - A token with ORG_ADMIN, CERT_ADMIN or REPORT_ADMIN authority is required to call this API. security: - userAuth: [idn:campaign:read, idn:campaign:manage, idn:campaign-report:read, idn:campaign-report:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN + - REPORT_ADMIN parameters: - in: query name: detail @@ -87,11 +89,12 @@ post: - Certification Campaigns summary: Create a campaign description: | - Use this API to create a certification campaign with the information provided in the request body. - - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. + Use this API to create a certification campaign with the information provided in the request body. security: - userAuth: [idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN requestBody: required: true content: diff --git a/idn/v3/paths/certification-task.yaml b/idn/v3/paths/certification-task.yaml index f1a1d387..2f582046 100644 --- a/idn/v3/paths/certification-task.yaml +++ b/idn/v3/paths/certification-task.yaml @@ -4,10 +4,12 @@ get: - Certifications summary: Certification Task by ID description: >- - This API returns the certification task for the specified ID. A token with ORG_ADMIN or CERT_ADMIN authority is - required to call this API. Reviewers for the specified certification can also call this API. + This API returns the certification task for the specified ID. Reviewers for the specified certification can also call this API. security: - userAuth: [ idn:certification:read ] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/certifications-reassign-async.yaml b/idn/v3/paths/certifications-reassign-async.yaml index ef4f9d8a..51e06879 100644 --- a/idn/v3/paths/certifications-reassign-async.yaml +++ b/idn/v3/paths/certifications-reassign-async.yaml @@ -8,10 +8,12 @@ post: reviewer. The `certification-tasks` API can be used to get an updated status on the task and determine when the reassignment is complete. - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for - this certification can also call this API. + Reviewers for this certification can also call this API. security: - userAuth: [idn:campaign:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/certifications-reviewers.yaml b/idn/v3/paths/certifications-reviewers.yaml index 4dd9b397..803643bb 100644 --- a/idn/v3/paths/certifications-reviewers.yaml +++ b/idn/v3/paths/certifications-reviewers.yaml @@ -4,10 +4,12 @@ get: - Certifications summary: List of Reviewers for certification description: >- - This API returns a list of reviewers for the certification. A token with ORG_ADMIN or - CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + This API returns a list of reviewers for the certification. Reviewers for this certification can also call this API. security: - userAuth: [ idn:certification:read ] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/connector.yaml b/idn/v3/paths/connector.yaml index fae26bc7..055b64c3 100644 --- a/idn/v3/paths/connector.yaml +++ b/idn/v3/paths/connector.yaml @@ -4,9 +4,7 @@ get: operationId: getConnector summary: Gets connector by script name description: >- - Fetches a connector that using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Fetches a connector that using its script name. parameters: - name: scriptName in: path @@ -46,6 +44,8 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-config:read ] + x-sailpoint-userLevels: + - ORG_ADMIN delete: tags: - Connectors @@ -53,8 +53,6 @@ delete: summary: Deletes connector by script name description: >- Delete a custom connector that using its script name. - - A token with ORG_ADMIN authority is required to call this API. parameters: - name: scriptName in: path @@ -83,6 +81,8 @@ delete: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-config:delete ] + x-sailpoint-userLevels: + - ORG_ADMIN patch: tags: - Connectors @@ -91,7 +91,6 @@ patch: description: >- Patch a custom connector that using its script name. - A token with ORG_ADMIN authority is required to call this API. The following fields are patchable: * connectorMetadata * applicationXml @@ -139,4 +138,6 @@ patch: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-config:update ] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/connectors-correlation-config.yaml b/idn/v3/paths/connectors-correlation-config.yaml index 2371dbae..4089824c 100644 --- a/idn/v3/paths/connectors-correlation-config.yaml +++ b/idn/v3/paths/connectors-correlation-config.yaml @@ -3,9 +3,7 @@ get: - Connectors operationId: getConnectorCorrelationConfig description: >- - Fetches a connector's correlation config using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Fetches a connector's correlation config using its script name. parameters: - name: scriptName in: path @@ -37,14 +35,14 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-config:read ] + x-sailpoint-userLevels: + - ORG_ADMIN put: tags: - Connectors operationId: putCorrelationConfig description: >- - Update a connector's correlation config using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Update a connector's correlation config using its script name. parameters: - name: scriptName in: path @@ -88,4 +86,6 @@ put: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [ idn:connector-config:update ] \ No newline at end of file + - userAuth: [ idn:connector-config:update ] + x-sailpoint-userLevels: + - ORG_ADMIN \ No newline at end of file diff --git a/idn/v3/paths/connectors-source-config.yaml b/idn/v3/paths/connectors-source-config.yaml index 62c07a36..7821b2a2 100644 --- a/idn/v3/paths/connectors-source-config.yaml +++ b/idn/v3/paths/connectors-source-config.yaml @@ -3,9 +3,7 @@ get: - Connectors operationId: getConnectorSourceConfig description: >- - Fetches a connector's source config using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Fetches a connector's source config using its script name. parameters: - name: scriptName in: path @@ -37,14 +35,14 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-config:read ] + x-sailpoint-userLevels: + - ORG_ADMIN put: tags: - Connectors operationId: putSourceConfig description: >- - Update a connector's source config using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Update a connector's source config using its script name. parameters: - name: scriptName in: path @@ -88,4 +86,6 @@ put: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [ idn:connector-config:update ] \ No newline at end of file + - userAuth: [ idn:connector-config:update ] + x-sailpoint-userLevels: + - ORG_ADMIN \ No newline at end of file diff --git a/idn/v3/paths/connectors-source-template.yaml b/idn/v3/paths/connectors-source-template.yaml index 28464514..bfa07916 100644 --- a/idn/v3/paths/connectors-source-template.yaml +++ b/idn/v3/paths/connectors-source-template.yaml @@ -3,9 +3,7 @@ get: - Connectors operationId: getConnectorSourceTemplate description: >- - Fetches a connector's source template using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Fetches a connector's source template using its script name. parameters: - name: scriptName in: path @@ -37,14 +35,14 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-config:read ] + x-sailpoint-userLevels: + - ORG_ADMIN put: tags: - Connectors operationId: putSourceTemplate description: >- - Update a connector's source template using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Update a connector's source template using its script name. parameters: - name: scriptName in: path @@ -88,4 +86,6 @@ put: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [ idn:connector-config:update ] \ No newline at end of file + - userAuth: [ idn:connector-config:update ] + x-sailpoint-userLevels: + - ORG_ADMIN \ No newline at end of file diff --git a/idn/v3/paths/connectors-translations.yaml b/idn/v3/paths/connectors-translations.yaml index f04295a6..e972e84e 100644 --- a/idn/v3/paths/connectors-translations.yaml +++ b/idn/v3/paths/connectors-translations.yaml @@ -3,9 +3,7 @@ get: - Connectors operationId: getConnectorTranslations description: >- - Fetches a connector's translations using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Fetches a connector's translations using its script name. parameters: - name: scriptName in: path @@ -46,14 +44,14 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-config:read ] + x-sailpoint-userLevels: + - ORG_ADMIN put: tags: - Connectors operationId: putTranslations