Automated commit 'Merge pull request #1531 from sailpoint/devrel-1305

devrel-1305' by github action: 7616008725

idn/v3/paths/auth-user.yaml

@@ -4,9 +4,7 @@ get:
     - Auth User
   summary: Auth User Details
   description: >-
-    This API returns the specified user's authentication system details.
-
-    Requires security scope of:  'sp:auth-user:read'
+    Return the specified user's authentication system details.
   parameters:
     - in: path
       name: id
@@ -43,7 +41,13 @@ patch:
   tags:
     - Auth User
   summary: Auth User Update
-  description: Update an existing user in the authentication system with a PATCH request.
+  description: >-
+    Use a PATCH request to update an existing user in the authentication system.
+
+    Use this endpoint to modify these fields: 
+      * `capabilities`
+
+    A '400.1.1 Illegal update attempt' detail code indicates that you attempted to PATCH a field that is not allowed.
   security:
     - UserContextAuth: [sp:auth-user:update]
   parameters:
@@ -57,20 +61,8 @@ patch:
       example: ef38f94347e94562b5bb8424a56397d8
   requestBody:
     required: true
-    description: |
+    description: >-
       A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
-
-      PATCH can only be applied to the following fields:
-        *   "capabilities"
-
-      A list of valid capabilities can be found using the GET ams/v3/authorization/authorization-capabilities/ endpoint.
-      Capabilities can only be patched if they are administrator assignable, as indicated by the 'adminAssignable' field from the output of list authorization-capabilities.
-      Capabilities that have a legacy group ('legacyGroup' field) need to be patched using the legacyGroup name (e.g. 'ORG_ADMIN').
-      Capabilities that are adminAssignable but do not have a legacyGroup can be patched using the ams id (e.g. 'cam:new-role').
-
-      A 400.1.1 Illegal update attempt detail code indicates that you attempted to PATCH a field that is not allowed.
-
-      Requires security scope of 'sp:auth-user:update'
     content:
       application/json-patch+json:
         schema:

idn/v3/schemas/AuthUser.yaml

@@ -10,15 +10,15 @@ properties:
     example: 2c91808458ae7a4f0158b1bbf8af0628
   uid:
     type: string
-    description: Identity unique identitifier.
+    description: Identity's unique identitifier.
     example: "will.smith"
   profile:
     type: string
-    description: ID of the auth profile associated with this auth user.
+    description: ID of the auth profile associated with the auth user.
     example: 2c91808458ae7a4f0158b1bbf8af0756
   identificationNumber:
     type: string
-    description: Auth user employee number.
+    description: Auth user's employee number.
     example: "19-5588452"
   email:
     type: string
@@ -54,7 +54,7 @@ properties:
     example: will.smith
   lastPasswordChangeDate:
     type: string
-    description: the date of last password change
+    description: Date of last password change.
     example: "2021-03-08T22:37:33.901Z"
   lastLoginTimestamp:
     description: Timestamp of the last login (long type value).
@@ -67,8 +67,28 @@ properties:
     format: int64
     example: 1656327185832
   capabilities:
-    description: Array of capabilities for this auth user.
+    description: Array of the auth user's capabilities.
     type: array
     items:
       type: string
+      enum: 
+        - CERT_ADMIN
+        - CLOUD_GOV_ADMIN
+        - CLOUD_GOV_USER
+        - DASHBOARD
+        - HELPDESK
+        - ORG_ADMIN
+        - REPORT_ADMIN
+        - ROLE_ADMIN
+        - ROLE_SUBADMIN
+        - SAAS_MANAGEMENT_ADMIN
+        - SAAS_MANAGEMENT_READER
+        - SOURCE_ADMIN 
+        - SOURCE_SUBADMIN
+        - das:ui-administrator
+        - das:ui-compliance_manager
+        - das:ui-auditor
+        - das:ui-data-scope
+        - sp:aic-dashboard-read
+        - sp:aic-dashboard-write
       example: "ORG_ADMIN"