From 4fde072c6eb6af243b5baa89adb5ad38be3e450d Mon Sep 17 00:00:00 2001 From: GitHub Action Bot Date: Fri, 12 Jul 2024 19:28:53 +0000 Subject: [PATCH] Automated commit 'Merge pull request #1726 from sailpoint/devrel-1525 devrel-1525' by github action: 9913127814 --- idn/beta/paths/access-profile-entitlements.yaml | 16 +++++++++------- idn/beta/paths/access-profiles.yaml | 2 +- idn/beta/paths/account.yaml | 17 +++++++++-------- .../identity-profiles-identity-preview.yaml | 8 +++++--- idn/v3/paths/access-profile-entitlements.yaml | 16 ++++++++++------ idn/v3/paths/access-profiles.yaml | 10 ++++++---- idn/v3/paths/account.yaml | 17 +++++++++-------- 7 files changed, 49 insertions(+), 37 deletions(-) diff --git a/idn/beta/paths/access-profile-entitlements.yaml b/idn/beta/paths/access-profile-entitlements.yaml index 3785ded9..c1d830b9 100644 --- a/idn/beta/paths/access-profile-entitlements.yaml +++ b/idn/beta/paths/access-profile-entitlements.yaml @@ -4,16 +4,15 @@ get: - Access Profiles summary: List Access Profile's Entitlements description: >- - This API lists the Entitlements associated with a given Access Profile + Use this API to get a list of an access profile's entitlements. - - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In - addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given - Access Profile + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In + addition, a token with SOURCE_SUBADMIN authority must have access to the source associated with the specified + access profile. parameters: - name: id in: path - description: ID of the containing Access Profile + description: ID of the access profile containing the entitlements. required: true schema: type: string @@ -54,6 +53,9 @@ get: **source.id**: *eq, in* + + + Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. example: attribute eq "memberOf" required: false - in: query @@ -70,7 +72,7 @@ get: required: false responses: '200': - description: List of Entitlements + description: List of entitlements. content: application/json: schema: diff --git a/idn/beta/paths/access-profiles.yaml b/idn/beta/paths/access-profiles.yaml index bb2d4f9f..4619e109 100644 --- a/idn/beta/paths/access-profiles.yaml +++ b/idn/beta/paths/access-profiles.yaml @@ -16,7 +16,7 @@ get: description: >- If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN identity. The value of the parameter is either an identity ID, or the special value **me**, - which is shorthand for the calling Identity's ID. + which is shorthand for the calling identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an identity that is not diff --git a/idn/beta/paths/account.yaml b/idn/beta/paths/account.yaml index 27ad8de4..42f9b8a7 100644 --- a/idn/beta/paths/account.yaml +++ b/idn/beta/paths/account.yaml @@ -42,16 +42,17 @@ patch: - Accounts summary: Update Account description: >- - This updates account details. + Use this API to update account details. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. - This endpoint supports updating an account's correlation. The identityId and manuallyCorrelated fields can be - modified for any account. The attributes fields can be modified just for flat file accounts. - To re-assign an account from one identity to another, replace the current identityId with a new value. - If the account you're assigning was provisioned by IdentityNow, it's possible IdentityNow could create a new account + This API supports updating an account's correlation. You can modify only the `identityId` and `manuallyCorrelated` fields for any flat file account. + To reassign an account from one identity to another, replace the current `identityId` with a new value. + If the account you're assigning was provisioned by Identity Security Cloud (ISC), it's possible for ISC to create a new account for the previous identity as soon as the account is moved. If the account you're assigning is authoritative, - this will cause the previous identity to become uncorrelated and could even result in its deletion. - All accounts that are reassigned will be set to manuallyCorrelated: true unless otherwise specified + this causes the previous identity to become uncorrelated and can even result in its deletion. + All accounts that are reassigned will be set to `manuallyCorrelated: true` unless you specify otherwise. + + >**Note:** The `attributes` field can only be modified for flat file accounts. security: - UserContextAuth: [idn:accounts:manage] parameters: @@ -72,7 +73,7 @@ patch: schema: type: array items: - $ref: "../schemas/JsonPatchOperation.yaml" + type: object example: Uncorrelate account: description: Remove account from Identity diff --git a/idn/beta/paths/identity-profiles-identity-preview.yaml b/idn/beta/paths/identity-profiles-identity-preview.yaml index 85519849..d3b3b3ba 100644 --- a/idn/beta/paths/identity-profiles-identity-preview.yaml +++ b/idn/beta/paths/identity-profiles-identity-preview.yaml @@ -4,9 +4,11 @@ post: - Identity Profiles summary: Generate Identity Profile Preview description: >- - This generates a non-persisted IdentityDetails object that will represent - as the preview of the identities