Skip to main content

Gets a list of entitlements.​

This API returns a list of entitlements.

This API can be used in one of the two following ways: either getting entitlements for a specific account-id, or getting via use of filters (those two options are exclusive).

Any authenticated token can call this API.

Query Parameters
  • account-id string

    The account ID. If specified, returns only entitlements associated with the given Account. Cannot be specified with the filters, segmented-for-identity, for-segment-ids, or include-unsegmented param(s).

    Example: ef38f94347e94562b5bb8424a56397d8
  • segmented-for-identity string

    If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. By convention, the value me can stand in for the current user's Identity ID. Cannot be specified with the account-id or for-segment-ids param(s). It is also illegal to specify a value that refers to a different user's Identity.

    Example: me
  • for-segment-ids comma-separated

    If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. Cannot be specified with the account-id or segmented-for-identity param(s).

    Example: 041727d4-7d95-4779-b891-93cf41e98249,a378c9fa-bae5-494c-804e-a1e30f69f649
  • include-unsegmented boolean

    Default value: true

    Whether or not the response list should contain unsegmented Entitlements. If for-segment-ids and segmented-for-identity are both absent or empty, specifying include-unsegmented=false results in an error.

    Example: true
  • offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

  • limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
  • count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
  • sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, name, created, modified, type, attribute, value, source.id

    Example: name,-modified
  • filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators:

    id: eq, in

    name: eq, in, sw

    type: eq, in

    attribute: eq, in

    value: eq, in, sw

    source.id: eq, in

    requestable: eq created: gt, lt, ge, le modified: gt, lt, ge, le

    Example: attribute eq "memberOf"
Responses

List of entitlements

Schema array
  • id string

    The entitlement id

  • name string

    The entitlement name

  • created date-time

    Time when the entitlement was created

  • modified date-time

    Time when the entitlement was last modified

  • attribute string

    The entitlement attribute name

  • value string

    The value of the entitlement

  • sourceSchemaObjectType string

    The object type of the entitlement from the source schema

  • privileged boolean

    Default value: false

    True if the entitlement is privileged

  • cloudGoverned boolean

    Default value: false

    True if the entitlement is cloud governed

  • description string

    The description of the entitlement

  • requestable boolean

    Default value: false

    True if the entitlement is requestable

  • attributes object

    A map of free-form key-value pairs from the source system

  • source object
  • id string

    The source ID

  • type string

    The source type, will always be "SOURCE"

  • name string

    The source name

  • owner object

    Simplified DTO for the owner object of the entitlement

  • id string

    The owner id for the entitlement

  • name string

    The owner name for the entitlement

  • type string

    Possible values: [IDENTITY]

    The type of the owner. Initially only type IDENTITY is supported

  • directPermissions object[]
  • rights string[]

    All the rights (e.g. actions) that this permission allows on the target

  • target string

    The target the permission would grants rights on.

  • segments string[]

    List of IDs of segments, if any, to which this Entitlement is assigned.

  • manuallyUpdatedFields object

    Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.

  • DISPLAY_NAME boolean

    Default value: false

    True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > name property.

  • DESCRIPTION boolean

    Default value: false

    True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > description property.

Loading...