Create Access Profile

Create a new access profile with specified entitlements and configuration

Endpoint

POST /api/private/lifecycle_management/access_profiles

Prerequisites: Before creating Access Profiles, you must have:

Created an Access Profile Type to define capabilities
Listed lifecycle management datasources to identify datasource IDs

Description

Creates a new Veza Access Profile that defines a collection of entitlements that can be granted to users. Access profiles can contain direct relationships to entities (like groups, roles, or permissions) or can inherit entities from other access profiles, depending on the profile type capabilities.

Access Profiles support versioning, allowing you to draft changes before publishing them to users. An Access Profile contains a version that will be modified after initial creation - the version allows drafts and retired versions in the future.

API Reference

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

descriptionstringOptional

stateinteger · enumOptional

profile_typestringOptional

inherit_entities_from_access_profilesstring[]Optional

List of profiles that this one inherits from

labelsstring[]Optional

access_request_policy_idstringOptional

The access request policy that is associated with the access profile

application_datasource_idstringOptional

This is only available if the profile type is doesn't allow entitlements or inherited profiles This is the datasource to use for this profile in the assign application use case, when the profile is assigned it will create a relationship to the datasource

not_allowed_for_managed_relationshipsbooleanOptional

Responses

200

application/json

default

Default error response

application/json

post

/api/private/lifecycle_management/access_profiles

POST /api/private/lifecycle_management/access_profiles HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 751

{
  "name": "text",
  "description": "text",
  "state": 1,
  "profile_type": "text",
  "entities_to_create_relationships_to": [
    {
      "entity_type": "text",
      "datasource_id": "text",
      "entity_id": "text",
      "assigned_to_entity_type": "text",
      "assigned_to_entity_id": "text",
      "grant_by": 1,
      "created_by_access_profile": true,
      "custom_properties": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      },
      "sync_identity_action": {
        "policy_id": "text",
        "name": "text"
      },
      "condition": {
        "type": 1,
        "condition_string": "text"
      }
    }
  ],
  "inherit_entities_from_access_profiles": [
    "text"
  ],
  "labels": [
    "text"
  ],
  "access_request_policy_id": "text",
  "application_datasource_id": "text",
  "application_sync_identity_action": {
    "policy_id": "text",
    "name": "text"
  },
  "not_allowed_for_managed_relationships": true,
  "custom_properties": {
    "ANY_ADDITIONAL_PROPERTY": "text"
  }
}

