Automated commit 'Moved user levels from description to x-sailpoint-u…

…serLevels attribute (#1835) * Moved user levels from description to x-sailpoint-userLevels attribute * Fix double quote' by github action: 11076731321
sailpoint-oss · Sep 27, 2024 · 403bca0 · 403bca0
1 parent 26b7e37
commit 403bca0
Show file tree

Hide file tree

Showing 155 changed files with 1,911 additions and 675 deletions.
diff --git a/idn/beta/paths/access-profile-bulk-delete.yaml b/idn/beta/paths/access-profile-bulk-delete.yaml
@@ -15,10 +15,6 @@ post:
     field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is
     **true**, however, usages are reported in the **inUse** response field but all other indicated access profiles will
     be deleted.
-
-    A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this endpoint. In addition,
-    a SOURCE_SUBADMIN can only use this endpoint to delete access profiles associated with sources they're able
-    to administer.
   requestBody:
     required: true
     content:
@@ -86,3 +82,10 @@ post:
       $ref: '../../v3/responses/500.yaml'
   security:
     - userAuth: [idn:access-profile:manage]
+    - applicationAuth: [idn:access-profile:manage]
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
+    - ROLE_ADMIN
+    - ROLE_SUBADMIN
+    - SOURCE_ADMIN
+    - SOURCE_SUBADMIN
diff --git a/idn/beta/paths/access-profile-bulk-update-requestable.yaml b/idn/beta/paths/access-profile-bulk-update-requestable.yaml
@@ -13,8 +13,7 @@ post:
     >  If any of the indicated Access Profiles is not does not exists in Organization,then those Access Profiles will be added in **notFound**
     list of the response. Access Profiles marked as **notFound** will not be updated.
 
-    >  A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition,
-    a SOURCE_SUBADMIN may only use this API to update Access Profiles which are associated with Sources they are able
+    A SOURCE_SUBADMIN user may only use this API to update Access Profiles which are associated with Sources they are able
     to administer.
   requestBody:
     required: true
@@ -59,3 +58,8 @@ post:
       $ref: '../../v3/responses/500.yaml'
   security:
     - userAuth: [idn:access-profile:manage]
+    - applicationAuth: [idn:access-profile:manage]
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
+    - SOURCE_ADMIN
+    - SOURCE_SUBADMIN
diff --git a/idn/beta/paths/access-profile-entitlements.yaml b/idn/beta/paths/access-profile-entitlements.yaml
@@ -6,8 +6,7 @@ get:
     description: >-
         Use this API to get a list of an access profile's entitlements. 
 
-        A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In
-        addition, a token with SOURCE_SUBADMIN authority must have access to the source associated with the specified
+        A user with SOURCE_SUBADMIN authority must have access to the source associated with the specified
         access profile.
     parameters:
       - name: id
@@ -91,6 +90,11 @@ get:
         $ref: '../../v3/responses/500.yaml'
     security:
       - userAuth: [idn:access-profile:read, idn:access-profile:manage]
+      - applicationAuth: [idn:access-profile:read, idn:access-profile:manage]
+    x-sailpoint-userLevels:
+      - ORG_ADMIN
+      - SOURCE_ADMIN
+      - SOURCE_SUBADMIN
 
 
 
diff --git a/idn/beta/paths/access-profile.yaml b/idn/beta/paths/access-profile.yaml
@@ -5,10 +5,6 @@ get:
   summary: Get an Access Profile
   description: >-
     This API returns an Access Profile by its ID.
-
-
-    A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to
-    call this API.
   parameters:
     - in: path
       name: id
@@ -37,6 +33,13 @@ get:
       $ref: '../../v3/responses/500.yaml'
   security:
     - userAuth: [idn:access-profile:read, idn:access-profile:manage]
+    - applicationAuth: [idn:access-profile:read, idn:access-profile:manage]
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
+    - ROLE_ADMIN
+    - ROLE_SUBADMIN
+    - SOURCE_ADMIN
+    - SOURCE_SUBADMIN
 patch:
   operationId: patchAccessProfile
   tags:

diff --git a/idn/beta/paths/role.yaml b/idn/beta/paths/role.yaml
@@ -5,7 +5,6 @@ get:
   summary: Get a Role
   description: >-
     This API returns a Role by its ID.
-
     
     A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a
     token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated
@@ -37,7 +36,9 @@ get:
     '500':
       $ref: '../../v3/responses/500.yaml'
   security:
-    - userAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read]
+
+    - UserContextAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read]
+
 patch:
   operationId: patchRole
   tags:
@@ -69,7 +70,8 @@ patch:
     * revokeRequestConfig
 