description: >- - Update a connector's translations using its script name. - - A token with ORG_ADMIN authority is required to call this API. + Update a connector's translations using its script name. parameters: - name: scriptName in: path @@ -99,4 +97,6 @@ put: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [ idn:connector-config:update ] \ No newline at end of file + - userAuth: [ idn:connector-config:update ] + x-sailpoint-userLevels: + - ORG_ADMIN \ No newline at end of file diff --git a/idn/v3/paths/connectors.yaml b/idn/v3/paths/connectors.yaml index 0ff41c3e..34db8422 100644 --- a/idn/v3/paths/connectors.yaml +++ b/idn/v3/paths/connectors.yaml @@ -5,8 +5,6 @@ get: summary: Gets connector list description: >- Fetches list of connectors that have 'RELEASED' status using filtering and pagination. - - A token with ORG_ADMIN authority is required to call this API. parameters: - in: query name: filters @@ -71,15 +69,15 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-source-config:read ] + x-sailpoint-userLevels: + - ORG_ADMIN post: tags: - Connectors operationId: createCustomConnector summary: Create custom connector description: >- - Create custom connector. - - A token with ORG_ADMIN authority is required to call this API. + Create custom connector. requestBody: required: true content: @@ -107,5 +105,5 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:connector-config:create ] - - + x-sailpoint-userLevels: + - ORG_ADMIN \ No newline at end of file diff --git a/idn/v3/paths/identity-certification.yaml b/idn/v3/paths/identity-certification.yaml index 47023c5e..56e8c2d3 100644 --- a/idn/v3/paths/identity-certification.yaml +++ b/idn/v3/paths/identity-certification.yaml @@ -3,9 +3,13 @@ get: tags: - Certifications summary: Identity Certification by ID + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN description: >- - This API returns a single identity campaign certification by its ID. A token with ORG_ADMIN or CERT_ADMIN authority - is required to call this API. Reviewers for this certification can also call this API. This API does not support + This API returns a single identity campaign certification by its ID. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path diff --git a/idn/v3/paths/identity-certifications-access-review-items.yaml b/idn/v3/paths/identity-certifications-access-review-items.yaml index dd6c54d9..d38978bd 100644 --- a/idn/v3/paths/identity-certifications-access-review-items.yaml +++ b/idn/v3/paths/identity-certifications-access-review-items.yaml @@ -3,9 +3,13 @@ get: tags: - Certifications summary: List of Access Review Items + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN description: >- - This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or - CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API + This API returns a list of access review items for an identity campaign certification. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path diff --git a/idn/v3/paths/identity-certifications-access-summaries.yaml b/idn/v3/paths/identity-certifications-access-summaries.yaml index ba832f76..9bd1e68b 100644 --- a/idn/v3/paths/identity-certifications-access-summaries.yaml +++ b/idn/v3/paths/identity-certifications-access-summaries.yaml @@ -4,11 +4,13 @@ get: - Certification Summaries summary: Access Summaries description: >- - This API returns a list of access summaries for the specified identity campaign certification and type. A token with - ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this + This API returns a list of access summaries for the specified identity campaign certification and type. Reviewers for this certification can also call this API. security: - - oauth2: [ idn:certification:read ] + - userAuth: [ idn:certification:read ] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/identity-certifications-decide.yaml b/idn/v3/paths/identity-certifications-decide.yaml index a4e79aa1..9394f3a1 100644 --- a/idn/v3/paths/identity-certifications-decide.yaml +++ b/idn/v3/paths/identity-certifications-decide.yaml @@ -3,9 +3,13 @@ post: tags: - Certifications summary: Decide on a Certification Item + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN description: >- - The API makes a decision to approve or revoke one or more identity campaign certification items. A token with - ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this + The API makes a decision to approve or revoke one or more identity campaign certification items. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path diff --git a/idn/v3/paths/identity-certifications-decision-summary.yaml b/idn/v3/paths/identity-certifications-decision-summary.yaml index 127f0139..d2fe6aa8 100644 --- a/idn/v3/paths/identity-certifications-decision-summary.yaml +++ b/idn/v3/paths/identity-certifications-decision-summary.yaml @@ -3,10 +3,14 @@ get: tags: - Certification Summaries summary: Summary of Certification Decisions + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN description: >- This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized - by type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this - certification can also call this API. + by type. Reviewers for this certification can also call this API. parameters: - in: path name: id diff --git a/idn/v3/paths/identity-certifications-identity-summaries.yaml b/idn/v3/paths/identity-certifications-identity-summaries.yaml index 2313df23..127d784f 100644 --- a/idn/v3/paths/identity-certifications-identity-summaries.yaml +++ b/idn/v3/paths/identity-certifications-identity-summaries.yaml @@ -3,9 +3,13 @@ get: tags: - Certification Summaries summary: Identity Summaries for Campaign Certification + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN description: >- - This API returns a list of the identity summaries for a specific identity campaign certification. A token with - ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this + This API returns a list of the identity summaries for a specific identity campaign certification. Reviewers for this certification can also call this API. parameters: - in: path diff --git a/idn/v3/paths/identity-certifications-identity-summary.yaml b/idn/v3/paths/identity-certifications-identity-summary.yaml index 1ccba74b..b22ff505 100644 --- a/idn/v3/paths/identity-certifications-identity-summary.yaml +++ b/idn/v3/paths/identity-certifications-identity-summary.yaml @@ -3,9 +3,13 @@ get: tags: - Certification Summaries summary: Summary for Identity + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN description: >- - This API returns the summary for an identity on a specified identity campaign certification. A token with ORG_ADMIN - or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + This API returns the summary for an identity on a specified identity campaign certification. Reviewers for this certification can also call this API. parameters: - in: path name: id diff --git a/idn/v3/paths/identity-certifications-item-permissions.yaml b/idn/v3/paths/identity-certifications-item-permissions.yaml index 0753a03a..a655b779 100644 --- a/idn/v3/paths/identity-certifications-item-permissions.yaml +++ b/idn/v3/paths/identity-certifications-item-permissions.yaml @@ -5,10 +5,12 @@ get: summary: Permissions for Entitlement Certification Item description: >- This API returns the permissions associated with an entitlement certification item based on the certification item's - ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification - can also call this API. + ID. Reviewers for this certification can also call this API. security: - userAuth: [ idn:certification:read ] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN parameters: - in: query name: filters diff --git a/idn/v3/paths/identity-certifications-sign-off.yaml b/idn/v3/paths/identity-certifications-sign-off.yaml index 592cbbd1..a5a2a431 100644 --- a/idn/v3/paths/identity-certifications-sign-off.yaml +++ b/idn/v3/paths/identity-certifications-sign-off.yaml @@ -3,10 +3,14 @@ post: tags: - Certifications summary: Finalize Identity Certification Decisions + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN + - CERT_ADMIN description: >- This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. - A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can - also call this API. This API does not support requests for certifications