{
  "value": {
    "id": "text",
    "name": "text",
    "description": "text",
    "state": 1,
    "profile_type": "text",
    "current_version_number": 1,
    "draft_version_number": 1,
    "used_by_workflow": true,
    "integrations": [
      "text"
    ],
    "current_version": {
      "access_profile_id": "text",
      "version_number": 1,
      "state": 1,
      "entities_to_create_relationships_to": [
        {
          "entity_type": "text",
          "datasource_id": "text",
          "entity_id": "text",
          "assigned_to_entity_type": "text",
          "assigned_to_entity_id": "text",
          "extraction_datasource_id": "text",
          "provider_id": "text",
          "provider_external_id": "text",
          "entity_name": "text",
          "native_id": "text",
          "grant_by": 1,
          "created_by_access_profile": true,
          "custom_properties": {
            "ANY_ADDITIONAL_PROPERTY": "text"
          },
          "sync_identity_action": {
            "policy_id": "text",
            "name": "text"
          },
          "condition": {
            "type": 1,
            "condition_string": "text"
          },
          "create_entitlement_detail_id": "text",
          "created_at": "2026-02-26T15:47:03.861Z",
          "description": "text"
        }
      ],
      "inherit_entities_from_access_profiles": [
        "text"
      ],
      "members": [
        "text"
      ],
      "rbac_id": "text",
      "access_request_policy_id": "text",
      "application_datasource_id": "text",
      "application_sync_identity_action": {
        "policy_id": "text",
        "name": "text"
      },
      "created_by": "text",
      "created_at": "2026-02-26T15:47:03.861Z",
      "updated_at": "2026-02-26T15:47:03.861Z",
      "published_by": "text",
      "published_at": "2026-02-26T15:47:03.861Z"
    },
    "access_profiles_inherited": [
      "text"
    ],
    "access_profiles_inherited_by": [
      "text"
    ],
    "inherits_from_other_profiles": true,
    "inherited_by_other_profiles": true,
    "labels": [
      "text"
    ],
    "provider_ids": [
      "text"
    ],
    "provider_external_ids": [
      "text"
    ],
    "datasource_ids": [
      "text"
    ],
    "rbac_id": "text",
    "member_details": [
      {
        "access_profile_id": "text",
        "access_profile_name": "text",
        "identity_id": "text",
        "identity_name": "text",
        "created_from": 1,
        "workflow": "text"
      }
    ],
    "requestable": true,
    "require_approval_to_start": true,
    "started_at": "2026-02-26T15:47:03.861Z",
    "started_by": "text",
    "catalog_item_info": {
      "name": "text",
      "description": "text",
      "markdown_description": "text",
      "icon": "text",
      "recommended": true
    },
    "access_request_policy_id": "text",
    "created_entitlements": [
      {
        "datasource_id": "text",
        "entity_type": "text",
        "attribute_transformers": {
          "values": [
            {
              "destination_attribute": "text",
              "destination_value_formatter": "text",
              "formatter_type": 1,
              "continuous_sync": true,
              "additional_value_formatter": [
                "text"
              ],
              "pipeline_functions": "text",
              "unique_identifier": true
            }
          ]
        },
        "add_member_condition": {
          "type": 1,
          "condition_string": "text"
        },
        "created_entity_id": "text",
        "access_request_id": "text",
        "id": "text",
        "last_sync_job_id": "text"
      }
    ],
    "last_synced_at": "2026-02-26T15:47:03.861Z",
    "sync_allowed": true,
    "last_sync_job_ids": [
      "text"
    ],
    "identity_created_by": "text",
    "last_sync_error_message": "text",
    "profile_type_rbac_id": "text",
    "not_allowed_for_managed_relationships": true,
    "created_by": "text",
    "created_at": "2026-02-26T15:47:03.861Z",
    "updated_at": "2026-02-26T15:47:03.861Z",
    "custom_properties": {
      "ANY_ADDITIONAL_PROPERTY": "text"
    }
  },
  "version": {
    "access_profile_id": "text",
    "version_number": 1,
    "state": 1,
    "entities_to_create_relationships_to": [
      {
        "entity_type": "text",
        "datasource_id": "text",
        "entity_id": "text",
        "assigned_to_entity_type": "text",
        "assigned_to_entity_id": "text",
        "extraction_datasource_id": "text",
        "provider_id": "text",
        "provider_external_id": "text",
        "entity_name": "text",
        "native_id": "text",
        "grant_by": 1,
        "created_by_access_profile": true,
        "custom_properties": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "sync_identity_action": {
          "policy_id": "text",
          "name": "text"
        },
        "condition": {
          "type": 1,
          "condition_string": "text"
        },
        "create_entitlement_detail_id": "text",
        "created_at": "2026-02-26T15:47:03.861Z",
        "description": "text"
      }
    ],
    "inherit_entities_from_access_profiles": [
      "text"
    ],
    "members": [
      "text"
    ],
    "rbac_id": "text",
    "access_request_policy_id": "text",
    "application_datasource_id": "text",
    "application_sync_identity_action": {
      "policy_id": "text",
      "name": "text"
    },
    "created_by": "text",
    "created_at": "2026-02-26T15:47:03.861Z",
    "updated_at": "2026-02-26T15:47:03.861Z",
    "published_by": "text",
    "published_at": "2026-02-26T15:47:03.861Z"
  }
}

Request schema

Request body

Field

Type

Required?

Description

name

string

Required

Name of the access profile

description

string

Optional

Description of the access profile's purpose

state

string

Required

Initial state: INITIAL, RUNNING, PAUSED, DRY_RUN, PENDING

profile_type

string

Required

ID of the access profile type to use

entities_to_create_relationships_to

array

Optional

Array of entity objects to create direct relationships to

inherit_entities_from_access_profiles

array

Optional

Array of access profile IDs to inherit entities from

labels

array[string]

Optional

Opaque field for customer to add any labels

access_request_policy_id

string

Optional

The access request policy associated with the access profile

application_datasource_id

string

Optional

Datasource to use for this profile in the assign application use case

application_sync_identity_action

object

Optional

Action to use when creating an identity for this datasource

custom_properties

object

Optional

Map of custom properties for the access profile

Entity Object Schema

Field

Type

Required?