     * segments
-
+    
+    * accessModelMetadata   
 
     A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a
     token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated
@@ -136,16 +138,16 @@ patch:
                   "op": "replace",
                   "path": "/membership",
                   "value": {
-                        "type": "IDENTITY_LIST",
-                        "identities": [
-                          {
-                            "id": "2c91808973fe906c0174262092014ed9"
-                          },
-                          {
-                            "id": "2c918086262092014ed94fb8a47612f3"
-                          }
-                        ]
-                    }
+                    "type": "IDENTITY_LIST",
+                    "identities": [
+                      {
+                        "id": "2c91808973fe906c0174262092014ed9"
+                      },
+                      {
+                        "id": "2c918086262092014ed94fb8a47612f3"
+                      }
+                    ]
+                  }
                 }
               ]
 
@@ -180,9 +182,9 @@ patch:
 
           Add a New Clause as the Child of an Existing Standard Expression:
             description: >-
-                This example shows how to add a child clause to an existing STANDARD criteria expression.
+              This example shows how to add a child clause to an existing STANDARD criteria expression.
             value:
-               [
+              [
                 {
                   "op": "add",
                   "path": "/membership/criteria/children/-",
@@ -196,7 +198,25 @@ patch:
                   }
                 }
               ]
-
+
+          Assign a Access Model Metadata to a role:
+            description: This example shows how to assign a existing metadata to a role.
+            value:
+              [
+                {
+                  "op": "add",
+                  "path": "/accessModelMetadata/attributes/0",
+                  "value": {
+                    "key": "iscFederalClassifications",
+                    "values": [
+                      {
+                        "value": "secret"
+                      }
+                    ]
+                  }
+                }
+              ]
+
     required: true
   responses:
     '200':
@@ -216,7 +236,9 @@ patch:
     '500':
       $ref: '../../v3/responses/500.yaml'
   security:
-    - userAuth: [idn:role-unchecked:manage,idn:role-checked:manage]
+
+    - UserContextAuth: [idn:role-unchecked:manage,idn:role-checked:manage]
+
 delete:
   operationId: deleteRole
   tags:
@@ -252,4 +274,6 @@ delete:
     '500':
       $ref: '../../v3/responses/500.yaml'
   security:
-    - userAuth: [idn:role-unchecked:manage,idn:role-checked:manage]
+
+    - UserContextAuth: [idn:role-unchecked:manage,idn:role-checked:manage]
+
diff --git a/idn/beta/paths/roles.yaml b/idn/beta/paths/roles.yaml
@@ -109,7 +109,7 @@ get:
     '500':
       $ref: '../../v3/responses/500.yaml'
   security:
-    - userAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read]
+    - UserContextAuth: [idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read]
 post:
   operationId: createRole
   tags:
@@ -153,4 +153,4 @@ post:
     '500':
       $ref: '../../v3/responses/500.yaml'
   security:
-    - userAuth: [idn:role-unchecked:manage, idn:role-checked:manage]
+    - UserContextAuth: [idn:role-unchecked:manage, idn:role-checked:manage]
diff --git a/idn/sailpoint-api.beta.yaml b/idn/sailpoint-api.beta.yaml
@@ -1889,4 +1889,4 @@ paths:
   /suggested-entitlement-description-assignments:
     $ref: "./beta/paths/suggested-entitlement-description-assignments.yaml"
   /suggested-entitlement-descriptions:
-    $ref: "./beta/paths/suggested-entitlement-descriptions.yaml"
+    $ref: "./beta/paths/suggested-entitlement-descriptions.yaml"
diff --git a/idn/sailpoint-api.v2024.yaml b/idn/sailpoint-api.v2024.yaml
@@ -2042,6 +2042,20 @@ paths:
     $ref: './v2024/paths/ears-user-apps.yaml'
   /user-apps/all:
     $ref: './v2024/paths/ears-user-apps-all.yaml'
+  /roles/{id}/access-model-metadata/{attributeKey}/values/{attributeValue}:
+    $ref: './v2024/paths/role-access-model-metadata/role-id-access-model-metadata.yaml'
+  /roles/access-model-metadata/bulk-update/ids:
+    $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-ids.yaml'
+  /roles/access-model-metadata/bulk-update/filter:
+    $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-filter.yaml'
+  /roles/access-model-metadata/bulk-update/query:
+    $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-query.yaml'
+  /roles/access-model-metadata/bulk-update/id:
+    $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-status-id.yaml'
+  /roles/access-model-metadata/bulk-update:
+    $ref: './v2024/paths/role-access-model-metadata/role-bulk-update-status.yaml'
+  /roles/filter:
+    $ref: './v2024/paths/role-access-model-metadata/role-filter.yaml'
 security:
 - userAuth:
   - "sp:scopes:all"
@@ -2188,3 +2202,13 @@ components:
       $ref: ./v3/schemas/BrandingItem.yaml
     BrandingItemCreate:
       $ref: ./v3/schemas/BrandingItemCreate.yaml
+    RoleBulkUpdateResponse:
+      $ref: "./v2024/schemas/role-metadata/RoleBulkUpdateResponse.yaml"
+    RoleListFilterDTO:
+      $ref: "./v2024/schemas/role-metadata/RoleListFilterDTO.yaml"
+    RoleMetadataBulkUpdateByFilterRequest:
+      $ref: "./v2024/schemas/role-metadata/RoleMetadataBulkUpdateByFilterRequest.yaml"
+    RoleMetadataBulkUpdateByIdRequest:
+      $ref: "./v2024/schemas/role-metadata/RoleMetadataBulkUpdateByIdRequest.yaml"
+    RoleMetadataBulkUpdateByQueryRequest:
+      $ref: "./v2024/schemas/role-metadata/RoleMetadataBulkUpdateByQueryRequest.yaml"
diff --git a/idn/v2024/paths/access-profile-bulk-update-requestable.yaml b/idn/v2024/paths/access-profile-bulk-update-requestable.yaml
@@ -10,8 +10,7 @@ post:
     \ or **false**.\n\n>  If any of the indicated Access Profiles is not does not\
     \ exists in Organization,then those Access Profiles will be added in **notFound**\
     \ list of the response. Access Profiles marked as **notFound** will not be updated.\n\
-    >  A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is\
-    \ required to call this API. In addition, a SOURCE_SUBADMIN may only use this\
+    \ A SOURCE_SUBADMIN may only use this\
     \ API to update Access Profiles which are associated with Sources they are able\
     \ to administer."
   requestBody:
@@ -50,6 +49,10 @@ post:
   security:
   - userAuth:
     - idn:access-profile:manage
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
+    - SOURCE_ADMIN
+    - SOURCE_SUBADMIN
   parameters:
   - name: X-SailPoint-Experimental
     in: header

