From 60dbcf56f57678d5732ed63b93ce0407f1d5839b Mon Sep 17 00:00:00 2001 From: GitHub Action Bot Date: Mon, 22 Jan 2024 18:57:27 +0000 Subject: [PATCH] Automated commit 'Merge pull request #1531 from sailpoint/devrel-1305 devrel-1305' by github action: 7616008725 --- idn/v3/paths/auth-user.yaml | 26 +++++++++----------------- idn/v3/schemas/AuthUser.yaml | 30 +++++++++++++++++++++++++----- 2 files changed, 34 insertions(+), 22 deletions(-) diff --git a/idn/v3/paths/auth-user.yaml b/idn/v3/paths/auth-user.yaml index 54f8bdc7..4e5ceb66 100644 --- a/idn/v3/paths/auth-user.yaml +++ b/idn/v3/paths/auth-user.yaml @@ -4,9 +4,7 @@ get: - Auth User summary: Auth User Details description: >- - This API returns the specified user's authentication system details. - - Requires security scope of: 'sp:auth-user:read' + Return the specified user's authentication system details. parameters: - in: path name: id @@ -43,7 +41,13 @@ patch: tags: - Auth User summary: Auth User Update - description: Update an existing user in the authentication system with a PATCH request. + description: >- + Use a PATCH request to update an existing user in the authentication system. + + Use this endpoint to modify these fields: + * `capabilities` + + A '400.1.1 Illegal update attempt' detail code indicates that you attempted to PATCH a field that is not allowed. security: - UserContextAuth: [sp:auth-user:update] parameters: @@ -57,20 +61,8 @@ patch: example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true - description: | + description: >- A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. - - PATCH can only be applied to the following fields: - * "capabilities" - - A list of valid capabilities can be found using the GET ams/v3/authorization/authorization-capabilities/ endpoint. - Capabilities can only be patched if they are administrator assignable, as indicated by the 'adminAssignable' field from the output of list authorization-capabilities. - Capabilities that have a legacy group ('legacyGroup' field) need to be patched using the legacyGroup name (e.g. 'ORG_ADMIN'). - Capabilities that are adminAssignable but do not have a legacyGroup can be patched using the ams id (e.g. 'cam:new-role'). - - A 400.1.1 Illegal update attempt detail code indicates that you attempted to PATCH a field that is not allowed. - - Requires security scope of 'sp:auth-user:update' content: application/json-patch+json: schema: diff --git a/idn/v3/schemas/AuthUser.yaml b/idn/v3/schemas/AuthUser.yaml index b2765465..3fd922dc 100644 --- a/idn/v3/schemas/AuthUser.yaml +++ b/idn/v3/schemas/AuthUser.yaml @@ -10,15 +10,15 @@ properties: example: 2c91808458ae7a4f0158b1bbf8af0628 uid: type: string - description: Identity unique identitifier. + description: Identity's unique identitifier. example: "will.smith" profile: type: string - description: ID of the auth profile associated with this auth user. + description: ID of the auth profile associated with the auth user. example: 2c91808458ae7a4f0158b1bbf8af0756 identificationNumber: type: string - description: Auth user employee number. + description: Auth user's employee number. example: "19-5588452" email: type: string @@ -54,7 +54,7 @@ properties: example: will.smith lastPasswordChangeDate: type: string - description: the date of last password change + description: Date of last password change. example: "2021-03-08T22:37:33.901Z" lastLoginTimestamp: description: Timestamp of the last login (long type value). @@ -67,8 +67,28 @@ properties: format: int64 example: 1656327185832 capabilities: - description: Array of capabilities for this auth user. + description: Array of the auth user's capabilities. type: array items: type: string + enum: + - CERT_ADMIN + - CLOUD_GOV_ADMIN + - CLOUD_GOV_USER + - DASHBOARD + - HELPDESK + - ORG_ADMIN + - REPORT_ADMIN + - ROLE_ADMIN + - ROLE_SUBADMIN + - SAAS_MANAGEMENT_ADMIN + - SAAS_MANAGEMENT_READER + - SOURCE_ADMIN + - SOURCE_SUBADMIN + - das:ui-administrator + - das:ui-compliance_manager + - das:ui-auditor + - das:ui-data-scope + - sp:aic-dashboard-read + - sp:aic-dashboard-write example: "ORG_ADMIN"