assigned to Governance Groups. + Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id diff --git a/idn/v3/paths/identity-profile-default-config.yaml b/idn/v3/paths/identity-profile-default-config.yaml index fd3c16a9..6446f61f 100644 --- a/idn/v3/paths/identity-profile-default-config.yaml +++ b/idn/v3/paths/identity-profile-default-config.yaml @@ -5,8 +5,6 @@ get: summary: Get default Identity Attribute Config description: >- This returns the default identity attribute config. - - A token with ORG_ADMIN authority is required to call this API to get the default identity attribute config. parameters: - in: path name: identity-profile-id @@ -37,3 +35,5 @@ get: $ref: '../responses/500.yaml' security: - userAuth: [idn:identity-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN \ No newline at end of file diff --git a/idn/v3/paths/identity-profile-lifecycle-state.yaml b/idn/v3/paths/identity-profile-lifecycle-state.yaml index e1142935..f0341933 100644 --- a/idn/v3/paths/identity-profile-lifecycle-state.yaml +++ b/idn/v3/paths/identity-profile-lifecycle-state.yaml @@ -5,10 +5,10 @@ get: summary: Get Lifecycle State description: >- Use this endpoint to get a lifecycle state by its ID and its associated identity profile ID. - - A token with ORG_ADMIN or API authority is required to call this API. security: - userAuth: [idn:identity-profile-lifecycle-state:read] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: identity-profile-id @@ -50,10 +50,11 @@ patch: summary: Update Lifecycle State description: >- Use this endpoint to update individual lifecycle state fields, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. - - A token with ORG_ADMIN or API authority is required to call this API. security: - userAuth: [idn:identity-profile-lifecycle-state:manage] + - applicationAuth: [idn:identity-profile-lifecycle-state:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: identity-profile-id @@ -138,10 +139,11 @@ delete: summary: Delete Lifecycle State description: >- Use this endpoint to delete the lifecycle state by its ID. - - A token with API, or ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:identity-profile-lifecycle-state:manage] + - applicationAuth: [idn:identity-profile-lifecycle-state:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: identity-profile-id diff --git a/idn/v3/paths/identity-profile-lifecycle-states.yaml b/idn/v3/paths/identity-profile-lifecycle-states.yaml index 5a5a45f6..f1c3fe2d 100644 --- a/idn/v3/paths/identity-profile-lifecycle-states.yaml +++ b/idn/v3/paths/identity-profile-lifecycle-states.yaml @@ -5,10 +5,11 @@ get: summary: Lists LifecycleStates description: >- Use this endpoint to list all lifecycle states by their associated identity profiles. - - A token with API, or ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:identity-profile-lifecycle-state:read] + - applicationAuth: [idn:identity-profile-lifecycle-state:read] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: identity-profile-id @@ -58,10 +59,11 @@ post: summary: Create Lifecycle State description: >- Use this endpoint to create a lifecycle state. - - A token with ORG_ADMIN or API authority is required to call this API. security: - userAuth: [idn:identity-profile-lifecycle-state:manage] + - applicationAuth: [idn:identity-profile-lifecycle-state:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: identity-profile-id diff --git a/idn/v3/paths/identity-profile-process-identities.yaml b/idn/v3/paths/identity-profile-process-identities.yaml index 46466fc9..dd64c00c 100644 --- a/idn/v3/paths/identity-profile-process-identities.yaml +++ b/idn/v3/paths/identity-profile-process-identities.yaml @@ -16,8 +16,6 @@ post: 2. Determines the identity's correct manager through manager correlation. 3. Updates the identity's access according to their assigned lifecycle state. 4. Updates the identity's access based on role assignment criteria. - - A token with ORG_ADMIN authority is required to call this API. externalDocs: description: 'Learn more about manually processing identities here' url: 'https://documentation.sailpoint.com/saas/help/setup/identity_processing.html' @@ -48,5 +46,7 @@ post: $ref: '../responses/500.yaml' security: - userAuth: [idn:identity-profile:refresh] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/identity-profile.yaml b/idn/v3/paths/identity-profile.yaml index bdb1a986..492c34cd 100644 --- a/idn/v3/paths/identity-profile.yaml +++ b/idn/v3/paths/identity-profile.yaml @@ -5,9 +5,6 @@ get: summary: Get single Identity Profile description: >- This returns a single Identity Profile based on ID. - - - A token with ORG_ADMIN or API authority is required to call this API. parameters: - in: path name: identity-profile-id @@ -38,7 +35,9 @@ get: $ref: '../responses/500.yaml' security: - userAuth: [idn:identity-profile:read] - + - applicationAuth: [idn:identity-profile:read] + x-sailpoint-userLevels: + - ORG_ADMIN delete: operationId: deleteIdentityProfile tags: @@ -49,10 +48,7 @@ delete: On success, this endpoint will return a reference to the bulk delete task result. - - - A token with ORG_ADMIN authority is required to call this API. - + The following rights are required to access this endpoint: idn:identity-profile:delete parameters: @@ -86,7 +82,8 @@ delete: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:identity-profile:delete] - + x-sailpoint-userLevels: + - ORG_ADMIN patch: operationId: updateIdentityProfile tags: @@ -94,11 +91,8 @@ patch: summary: Update the Identity Profile description: >- This updates the specified Identity Profile. - + - A token with ORG_ADMIN authority is required to call this API to update the Identity Profile. - - Some fields of the Schema cannot be updated. These fields are listed below: * id @@ -174,4 +168,6 @@ patch: '500': $ref: '../../v3/responses/500.yaml' security: - - userAuth: [idn:identity-profile:manage] \ No newline at end of file + - userAuth: [idn:identity-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN \ No newline at end of file diff --git a/idn/v3/paths/identity-profiles-bulk-delete.yaml b/idn/v3/paths/identity-profiles-bulk-delete.yaml index 9b1a9bad..181ccc8f 100644 --- a/idn/v3/paths/identity-profiles-bulk-delete.yaml +++ b/idn/v3/paths/identity-profiles-bulk-delete.yaml @@ -8,9 +8,6 @@ post: On success, this endpoint will return a reference to the bulk delete task result. - - - A token with ORG_ADMIN authority is required to call this API. The following rights are required to access this endpoint: idn:identity-profile:delete @@ -42,3 +39,5 @@ post: $ref: '../responses/500.yaml' security: - userAuth: [idn:identity-profile:delete] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/identity-profiles-identity-preview.yaml b/idn/v3/paths/identity-profiles-identity-preview.yaml index 1d9b475c..ddcbb9cb 100644 --- a/idn/v3/paths/identity-profiles-identity-preview.yaml +++ b/idn/v3/paths/identity-profiles-identity-preview.yaml @@ -7,8 +7,6 @@ post: Use this API to generate a non-persisted preview of the identity object after applying `IdentityAttributeConfig` sent in request body. This API only allows `accountAttribute`, `reference` and `rule` transform types in the `IdentityAttributeConfig` sent in the request body. - - A token with ORG_ADMIN authority is required to call this API to generate an identity preview. requestBody: description: Identity Preview request body. required: true @@ -36,3 +34,5 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:identity-profile:manage] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/identity-profiles.yaml b/idn/v3/paths/identity-profiles.yaml index d92bd3a2..c556c79d 100644 --- a/idn/v3/paths/identity-profiles.yaml +++ b/idn/v3/paths/identity-profiles.yaml @@ -5,8 +5,6 @@ get: summary: Identity Profiles List description: >- This returns a list of Identity Profiles based on the specified query parameters. - - A token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles. parameters: - $ref: '../parameters/limit.yaml' - $ref: '../parameters/offset.yaml' @@ -64,15 +62,14 @@ get: $ref: '../responses/500.yaml' security: - userAuth: [idn:identity-profile:read] - + - applicationAuth: [idn:identity-profile:read] + x-sailpoint-userLevels: + - ORG_ADMIN post: operationId: createIdentityProfile summary: Create an Identity Profile description: >- - This creates an Identity Profile. - - - A token with