Description

entity_type

string

Required

Type of the entity (e.g., "SalesforceGroup", "ActiveDirectoryGroup")

datasource_id

string

Required

ID of the datasource containing the entity

entity_id

string

Required

Unique identifier of the entity

assigned_to_entity_type

string

Optional

Type of the entity to assign to

assigned_to_entity_id

string

Optional

ID of the entity to assign to

grant_by

string

Optional

How the grant is applied (PolicyRules.GrantBy enum)

created_by_access_profile

boolean

Optional

Whether this entity was created by the access profile

custom_properties

object

Optional

Map of custom properties for the entity

sync_identity_action

object

Optional

Action to use when creating an identity for this entity

condition

object

Optional

Condition to check if identity should be granted access

Sync Identity Action Schema

Field

Type

Required?

Description

policy_id

string

Required

ID of the policy to use for sync action

name

string

Required

Name of the sync identity action

Request Examples

Create a basic access profile with direct entity relationships:

curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "name": "Salesforce Developer",
    "state": "RUNNING",
    "profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
    "entities_to_create_relationships_to": [
      {
        "entity_type": "SalesforceGroup",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza-dev-ed:00GDp0000019laeMAA"
      },
      {
        "entity_type": "SalesforcePermissionSet",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
      },
      {
        "entity_type": "SalesforceRole",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
      }
    ]
  }'

Create a business role that inherits from other access profiles:

curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "name": "Developer",
    "state": "RUNNING",
    "profile_type": "business-role-type-id",
    "inherit_entities_from_access_profiles": [
      "software-developers-profile-id"
    ]
  }'

Create an access profile with sync identity actions:

curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "name": "Advanced Salesforce Profile",
    "state": "RUNNING",
    "profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
    "entities_to_create_relationships_to": [
      {
        "entity_type": "SalesforceGroup",
        "datasource_id": "sf-org-datasource-id",
        "entity_id": "veza-dev-ed:00GDp0000019laeMAA",
        "sync_identity_action": {
          "policy_id": "policy-12345",
          "name": "salesforce_sync_action"
        }
      }
    ],
    "labels": ["requestable", "salesforce"]
  }'

Response Examples

Complete Response Structure

{
  "value": {
    "id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
    "name": "Salesforce Developer",
    "profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
    "current_version_number": 1,
    "created_at": "2024-04-12T15:29:36.187811047Z",
    "created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
    "current_version": {
      "access_profile_id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
      "created_at": "2024-04-12T15:29:36.188843505Z",
      "created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
      "entities_to_create_relationships_to": [
        {
          "entity_type": "SalesforceGroup",
          "datasource_id": "sf-dev-org-12345",
          "entity_id": "veza-dev-ed:00GDp0000019laeMAA"
        }
      ],
      "inherit_entities_from_access_profiles": [],
      "state": "PUBLISHED",
      "updated_at": "2024-04-12T15:29:36.188843505Z",
      "version_number": 1
    },
    "description": "",
    "draft_version_number": 0,
    "inherited_by_other_profiles": false,
    "inherits_from_other_profiles": false,
    "integrations": [
      "SALESFORCE"
    ],
    "provider_ids": [
      "sf-dev-org-12345"
    ],
    "provider_external_ids": [
      "external-id-123"
    ],
    "labels": [
      "requestable",
      "salesforce"
    ],
    "state": "RUNNING",
    "updated_at": "2024-04-12T15:29:36.217957547Z",
    "used_by_workflow": false,
    "access_profiles_inherited": [],
    "access_profiles_inherited_by": []
  }
}

Simplified Response:

{
  "value": {
    "id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
    "name": "Salesforce Developer",
    "state": "RUNNING",
    "profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
    "current_version_number": 1,
    "integrations": ["SALESFORCE"],
    "provider_ids": ["sf-dev-org-12345"],
    "labels": ["requestable", "salesforce"],
    "created_at": "2024-04-12T15:29:36.187811047Z",
    "updated_at": "2024-04-12T15:29:36.217957547Z"
  }
}

PreviousList Access Profile Types NextList Access Profiles

Last updated 14 days ago

Was this helpful?

hashtagEndpoint

hashtagDescription

hashtagAPI Reference

hashtagRequest schema

hashtagRequest body

hashtagRequest Examples

hashtagResponse Examples

Endpoint

Description

API Reference

Request schema

Request body

Request Examples

Response Examples