diff --git a/idn/v2024/paths/access-request-close.yaml b/idn/v2024/paths/access-request-close.yaml
@@ -3,10 +3,13 @@ post:
   tags:
   - Access Requests
   summary: Close Access Request
+  security:
+    - userAuth: []
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
   description: 'This endpoint closes access requests that are stuck in a pending state.
     It can be used throughout a request''s lifecycle even after the approval state,
     unlike the [Cancel Access Request endpoint](https://developer.sailpoint.com/idn/api/v3/cancel-access-request/).
-    A token with ORG_ADMIN authority is required.
 
 
     To find pending access requests with the UI, navigate to Search and use this query:

diff --git a/idn/v2024/paths/account-aggregation-status.yaml b/idn/v2024/paths/account-aggregation-status.yaml
@@ -3,6 +3,12 @@ get:
   tags:
   - Account Aggregations
   summary: In-progress Account Aggregation status
+  security:
+    - userAuth: []
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
+    - SOURCE_ADMIN
+    - SOURCE_SUBADMIN
   description: 'This API returns the status of an *in-progress* account aggregation,
     along with the total number of **NEW**, **CHANGED** and **DELETED** accounts found
     since the previous aggregation, and the number of those accounts that have been
@@ -22,8 +28,6 @@ get:
     *Only available up to an hour after the aggregation completes. May respond with
     *404 Not Found* after that.*
 
-
-    A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN or DASHBOARD authority is
     required to call this API.'
   parameters:
   - in: path

diff --git a/idn/v2024/paths/attr-sync-config-source.yaml b/idn/v2024/paths/attr-sync-config-source.yaml
@@ -3,15 +3,17 @@ get:
   tags:
   - Sources
   summary: Attribute Sync Config
-  description: 'This API returns the existing attribute synchronization configuration
+  description: >-
+    This API returns the existing attribute synchronization configuration
     for a source specified by the given ID. The response contains all attributes,
     regardless of whether they enabled or not.
-
-    A token with ORG_ADMIN or HELPDESK authority is required to call this API.'
   security:
   - userAuth:
     - idn:attr-sync-source-config:read
     - idn:attr-sync-source-config:manage
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
+    - HELPDESK
   parameters:
   - in: path
     name: id
@@ -56,11 +58,12 @@ put:
     \ specified by the given ID with the configuration provided in the request body.\
     \ Only the \"enabled\" field of the values in the \"attributes\" array is mutable.\
     \ Attempting to change other attributes or add new values to the \"attributes\"\
-    \ array will result in an error.\n    \nA token with ORG_ADMIN authority is required\
-    \ to call this API."
+    \ array will result in an error.\n"
   security:
   - userAuth:
     - idn:attr-sync-source-config:manage
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
   parameters:
   - in: path
     name: id

diff --git a/idn/v2024/paths/connector-rule-validate.yaml b/idn/v2024/paths/connector-rule-validate.yaml
@@ -3,9 +3,7 @@ post:
   - Connector Rule Management
   operationId: validateConnectorRule
   summary: Validate Connector Rule
-  description: 'Returns a list of issues within the code to fix, if any.
-
-    A token with ORG_ADMIN authority is required to call this API.'
+  description: Returns a list of issues within the code to fix, if any.
   requestBody:
     required: true
     description: The code to validate
@@ -34,6 +32,8 @@ post:
   - userAuth:
     - idn:rule-management-connector:read
     - idn:rule-management-connector:manage
+  x-sailpoint-userLevels:
+    - ORG_ADMIN
   parameters:
   - name: X-SailPoint-Experimental
     in: header