ORG_ADMIN authority is required to call this API to create an Identity Profile. + This creates an Identity Profile. tags: - Identity Profiles requestBody: @@ -100,3 +97,5 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [ idn:identity-profile:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/identity-set-lifecycle-state.yaml b/idn/v3/paths/identity-set-lifecycle-state.yaml index c2c0d121..fd0f03fe 100644 --- a/idn/v3/paths/identity-set-lifecycle-state.yaml +++ b/idn/v3/paths/identity-set-lifecycle-state.yaml @@ -5,10 +5,11 @@ post: summary: Set Lifecycle State description: >- Use this API to set/update an identity's lifecycle state to the one provided and update the corresponding identity profile. - - A token with ORG_ADMIN or API authority and the appropriate user context is required to call this API. security: - userAuth: [idn:identity-lifecycle-state:update] + - applicationAuth: [idn:identity-lifecycle-state:update] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: identity-id diff --git a/idn/v3/paths/mfa-config-delete.yaml b/idn/v3/paths/mfa-config-delete.yaml index 4050d9f0..389e0dac 100644 --- a/idn/v3/paths/mfa-config-delete.yaml +++ b/idn/v3/paths/mfa-config-delete.yaml @@ -5,10 +5,10 @@ delete: summary: Delete MFA method configuration description: >- This API removes the configuration for the specified MFA method. - - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:mfa-configuration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: method diff --git a/idn/v3/paths/mfa-config-test.yaml b/idn/v3/paths/mfa-config-test.yaml index f043cf85..5e4faac7 100644 --- a/idn/v3/paths/mfa-config-test.yaml +++ b/idn/v3/paths/mfa-config-test.yaml @@ -6,10 +6,10 @@ get: description: >- This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter. - - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:mfa-configuration:read, idn:mfa-configuration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: method diff --git a/idn/v3/paths/mfa-duo-config.yaml b/idn/v3/paths/mfa-duo-config.yaml index 8ad9ac18..b95f3960 100644 --- a/idn/v3/paths/mfa-duo-config.yaml +++ b/idn/v3/paths/mfa-duo-config.yaml @@ -5,9 +5,10 @@ get: summary: Configuration of Duo MFA method description: >- This API returns the configuration of an Duo MFA method. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:mfa-configuration:read, idn:mfa-configuration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN responses: "200": description: The configuration of an Duo MFA method. @@ -45,9 +46,10 @@ put: summary: Set Duo MFA configuration description: >- This API sets the configuration of an Duo MFA method. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:mfa-configuration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN requestBody: required: true content: diff --git a/idn/v3/paths/mfa-kba-config-answers.yaml b/idn/v3/paths/mfa-kba-config-answers.yaml index d1f3a0e3..5f15fee3 100644 --- a/idn/v3/paths/mfa-kba-config-answers.yaml +++ b/idn/v3/paths/mfa-kba-config-answers.yaml @@ -5,9 +5,7 @@ post: summary: Set MFA KBA configuration description: >- This API sets answers to challenge questions. - Any configured questions omitted from the request are removed from user KBA configuration. - - A token with USER authority is required to call this API. + Any configured questions omitted from the request are removed from user KBA configuration. requestBody: required: true content: @@ -29,6 +27,8 @@ post: ] security: - userAuth: [idn:mfa-kba:authenticate] + x-sailpoint-userLevels: + - USER responses: "200": description: The new KBA configuration for the user. diff --git a/idn/v3/paths/mfa-kba-config.yaml b/idn/v3/paths/mfa-kba-config.yaml index ef456ef8..663ce1fc 100644 --- a/idn/v3/paths/mfa-kba-config.yaml +++ b/idn/v3/paths/mfa-kba-config.yaml @@ -5,7 +5,6 @@ get: summary: Configuration of KBA MFA method description: >- This API returns the KBA configuration for MFA. - A token with USER or ORG_ADMIN authority is required to call this API. parameters: - in: query name: allLanguages @@ -20,6 +19,9 @@ get: example: allLanguages=true security: - userAuth: [idn:mfa-kba:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - USER responses: "200": description: The configuration for KBA MFA method. diff --git a/idn/v3/paths/mfa-okta-config.yaml b/idn/v3/paths/mfa-okta-config.yaml index 06969c55..dad4a5c8 100644 --- a/idn/v3/paths/mfa-okta-config.yaml +++ b/idn/v3/paths/mfa-okta-config.yaml @@ -5,9 +5,10 @@ get: summary: Configuration of Okta MFA method description: >- This API returns the configuration of an Okta MFA method. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:mfa-configuration:read, idn:mfa-configuration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN responses: "200": description: The configuration of an Okta MFA method. @@ -41,9 +42,10 @@ put: summary: Set Okta MFA configuration description: >- This API sets the configuration of an Okta MFA method. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:mfa-configuration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN requestBody: required: true content: diff --git a/idn/v3/paths/mfa-poll.yaml b/idn/v3/paths/mfa-poll.yaml index 6c9b63bc..0a15fd76 100644 --- a/idn/v3/paths/mfa-poll.yaml +++ b/idn/v3/paths/mfa-poll.yaml @@ -5,9 +5,10 @@ post: summary: Polling MFA method by VerificationPollRequest description: >- This API poll the VerificationPollRequest for the specified MFA method. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:mfa:poll] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: method diff --git a/idn/v3/paths/password-change-status.yaml b/idn/v3/paths/password-change-status.yaml index 513c6b3c..06e1fcd1 100644 --- a/idn/v3/paths/password-change-status.yaml +++ b/idn/v3/paths/password-change-status.yaml @@ -3,8 +3,13 @@ get: tags: - Password Management summary: Get Password Change Request Status + security: + - userAuth: [] + - applicationAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN description: >- - This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API. + This API returns the status of a password change request. parameters: - in: path name: id diff --git a/idn/v3/paths/password-dictionary.yaml b/idn/v3/paths/password-dictionary.yaml index f6727f3a..c35e3d46 100644 --- a/idn/v3/paths/password-dictionary.yaml +++ b/idn/v3/paths/password-dictionary.yaml @@ -5,8 +5,6 @@ get: summary: Get Password Dictionary description: >- This gets password dictionary for the organization. - - A token with ORG_ADMIN authority is required to call this API. The password dictionary file can contain lines that are: @@ -52,6 +50,8 @@ get: ``` security: - userAuth: [idn:password-dictionary-management:read] + x-sailpoint-userLevels: + - ORG_ADMIN responses: '200': description: A password dictionary response @@ -79,8 +79,6 @@ put: description: >- This updates password dictionary for the organization. - A token with ORG_ADMIN authority is required to call this API. - The password dictionary file can contain lines that are: 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing @@ -125,6 +123,8 @@ put: ``` security: - userAuth: [idn:password-dictionary:manage] + x-sailpoint-userLevels: + - ORG_ADMIN requestBody: required: true description: The password dictionary file to be uploaded. diff --git a/idn/v3/paths/password-policies.yaml b/idn/v3/paths/password-policies.yaml index 310c5f58..92246db4 100644 --- a/idn/v3/paths/password-policies.yaml +++ b/idn/v3/paths/password-policies.yaml @@ -5,9 +5,10 @@ post: summary: Create Password Policy description: >- This API creates the specified password policy. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-policy:write'] + x-sailpoint-userLevels: + - ORG_ADMIN requestBody: required: true content: diff --git a/idn/v3/paths/password-policy.yaml b/idn/v3/paths/password-policy.yaml index d125f180..988f7464 100644 --- a/idn/v3/paths/password-policy.yaml +++ b/idn/v3/paths/password-policy.yaml @@ -5,9 +5,10 @@ get: summary: Get Password Policy by ID description: >- This API returns the password policy for the specified ID. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-policy:read'] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: id @@ -74,9 +75,10 @@ put: summary: Update Password Policy by ID description: >- This API updates the specified password policy. