HomeUse CasesConceptsConfig GuidesDeveloper GuidesAPI Reference
API Reference

Creates a new entitlement.

post
https://{tenanturl}/v1.0/entitlements

The API creates a new entitlement of type role or permission for a specific tenant. In case the entitlement is a dynamic role it cannot be associated with any application while creation.
In case of roles it is possible to add a list of children which could possibly be a set of roles as well as permissions.
The children can be added or removed via API POST /authz/v1.0/entitlements/{entitlement}/children.
Entitlements required: tenantadmin [Tenant Administrator], manageAppAccessOwner [Manage Application Entitlements], manageEntitlements [Manage Entitlements].

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests

LoadingLoading

Body Params
string
required

Unique name of the entitlement across the application.

string

Description of the entitlement.

string
enum
required

Specifies the type of the entitlement. Supported values are:
1. role - To create an application role or dynamic role.
2. permission - To create a regular entitlement. Note: the created permission is not provisioned to target application.
Allowable values

Allowed:
string
enum

[Deprecated] Specifies the subtype of the entitlement. Supported values are:
1. regular - (default) If type is specified as permission, then subtype has to be regular. If type is specified as role, then 'regular' subtype indicates an Application Role.
2. dynamic - If type is specified as role, then 'dynamic' subtype indicates a Dynamic Role.
Allowable values

Allowed:
string
required

Application code is the unique identifier of an application. If type is specified as 'permission' or 'role' with subtype as 'regular', then application identifier is necessary.

string

Category of the entitlement.

string

Unique identifier of the mapped object in the connected application.

conditionSet
array of objects

[Deprecated] Condition set to determine the users that belong to this role. Condition set is only applicable in case the entitlement type is specified as 'role' and entitlement subtype is 'dynamic'. Example for conditionSet : [{"work_locality":[{"op":"sw","vl":"J"},{"op":"ew","vl":"a"}],"department":[{"op":"eq","vl":"Security"}]}]

conditionSet
rightsValuesV2
array of objects

Fixed multiple rights values associated to child permissions

rightsValuesV2
rightsValues
array of objects

Fixed rights value associated to child permissions which are fetched during application onboarding.

rightsValues
Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

500

Your request can't be processed because an internal server error occurred.

Updated 9 months ago

Language
URL
LoadingLoading

Response
Choose an example:
application/json
text/plain

Updated 9 months ago