From cb4d0d354dfa017f4834ecabf3b687fe220607f5 Mon Sep 17 00:00:00 2001 From: GitHub Action Bot Date: Thu, 18 Jan 2024 18:03:54 +0000 Subject: [PATCH] Automated commit 'Merge pull request #1529 from sailpoint/devrel-1430 devrel-1430' by github action: 7574127501 --- idn/beta/schemas/ProvisioningConfig.yaml | 2 ++ .../schemas/ServiceDeskIntegrationDto.yaml | 16 +++++---- idn/sailpoint-api.v3.yaml | 20 ++++++++++- idn/v3/schemas/ProvisioningConfig.yaml | 2 ++ idn/v3/schemas/ServiceDeskIntegrationDto.yaml | 35 +++++++------------ 5 files changed, 45 insertions(+), 30 deletions(-) diff --git a/idn/beta/schemas/ProvisioningConfig.yaml b/idn/beta/schemas/ProvisioningConfig.yaml index 2dbd37a6..4bb51148 100644 --- a/idn/beta/schemas/ProvisioningConfig.yaml +++ b/idn/beta/schemas/ProvisioningConfig.yaml @@ -5,6 +5,7 @@ properties: description: Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed. type: boolean readOnly: true + default: false example: true managedResourceRefs: description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. @@ -43,6 +44,7 @@ properties: noProvisioningRequests: description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. type: boolean + default: false example: true provisioningRequestExpiration: description: When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation. diff --git a/idn/beta/schemas/ServiceDeskIntegrationDto.yaml b/idn/beta/schemas/ServiceDeskIntegrationDto.yaml index ecf7bb9c..85ef4607 100644 --- a/idn/beta/schemas/ServiceDeskIntegrationDto.yaml +++ b/idn/beta/schemas/ServiceDeskIntegrationDto.yaml @@ -1,19 +1,23 @@ allOf: - - $ref: './BaseCommonDto.yaml' - type: object - description: Specification of a Service Desk integration. + description: Service Desk integration's specification. required: + - name - description - type - attributes properties: + name: + description: Service Desk integration's name. The name must be unique. + type: string + example: Service Desk Integration Name description: - description: Description of the Service Desk integration. + description: Service Desk integration's description. type: string example: A very nice Service Desk integration type: description: | - Service Desk integration types + Service Desk integration types: - ServiceNowSDIM - ServiceNow @@ -27,7 +31,7 @@ allOf: allOf: - $ref: '../../v3/schemas/SourceClusterDto.yaml' cluster: - description: ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility). + description: Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility). type: string example: xyzzy999 deprecated: true @@ -44,7 +48,7 @@ allOf: description: The 'provisioningConfig' property specifies the configuration used to provision integrations. $ref: './ProvisioningConfig.yaml' attributes: - description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + description: Service Desk integration's attributes. Validation constraints enforced by the implementation. type: object additionalProperties: true example: { diff --git a/idn/sailpoint-api.v3.yaml b/idn/sailpoint-api.v3.yaml index 36e916f5..fae16e9d 100644 --- a/idn/sailpoint-api.v3.yaml +++ b/idn/sailpoint-api.v3.yaml @@ -736,7 +736,25 @@ tags: Refer to [Subscribe to a SOD Policy](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html#subscribe-to-an-sod-policy) for more information about SOD policy subscriptions. - name: SOD Violations - description: Operations for Predicting SOD (Separation of Duties) violations + description: | + Use this API to check for current "separation of duties" (SOD) policy violations as well as potential future SOD policy violations. + With SOD violation functionality in place, administrators can get information about current SOD policy violations and predict whether an access change will trigger new violations, which helps to prevent them from occurring at all. + + "Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data. + For example, people who record monetary transactions shouldn't be able to issue payment for those transactions. + Any changes to major system configurations should be approved by someone other than the person requesting the change. + + Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants. + These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access. + + Once a SOD policy is in place, if an identity has conflicting access items, a SOD violation will trigger. + These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy. + The other users can then better help to enforce these SOD policies. + + Administrators can use the SOD violations APIs to check a set of identities for any current SOD violations, and they can use them to check whether adding an access item would potentially trigger a SOD violation. + This second option is a good way to prevent SOD violations from triggering at all. + + Refer to [Handling Policy Violations](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html) for more information about SOD policy violations. - name: Sources description: | Use this API to implement and customize source functionality. diff --git a/idn/v3/schemas/ProvisioningConfig.yaml b/idn/v3/schemas/ProvisioningConfig.yaml index 167910a2..d8f0003b 100644 --- a/idn/v3/schemas/ProvisioningConfig.yaml +++ b/idn/v3/schemas/ProvisioningConfig.yaml @@ -5,6 +5,7 @@ properties: description: Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed. type: boolean readOnly: true + default: false example: true managedResourceRefs: description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. @@ -31,6 +32,7 @@ properties: noProvisioningRequests: description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. type: boolean + default: false example: true provisioningRequestExpiration: description: When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation. diff --git a/idn/v3/schemas/ServiceDeskIntegrationDto.yaml b/idn/v3/schemas/ServiceDeskIntegrationDto.yaml index 907f62e5..f69dbeb7 100644 --- a/idn/v3/schemas/ServiceDeskIntegrationDto.yaml +++ b/idn/v3/schemas/ServiceDeskIntegrationDto.yaml @@ -1,19 +1,23 @@ allOf: - - $ref: './BaseCommonDto.yaml' - type: object - description: Specification of a Service Desk integration + description: Service Desk integration's specification. required: + - name - description - type - attributes properties: + name: + description: Service Desk integration's name. The name must be unique. + type: string + example: Service Desk Integration Name description: - description: Description of the Service Desk integration + description: Service Desk integration's description. type: string example: A very nice Service Desk integration type: description: | - Service Desk integration types + Service Desk integration types: - ServiceNowSDIM - ServiceNow @@ -21,28 +25,13 @@ allOf: default: ServiceNowSDIM example: ServiceNowSDIM ownerRef: - type: object - description: Source for Service Desk integration template. - properties: - type: - type: string - description: DTO type of source for service desk integration template. - enum: - - SOURCE - example: SOURCE - id: - type: string - description: ID of source for service desk integration template. - example: 2c9180835d191a86015d28455b4b232a - name: - type: string - description: Human-readable name of source for service desk integration template. - example: HR Active Directory + allOf: + - $ref: '../../v3/schemas/OwnerDto.yaml' clusterRef: allOf: - $ref: '../../v3/schemas/SourceClusterDto.yaml' cluster: - description: ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility). + description: Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility). type: string example: xyzzy999 deprecated: true @@ -59,7 +48,7 @@ allOf: description: The 'provisioningConfig' property specifies the configuration used to provision integrations. $ref: './ProvisioningConfig.yaml' attributes: - description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + description: Service Desk integration's attributes. Validation constraints enforced by the implementation. type: object additionalProperties: true example: {