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-policy:write'] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: id @@ -181,9 +183,10 @@ delete: summary: Delete Password Policy by ID description: >- This API deletes the specified password policy. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-policy:write'] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/password-sync-group.yaml b/idn/v3/paths/password-sync-group.yaml index 1098f91d..b0758b19 100644 --- a/idn/v3/paths/password-sync-group.yaml +++ b/idn/v3/paths/password-sync-group.yaml @@ -5,9 +5,10 @@ get: summary: Get Password Sync Group by ID description: >- This API returns the sync group for the specified ID. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-sync-group-management:read'] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: id @@ -49,9 +50,10 @@ put: summary: Update Password Sync Group by ID description: >- This API updates the specified password sync group. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-sync-group-management:write'] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: id @@ -106,9 +108,10 @@ delete: summary: Delete Password Sync Group by ID description: >- This API deletes the specified password sync group. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-sync-group-management:write'] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: id diff --git a/idn/v3/paths/password-sync-groups.yaml b/idn/v3/paths/password-sync-groups.yaml index 1d9121e2..2a57a874 100644 --- a/idn/v3/paths/password-sync-groups.yaml +++ b/idn/v3/paths/password-sync-groups.yaml @@ -5,9 +5,10 @@ get: summary: Get Password Sync Group List description: >- This API returns a list of password sync groups. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-sync-group-management:read'] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - $ref: '../parameters/limit.yaml' - $ref: '../parameters/offset.yaml' @@ -38,9 +39,10 @@ post: summary: Create Password Sync Group description: >- This API creates a password sync group based on the specifications provided. - A token with ORG_ADMIN authority is required to call this API. security: - userAuth: ['idn:password-sync-group-management:write'] + x-sailpoint-userLevels: + - ORG_ADMIN requestBody: required: true content: diff --git a/idn/v3/paths/provisioning-policies-bulk-update.yaml b/idn/v3/paths/provisioning-policies-bulk-update.yaml index 0ca2013d..c1dae3fa 100644 --- a/idn/v3/paths/provisioning-policies-bulk-update.yaml +++ b/idn/v3/paths/provisioning-policies-bulk-update.yaml @@ -5,10 +5,11 @@ post: summary: Bulk Update Provisioning Policies description: >- This end-point updates a list of provisioning policies on the specified source in IdentityNow. - - A token with API, or ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:provisioning-policy:manage] + - applicationAuth: [idn:provisioning-policy:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: sourceId diff --git a/idn/v3/paths/provisioning-policies.yaml b/idn/v3/paths/provisioning-policies.yaml index 9a440e45..b7fedad7 100644 --- a/idn/v3/paths/provisioning-policies.yaml +++ b/idn/v3/paths/provisioning-policies.yaml @@ -5,10 +5,11 @@ get: summary: Lists ProvisioningPolicies description: >- This end-point lists all the ProvisioningPolicies in IdentityNow. - - A token with API, or ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:provisioning-policy:read, idn:provisioning-policy:manage] + - applicationAuth: [idn:provisioning-policy:read, idn:provisioning-policy:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: sourceId @@ -50,10 +51,10 @@ post: Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. - - A token with ORG_ADMIN authority is required to call this API. security: - - userAuth: [idn:provisioning-policy:manage] + - userAuth: [idn:provisioning-policy:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: sourceId diff --git a/idn/v3/paths/provisioning-policy.yaml b/idn/v3/paths/provisioning-policy.yaml index 8329abf8..7e0deb34 100644 --- a/idn/v3/paths/provisioning-policy.yaml +++ b/idn/v3/paths/provisioning-policy.yaml @@ -5,10 +5,13 @@ get: summary: Get Provisioning Policy by UsageType description: >- This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow. - - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - userAuth: [idn:provisioning-policy:read, idn:provisioning-policy-source:read, idn:provisioning-policy:manage, idn:provisioning-policy-source-admin-operations:manage] + - applicationAuth: [idn:provisioning-policy:read, idn:provisioning-policy-source:read, idn:provisioning-policy:manage, idn:provisioning-policy-source-admin-operations:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN parameters: - in: path name: sourceId @@ -71,10 +74,13 @@ put: Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. - - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - userAuth: [idn:provisioning-policy:manage, idn:provisioning-policy-source-admin-operations:manage] + - applicationAuth: [idn:provisioning-policy:manage, idn:provisioning-policy-source-admin-operations:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN parameters: - in: path name: sourceId @@ -143,10 +149,13 @@ patch: Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. - - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - userAuth: [idn:provisioning-policy:update] + - applicationAuth: [idn:provisioning-policy:update] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN parameters: - in: path name: sourceId @@ -236,10 +245,11 @@ delete: summary: Delete Provisioning Policy by UsageType description: >- Deletes the provisioning policy with the specified usage on an application. - - A token with API, or ORG_ADMIN authority is required to call this API. security: - userAuth: [idn:provisioning-policy:manage] + - applicationAuth: [idn:provisioning-policy:manage] + x-sailpoint-userLevels: + - ORG_ADMIN parameters: - in: path name: sourceId diff --git a/idn/v3/paths/public-identities-config.yaml b/idn/v3/paths/public-identities-config.yaml index 5f52b590..5a12ea9c 100644 --- a/idn/v3/paths/public-identities-config.yaml +++ b/idn/v3/paths/public-identities-config.yaml @@ -4,10 +4,11 @@ get: - Public Identities Config summary: Get the Public Identities Configuration description: >- - Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to - call this API. - #security: - # - oauth2: [ORG_ADMIN] + Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN responses: '200': description: Request succeeded. @@ -31,10 +32,11 @@ put: - Public Identities Config summary: Update the Public Identities Configuration description: >- - Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to - call this API. - #security: - # - oauth2: [ORG_ADMIN] + Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN requestBody: required: true content: diff --git a/idn/v3/paths/query-password-info.yaml b/idn/v3/paths/query-password-info.yaml index 48892c80..10fee06b 100644 --- a/idn/v3/paths/query-password-info.yaml +++ b/idn/v3/paths/query-password-info.yaml @@ -3,17 +3,10 @@ post: tags: - Password Management summary: Query Password Info -# security: -# - oauth2: [API] + security: + - applicationAuth: [] description: | This API is used to query password related information. - - A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) - is required to call this API. "API authority" refers to a token that only has the "client_credentials" - grant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) - or a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) - grant type will **NOT** work on this endpoint, and a `403 Forbidden` response - will be returned. requestBody: required: true content: diff --git a/idn/v3/paths/requestable-object-list.yaml b/idn/v3/paths/requestable-object-list.yaml index 00980599..56e46131 100644 --- a/idn/v3/paths/requestable-object-list.yaml +++ b/idn/v3/paths/requestable-object-list.yaml @@ -3,12 +3,15 @@ get: tags: - Requestable Objects summary: Requestable Objects List + security: + - userAuth: [] + x-sailpoint-userLevels: + - ORG_ADMIN description: >- This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param. Any authenticated token can call this endpoint to see their requestable access items. - A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity. parameters: - in: query name: identity-id diff --git a/idn/v3/paths/role-bulk-delete.yaml b/idn/v3/paths/role-bulk-delete.yaml