Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/15/2024 03:26 AM - edited 10/15/2024 04:11 AM
Hello All ,
Requesting your expertise for a design when onboarding a REST- based application
The application has two entitlement types (Profile and Role). The end user must be able to add and remove both so we will need add and remove access JSON.
Let's assume we have profiles (P1, P2, P3.....Pn) and roles (r1, r2, r3, r4, r5......rn) entitlement values.
One Profile can have multiple roles example P1 can have r1, r2 r3 and P2 has r2, r3, r4. the end use must be able to add a profile along with roles and also must be able to remove roles from a Profile thought of using the dynamic attribute for one of the entitlement types, but removal of that particular entitlement type will not be feasible. I do have any relation mapping between profile and roles. Need your suggestions to handle adding and removing access. Please let me know if you need any more information.
Below is the API call to add a profile and role command
curl --location --request PUT 'https://##########.com/v1/iam/access/request' \
--header 'Authorization: Bearer e******' \
--header 'Content-Type: application/json' \
--data-raw '[
{
"firstName": "Trpe",
"lastName": "Arbelski",
"emailId": "trpe.arbelski@###.com",
"Profile": [
{
"name": "profile-custom-srv-acc-smstool",
"ROLE": [
{
"id": "RT7890"
}
],
"id": "4bc711c6-e963-4589-908a-c4d8b8546b19"
}
],
"createIfNotExists": false
}
]'
Thanks in advance
10/15/2024 04:08 AM
Hi @Vedanth-BK
Have you considered composing these entitlements into a role?
Role 1 will have profile P1 and roles r1,r2,r3.
Role 2 will have profile p2 and roles r2,r3,r4.
Let me know if you have already considered this approach and came across any limitations.
10/15/2024 04:13 AM
hello @naveenss thanks for the response.. P1 can have n number of roles. The total number of roles will be 1000+ and there is no constant set
10/15/2024 04:13 AM
@Vedanth-BK is it possible to pass a empty role?
10/15/2024 04:14 AM
No, the API fails if the role is not passed along with Profile
10/15/2024 06:52 AM