You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Automated build 'Automated commit 'added better messaging for max entitlement restriction (#2168)
* added better messaging for max entitlement restriction
* removed redundant wording for max entitlements' by github action: 15934809929' python sdk: 15934839385
Copy file name to clipboardExpand all lines: sailpoint/beta/docs/Methods/AccessRequestsApi.md
+7-35Lines changed: 7 additions & 35 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -203,9 +203,14 @@ __GRANT_ACCESS__
203
203
* Roles, access profiles and entitlements can be requested.
204
204
* You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time.
205
205
* If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time.
206
-
* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.
207
206
* Now supports an alternate field 'requestedForWithRequestedItems' for users to specify account selections while requesting items where they have more than one account on the source.
208
-
207
+
208
+
:::caution
209
+
210
+
If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.
211
+
212
+
:::
213
+
209
214
__REVOKE_ACCESS__
210
215
* Can only be requested for a single identity at a time.
211
216
* You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.
@@ -285,39 +290,6 @@ with ApiClient(configuration) as api_client:
Copy file name to clipboardExpand all lines: sailpoint/beta/models/access_request.py
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -33,7 +33,7 @@ class AccessRequest(BaseModel):
33
33
"""# noqa: E501
34
34
requested_for: List[StrictStr] =Field(description="A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID.", alias="requestedFor")
client_metadata: Optional[Dict[str, StrictStr]] =Field(default=None, description="Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.", alias="clientMetadata")
38
38
requested_for_with_requested_items: Optional[List[RequestedForDtoRef]] =Field(default=None, description="Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity. * Can only be used when 'requestedFor' and 'requestedItems' are not separately provided * Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source * Allows the ability to request items with different remove dates * Also allows different combinations of request items and identities in the same request * Only for use in GRANT_ACCESS type requests ", alias="requestedForWithRequestedItems")
0 commit comments