index 73773fef..fe5f2ca3 100644 --- a/idn/v3/paths/role-bulk-delete.yaml +++ b/idn/v3/paths/role-bulk-delete.yaml @@ -11,8 +11,7 @@ post: This endpoint can only bulk delete up to a limit of 50 roles per request. - A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this endpoint. In addition, a - token with ROLE_SUBADMIN authority can only call this endpoint if all roles included in the request are associated + A user with ROLE_SUBADMIN authority can only call this endpoint if all roles included in the request are associated with sources with management workgroups the ROLE_SUBADMIN is a member of. requestBody: required: true @@ -81,3 +80,7 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:role-unchecked:manage, idn:role-checked:manage] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN diff --git a/idn/v3/paths/role.yaml b/idn/v3/paths/role.yaml index e9b77ed7..02b2afa1 100644 --- a/idn/v3/paths/role.yaml +++ b/idn/v3/paths/role.yaml @@ -6,9 +6,7 @@ get: description: >- This API returns a Role by its ID. - - A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a - token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated + A user with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. parameters: - in: path @@ -38,6 +36,11 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + - applicationAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN patch: operationId: patchRole tags: @@ -46,10 +49,8 @@ patch: description: >- This API updates an existing role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. - The following fields are patchable: - * name * description @@ -69,10 +70,11 @@ patch: * revokeRequestConfig * segments + + * accessModelMetadata - A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a - token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated + A user with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. @@ -196,7 +198,25 @@ patch: } } ] - + + Assign a Access Model Metadata to a role: + description: This example shows how to assign a existing metadata to a role. + value: + [ + { + "op": "add", + "path": "/accessModelMetadata/attributes/0", + "value": { + "key": "iscFederalClassifications", + "values": [ + { + "value": "secret" + } + ] + } + } + ] + required: true responses: '200': @@ -217,6 +237,11 @@ patch: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:role-unchecked:manage, idn:role-checked:manage] + - applicationAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN delete: operationId: deleteRole tags: @@ -226,8 +251,7 @@ delete: This API deletes a Role by its ID. - A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a - token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated + A user with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. parameters: - in: path @@ -253,3 +277,8 @@ delete: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:role-unchecked:manage,idn:role-checked:manage] + - applicationAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN diff --git a/idn/v3/paths/roles.yaml b/idn/v3/paths/roles.yaml index 07b8c8f2..c8caa2f6 100644 --- a/idn/v3/paths/roles.yaml +++ b/idn/v3/paths/roles.yaml @@ -5,10 +5,6 @@ get: summary: List Roles description: >- This API returns a list of Roles. - - - A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to - call this API. parameters: - in: query name: for-subadmin @@ -110,6 +106,11 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + - applicationAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN post: operationId: createRole tags: @@ -118,11 +119,6 @@ post: description: >- This API creates a role. - - You must have a token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority to - call this API. - - In addition, a ROLE_SUBADMIN may not create a role including an access profile if that access profile is associated with a source the ROLE_SUBADMIN is not associated with themselves. @@ -154,3 +150,8 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:role-unchecked:manage, idn:role-checked:manage] + - applicationAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read] + x-sailpoint-userLevels: + - ORG_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN diff --git a/idn/v3/paths/searchAttributeConfig-get-patch-delete.yaml b/idn/v3/paths/searchAttributeConfig-get-patch-delete.yaml index afc601c7..849d17a6 100644 --- a/idn/v3/paths/searchAttributeConfig-get-patch-delete.yaml +++ b/idn/v3/paths/searchAttributeConfig-get-patch-delete.yaml @@ -2,13 +2,13 @@ get: operationId: getSingleSearchAttributeConfig security: - userAuth: [ idn:account-config:read ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Search Attribute Configuration summary: Get specific attribute in IdentityNow. description: >- This API accepts an extended search attribute name and retrieves the corresponding extended attribute configuration. - - A token with ORG_ADMIN authority is required to call this API. parameters: - name: name in: path @@ -45,13 +45,13 @@ delete: operationId: deleteSearchAttributeConfig security: - userAuth: [ idn:account-config:delete ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Search Attribute Configuration summary: Delete search attribute in IdentityNow. description: >- This API accepts an extended search attribute name and deletes the corresponding extended attribute configuration. - - A token with ORG_ADMIN authority is required to call this API. parameters: - name: name in: path @@ -80,6 +80,8 @@ patch: operationId: patchSearchAttributeConfig security: - userAuth: [ idn:account-config:create ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Search Attribute Configuration summary: Update search attribute in IdentityNow. @@ -87,8 +89,6 @@ patch: This API updates an existing Search Attribute Configuration. The following fields are patchable: **name**, **displayName**, **applicationAttributes** - - A token with ORG_ADMIN authority is required to call this API. parameters: - name: name in: path diff --git a/idn/v3/paths/searchAttributeConfig.yaml b/idn/v3/paths/searchAttributeConfig.yaml index ae566a03..2b609620 100644 --- a/idn/v3/paths/searchAttributeConfig.yaml +++ b/idn/v3/paths/searchAttributeConfig.yaml @@ -2,14 +2,14 @@ post: operationId: createSearchAttributeConfig security: - userAuth: [ idn:account-config:create ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Search Attribute Configuration summary: Configure/create search attributes in IdentityNow. description: >- This API accepts an attribute name, an attribute display name and a list of name/value pair associates of application IDs to attribute names. It will then validate the inputs and configure/create and attribute promotion configuration in the Link ObjectConfig. - - A token with ORG_ADMIN authority is required to call this API. requestBody: required: true content: @@ -44,13 +44,13 @@ get: operationId: getSearchAttributeConfig security: - userAuth: [ idn:account-config:read ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Search Attribute Configuration summary: Retrieve attribute list in IdentityNow. description: >- This API retrieves a list of extended search attribute/application associates currently configured in IdentityNow. - - A token with ORG_ADMIN authority is required to call this API. responses: '200': description: List of attribute configurations in IdentityNow. diff --git a/idn/v3/paths/segment.yaml b/idn/v3/paths/segment.yaml index 113f40ad..5555aa27 100644 --- a/idn/v3/paths/segment.yaml +++ b/idn/v3/paths/segment.yaml @@ -2,13 +2,14 @@ get: operationId: getSegment security: - userAuth: [ idn:segment:read, idn:segment:manage ] + - applicationAuth: [ idn:segment:read, idn:segment:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Segments summary: Get Segment by ID description: >- This API returns the segment specified by the given ID. - - A token with ORG_ADMIN or API authority is required to call this API. parameters: - in: path name: id @@ -40,15 +41,16 @@ delete: operationId: deleteSegment security: - userAuth: [ idn:segment:manage ] + - applicationAuth: [ idn:segment:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Segments summary: Delete Segment by ID description: >- This API deletes the segment specified by the given ID. - >**Note:** that segment deletion may take some time to become effective. - - A token with ORG_ADMIN or API authority is required to call this