attribute when the given policy's - attribute config is applied. + Use this API to generate a non-persisted `IdentityDetails` object that represents + a preview of the identity attributes with a specified policy's + attribute config applied. + + This API supports the `accountAttribute`, `rule`, and `reference` transform types. A token with ORG_ADMIN authority is required to call this API to generate an identity preview. requestBody: diff --git a/idn/v3/paths/access-profile-entitlements.yaml b/idn/v3/paths/access-profile-entitlements.yaml index 51665ac4..931ac521 100644 --- a/idn/v3/paths/access-profile-entitlements.yaml +++ b/idn/v3/paths/access-profile-entitlements.yaml @@ -4,16 +4,17 @@ get: - Access Profiles summary: List Access Profile's Entitlements description: >- - This API lists the Entitlements associated with a given Access Profile + Use this API to get a list of an access profile's entitlements. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In + addition, a token with SOURCE_SUBADMIN authority must have access to the source associated with the specified + access profile. - A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In - addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given - Access Profile + >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. parameters: - name: id in: path - description: ID of the containing Access Profile + description: ID of the access profile containing the entitlements. required: true schema: type: string @@ -54,6 +55,9 @@ get: **source.id**: *eq, in* + + + Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. example: attribute eq "memberOf" required: false - in: query @@ -70,7 +74,7 @@ get: required: false responses: '200': - description: List of Entitlements + description: List of entitlements. content: application/json: schema: diff --git a/idn/v3/paths/access-profiles.yaml b/idn/v3/paths/access-profiles.yaml index 63479833..bdb5c658 100644 --- a/idn/v3/paths/access-profiles.yaml +++ b/idn/v3/paths/access-profiles.yaml @@ -8,6 +8,8 @@ get: A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + + >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. parameters: - in: query name: for-subadmin @@ -15,11 +17,11 @@ get: type: string description: >- If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or - SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, - which is shorthand for the calling Identity's ID. + SOURCE_SUBADMIN identity. The value of the parameter is either an identity ID, or the special value **me**, + which is shorthand for the calling identity's ID. - A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not + A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an identity that is not a subadmin. example: 8c190e6787aa4ed9a90bd9d5344523fb required: false @@ -82,7 +84,7 @@ get: type: string format: comma-separated description: >- - If present and not empty, additionally filters access profiles to those which are assigned to the Segment(s) + If present and not empty, additionally filters access profiles to those which are assigned to the segment(s) with the specified IDs. diff --git a/idn/v3/paths/account.yaml b/idn/v3/paths/account.yaml index 3d9da148..18200266 100644 --- a/idn/v3/paths/account.yaml +++ b/idn/v3/paths/account.yaml @@ -42,16 +42,17 @@ patch: - Accounts summary: Update Account description: >- - This updates account details. + Use this API to update account details. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. - This endpoint supports updating an account's correlation. The identityId and manuallyCorrelated fields can be - modified for any account. The attributes fields can be modified just for flat file accounts. - To re-assign an account from one identity to another, replace the current identityId with a new value. - If the account you're assigning was provisioned by IdentityNow, it's possible IdentityNow could create a new account + This API supports updating an account's correlation. You can modify only the `identityId` and `manuallyCorrelated` fields for any flat file account. + To reassign an account from one identity to another, replace the current `identityId` with a new value. + If the account you're assigning was provisioned by Identity Security Cloud (ISC), it's possible for ISC to create a new account for the previous identity as soon as the account is moved. If the account you're assigning is authoritative, - this will cause the previous identity to become uncorrelated and could even result in its deletion. - All accounts that are reassigned will be set to manuallyCorrelated: true unless otherwise specified + this causes the previous identity to become uncorrelated and can even result in its deletion. + All accounts that are reassigned will be set to `manuallyCorrelated: true` unless you specify otherwise. + + >**Note:** The `attributes` field can only be modified for flat file accounts. security: - UserContextAuth: [idn:accounts:manage] parameters: @@ -72,7 +73,7 @@ patch: schema: type: array items: - $ref: "../schemas/JsonPatchOperation.yaml" + type: object examples: Uncorrelate account: description: Remove account from Identity