API. + >**Note:** that segment deletion may take some time to become effective. parameters: - in: path name: id @@ -76,6 +78,9 @@ patch: operationId: patchSegment security: - userAuth: [ idn:segment:manage ] + - applicationAuth: [ idn:segment:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Segments summary: Update Segment @@ -83,8 +88,6 @@ patch: Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. >**Note:** Changes to a segment may take some time to propagate to all identities. - - A token with ORG_ADMIN or API authority is required to call this API. parameters: - in: path name: id diff --git a/idn/v3/paths/segments.yaml b/idn/v3/paths/segments.yaml index 6869e96b..8d23eab2 100644 --- a/idn/v3/paths/segments.yaml +++ b/idn/v3/paths/segments.yaml @@ -2,6 +2,9 @@ post: operationId: createSegment security: - userAuth: [ idn:segment:manage ] + - applicationAuth: [ idn:segment:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Segments summary: Create Segment @@ -9,8 +12,6 @@ post: This API creates a segment. >**Note:** Segment definitions may take time to propagate to all identities. - - A token with ORG_ADMIN or API authority is required to call this API. requestBody: required: true content: @@ -38,13 +39,14 @@ get: operationId: listSegments security: - userAuth: [ idn:segment:read, idn:segment:manage ] + - applicationAuth: [ idn:segment:read, idn:segment:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Segments summary: List Segments description: >- This API returns a list of all segments. - - A token with ORG_ADMIN or API authority is required to call this API. parameters: - $ref: '../../v3/parameters/limit.yaml' - $ref: '../../v3/parameters/offset.yaml' diff --git a/idn/v3/paths/service-desk-integration-configuration.yaml b/idn/v3/paths/service-desk-integration-configuration.yaml index ab0a1683..29918738 100644 --- a/idn/v3/paths/service-desk-integration-configuration.yaml +++ b/idn/v3/paths/service-desk-integration-configuration.yaml @@ -2,7 +2,7 @@ get: tags: - Service Desk Integration summary: Get the time check configuration - description: Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: Get the time check configuration of queued SDIM tickets. operationId: getStatusCheckDetails responses: "200": @@ -25,12 +25,13 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:read,idn:service-desk-integration:read] - + x-sailpoint-userLevels: + - ORG_ADMIN put: tags: - Service Desk Integration summary: Update the time check configuration - description: Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: Update the time check configuration of queued SDIM tickets. operationId: updateStatusCheckDetails requestBody: description: the modified time check configuration @@ -60,3 +61,5 @@ put: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:manage,idn:service-desk-integration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/service-desk-integration-template.yaml b/idn/v3/paths/service-desk-integration-template.yaml index a666b6b9..5852c540 100644 --- a/idn/v3/paths/service-desk-integration-template.yaml +++ b/idn/v3/paths/service-desk-integration-template.yaml @@ -2,7 +2,7 @@ get: tags: - Service Desk Integration summary: Service Desk integration template by scriptName. - description: This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: This API endpoint returns an existing Service Desk integration template by scriptName. operationId: getServiceDeskIntegrationTemplate parameters: - name: scriptName @@ -35,3 +35,5 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:read,idn:service-desk-integration:read] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/service-desk-integration-types.yaml b/idn/v3/paths/service-desk-integration-types.yaml index d971d8b0..9959e8f5 100644 --- a/idn/v3/paths/service-desk-integration-types.yaml +++ b/idn/v3/paths/service-desk-integration-types.yaml @@ -2,7 +2,7 @@ get: tags: - Service Desk Integration summary: Service Desk Integration Types List. - description: This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: This API endpoint returns the current list of supported Service Desk integration types. operationId: getServiceDeskIntegrationTypes responses: "200": @@ -27,3 +27,5 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:read,idn:service-desk-integration:read] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/service-desk-integration.yaml b/idn/v3/paths/service-desk-integration.yaml index d42217b5..5a00132e 100644 --- a/idn/v3/paths/service-desk-integration.yaml +++ b/idn/v3/paths/service-desk-integration.yaml @@ -2,7 +2,7 @@ get: tags: - Service Desk Integration summary: Get a Service Desk integration - description: Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: Get an existing Service Desk integration by ID. operationId: getServiceDeskIntegration parameters: - name: id @@ -35,12 +35,14 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:read,idn:service-desk-integration:read] + x-sailpoint-userLevels: + - ORG_ADMIN put: tags: - Service Desk Integration summary: Update a Service Desk integration - description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body. operationId: putServiceDeskIntegration parameters: - name: id @@ -80,12 +82,14 @@ put: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:manage,idn:service-desk-integration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN delete: tags: - Service Desk Integration summary: Delete a Service Desk integration - description: Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: Delete an existing Service Desk integration by ID. operationId: deleteServiceDeskIntegration parameters: - name: id @@ -114,6 +118,8 @@ delete: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:manage,idn:service-desk-integration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN patch: operationId: patchServiceDeskIntegration @@ -183,3 +189,5 @@ patch: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:manage,idn:service-desk-integration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/service-desk-integrations.yaml b/idn/v3/paths/service-desk-integrations.yaml index cf4f0c29..4e8b8d4a 100644 --- a/idn/v3/paths/service-desk-integrations.yaml +++ b/idn/v3/paths/service-desk-integrations.yaml @@ -2,7 +2,7 @@ get: tags: - Service Desk Integration summary: List existing Service Desk Integrations - description: Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. operationId: getServiceDeskIntegrations parameters: - $ref: '../../v3/parameters/offset.yaml' @@ -70,12 +70,14 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:read,idn:service-desk-integration:read] + x-sailpoint-userLevels: + - ORG_ADMIN post: tags: - Service Desk Integration summary: Create new Service Desk integration - description: Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + description: Create a new Service Desk Integrations. operationId: createServiceDeskIntegration requestBody: description: The specifics of a new integration to create @@ -105,3 +107,5 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:service-desk-admin:manage,idn:service-desk-integration:manage] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/set-password.yaml b/idn/v3/paths/set-password.yaml index fa1928fb..ec719c8f 100644 --- a/idn/v3/paths/set-password.yaml +++ b/idn/v3/paths/set-password.yaml @@ -3,13 +3,12 @@ post: tags: - Password Management summary: Set Identity's Password + security: + - applicationAuth: [] description: | This API is used to set a password for an identity. An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow). - - A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. - "API authority" refers to a token that only has the "client_credentials" grant type. >**Note: If you want to set an identity's source account password, you must enable `PASSWORD` as one of the source's features. You can use the [PATCH Source endpoint](https://developer.sailpoint.com/docs/api/v3/update-source) to add the `PASSWORD` feature.** diff --git a/idn/v3/paths/sod-violations-check.yaml b/idn/v3/paths/sod-violations-check.yaml index 9249e81c..e7ea55fc 100644 --- a/idn/v3/paths/sod-violations-check.yaml +++ b/idn/v3/paths/sod-violations-check.yaml @@ -1,16 +1,14 @@ post: security: - userAuth: [idn:sod-violation:read] + x-sailpoint-userLevels: + - ORG_ADMIN operationId: startViolationCheck tags: - SOD Violations summary: Check SOD violations description: >- This API initiates a SOD policy verification asynchronously. - - - A token with ORG_ADMIN authority is required to call this API. - requestBody: required: true content: diff --git a/idn/v3/paths/sod-violations-predict.yaml b/idn/v3/paths/sod-violations-predict.yaml index 941f585c..f47fd8f4 100644 --- a/idn/v3/paths/sod-violations-predict.yaml +++ b/idn/v3/paths/sod-violations-predict.yaml @@ -1,6 +1,9 @@ post: security: - userAuth: [idn:sod-violation:read] + - applicationAuth: [idn:sod-violation:read] + x-sailpoint-userLevels: + - ORG_ADMIN operationId: startPredictSodViolations tags: - SOD Violations @@ -8,10 +11,6 @@ post: description: >- This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused. - - - A token with ORG_ADMIN or API authority is required to call this API. - requestBody: required: true content: diff --git a/idn/v3/paths/source-connections.yaml b/idn/v3/paths/source-connections.yaml index 25fb701e..73e82de9 100644 --- a/idn/v3/paths/source-connections.yaml +++ b/idn/v3/paths/source-connections.yaml @@ -2,13 +2,15 @@ get: operationId: getSourceConnections security: - userAuth: [ idn:sources:read ] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN tags: - Sources summary: Get Source Connections by ID description: >- Use this API to get all dependent Profiles, Attributes, Applications and Custom Transforms for a source by a specified ID in Identity Security Cloud (ISC). - - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: id diff --git a/idn/v3/paths/source-upload-connector-file.yaml b/idn/v3/paths/source-upload-connector-file.yaml index 20e0bcb2..c0e06dd1 100644 --- a/idn/v3/paths/source-upload-connector-file.yaml +++ b/idn/v3/paths/source-upload-connector-file.yaml @@ -2,6 +2,8 @@ post: operationId: importConnectorFile security: - userAuth: [ idn:sources-admin:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN tags: - Sources summary: Upload connector file to source @@ -16,8 +18,6 @@ post: description: >- This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events. - - A token with ORG_ADMIN authority is required to call this API. requestBody: required: true content: diff --git a/idn/v3/paths/source.yaml b/idn/v3/paths/source.yaml index b9c12568..415bf719 100644 --- a/idn/v3/paths/source.yaml +++ b/idn/v3/paths/source.yaml @@ -2,13 +2,15 @@ get: operationId: getSource security: - userAuth: [ idn:sources:read ] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN tags: - Sources summary: Get Source by ID description: >- Use this API to get a source by a specified ID in Identity Security Cloud (ISC). - - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: id @@ -40,6 +42,10 @@ put: operationId: putSource security: - userAuth: [ idn:sources:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN tags: - Sources summary: Update Source (Full) @@ -56,8 +62,6 @@ put: * passwordPolicies Attempts to modify these fields will result in a 400 error. - - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: id @@ -97,6 +101,10 @@ patch: operationId: updateSource security: - userAuth: [ idn:sources:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN tags: - Sources summary: Update Source (Partial) @@ -116,8 +124,6 @@ patch: * passwordPolicies Attempts to modify these fields will result in a 400 error. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API. parameters: - in: path name: id @@ -251,6 +257,10 @@ delete: operationId: deleteSource security: - userAuth: [ idn:sources:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN tags: - Sources summary: Delete Source by ID @@ -259,8 +269,6 @@ delete: The API removes all the accounts on the source first, and then it deletes the source. You can retrieve the actual task execution status with this method: GET `/task-status/{id}` - - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: id diff --git a/idn/v3/paths/sources.yaml b/idn/v3/paths/sources.yaml index 42767a7d..6b242c2d 100644 --- a/idn/v3/paths/sources.yaml +++ b/idn/v3/paths/sources.yaml @@ -2,13 +2,16 @@ get: operationId: listSources security: - userAuth: [ idn:sources:read ] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - ROLE_SUBADMIN tags: - Sources summary: Lists all sources in IdentityNow. description: >- This end-point lists all the sources in IdentityNow. - - A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API. parameters: - $ref: '../../v3/parameters/limit.yaml' - $ref: '../../v3/parameters/offset.yaml' @@ -116,14 +119,16 @@ post: operationId: createSource security: - userAuth: [ idn:sources:manage ] + x-sailpoint-userLevels: + - ORG_ADMIN + - SOURCE_ADMIN + - SOURCE_SUBADMIN tags: - Sources summary: Creates a source in IdentityNow. description: >- This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow. - - A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: query name: provisionAsCsv diff --git a/idn/v3/paths/transform.yaml b/idn/v3/paths/transform.yaml index 7af5099c..edcf998b 100644 --- a/idn/v3/paths/transform.yaml +++ b/idn/v3/paths/transform.yaml @@ -4,9 +4,6 @@ get: summary: Transform by ID description: >- This API returns the transform specified by the given ID. - - A token with transform read authority is required to call this API. - operationId: getTransform parameters: - name: id @@ -39,6 +36,8 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:transform:read, idn:transform:manage] + x-sailpoint-userLevels: + - ORG_ADMIN put: tags: - Transforms @@ -46,9 +45,6 @@ put: description: >- Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error. - - A token with transform write authority is required to call this API. - operationId: updateTransform parameters: - name: id @@ -98,6 +94,8 @@ put: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:transform:manage] + x-sailpoint-userLevels: + - ORG_ADMIN delete: tags: - Transforms @@ -106,9 +104,6 @@ delete: Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform. - - A token with transform delete authority is required to call this API. - operationId: deleteTransform parameters: - name: id @@ -137,3 +132,5 @@ delete: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:transform:manage] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/paths/transforms.yaml b/idn/v3/paths/transforms.yaml index 70614ec5..f7700991 100644 --- a/idn/v3/paths/transforms.yaml +++ b/idn/v3/paths/transforms.yaml @@ -4,9 +4,6 @@ get: summary: List transforms description: >- Gets a list of all saved transform objects. - - A token with transforms-list read authority is required to call this API. - operationId: listTransforms parameters: - $ref: '../../v3/parameters/offset.yaml' @@ -74,6 +71,8 @@ get: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:transform:read, idn:transform:manage] + x-sailpoint-userLevels: + - ORG_ADMIN post: tags: - Transforms @@ -81,9 +80,7 @@ post: description: >- Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. - Newly created Transforms can be used in the Identity Profile mappings within the UI. A token with transform write - authority is required to call this API. - + Newly created Transforms can be used in the Identity Profile mappings within the UI. operationId: createTransform requestBody: required: true @@ -118,3 +115,5 @@ post: $ref: '../../v3/responses/500.yaml' security: - userAuth: [idn:transform:manage] + x-sailpoint-userLevels: + - ORG_ADMIN diff --git a/idn/v3/schemas/access/Role.yaml b/idn/v3/schemas/access/Role.yaml index a6541e5e..bd9f4e11 100644 --- a/idn/v3/schemas/access/Role.yaml +++ b/idn/v3/schemas/access/Role.yaml @@ -82,11 +82,39 @@ properties: "29cb6c06-1da8-43ea-8be4-b3125f248f2a" ] dimensional: + description: Whether the Role is dimensional. type: boolean nullable: true + default: false dimensionRefs: + description: TBD type: string nullable: true + accessModelMetadata: + type: array + items: + $ref: '../../../beta/schemas/gov-attributes/AttributeDTOList.yaml' + example: + [ + { + "key": "iscFederalClassifications", + "name": "Federal Classifications", + "multiselect": true, + "status": "active", + "type": "governance", + "objectTypes": [ + "general" + ], + "description": "Classification used by government organizations to specify the level of confidentiality for an access item.", + "values": [ + { + "value": "secret", + "name": "Secret", + "status": "active" + } + ] + } + ] required: - name - owner \ No newline at end of file