Update Access Profile Version

Update entity relationships of a specific access profile version

Endpoint

PATCH /api/private/lifecycle_management/access_profiles/{id}/versions/{version}

Description

Updates the details of a specific version of an Access Profile. This endpoint allows you to modify the entity relationships and inheritance configuration of an access profile version.

Important: An update to the entities_to_create_relationships_to and inherit_entities_from_access_profiles needs to happen in the version of the profile, not the actual profile. You will need to get the current_version_number from the access profile first.

Note that updates to relationships must be made to the version, not the profile itself. This versioning system allows you to draft changes before publishing them to users.

Authentication Required

This endpoint requires a valid Veza API key for authentication.

See Authentication for more about creating and managing API keys.

All requests must include the API key as a Bearer token in the Authorization header.

Example:

curl -X GET "$BASE_URL/api/preview/keys" \
  -H "authorization: Bearer $VEZA_TOKEN"

API Reference

patch

Authorizations

Path parameters

value.access_profile_idstringRequired

value.version_numberstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

The version of the access profile that includes how it is configured

access_profile_idstringRead-onlyOptional

version_numberinteger · int32Read-onlyOptional

stateinteger · enumOptional

inherit_entities_from_access_profilesstring[]Optional

List of profiles that this one inherits from

membersstring[]Read-onlyOptional

List of identities (via id) that are part of the access profile

rbac_idstringRead-onlyOptional

access_request_policy_idstringOptional

The access request policy that is associated with the access profile

application_datasource_idstringOptional

This is only available if the profile type is doesn't allow entitlements or inherited profiles This is the datasource to use for this profile in the assign application use case, when the profile is assigned it will create a relationship to the datasource

created_bystringRead-onlyOptional

created_atstring · date-timeRead-onlyOptional

updated_atstring · date-timeRead-onlyOptional

published_bystringRead-onlyOptional

published_atstring · date-timeRead-onlyOptional

Responses

200

application/json

default

Default error response

application/json

patch

PATCH /api/private/lifecycle_management/access_profiles/{value.access_profile_id}/versions/{value.version_number} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 576

{
  "state": 1,
  "entities_to_create_relationships_to": [
    {
      "entity_type": "text",
      "datasource_id": "text",
      "entity_id": "text",
      "assigned_to_entity_type": "text",
      "assigned_to_entity_id": "text",
      "grant_by": 1,
      "created_by_access_profile": true,
      "custom_properties": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      },
      "sync_identity_action": {
        "policy_id": "text",
        "name": "text"
      },
      "condition": {
        "type": 1,
        "condition_string": "text"
      }
    }
  ],
  "inherit_entities_from_access_profiles": [
    "text"
  ],
  "access_request_policy_id": "text",
  "application_datasource_id": "text",
  "application_sync_identity_action": {
    "policy_id": "text",
    "name": "text"
  }
}

{
  "value": {
    "access_profile_id": "text",
    "version_number": 1,
    "state": 1,
    "entities_to_create_relationships_to": [
      {
        "entity_type": "text",
        "datasource_id": "text",
        "entity_id": "text",
        "assigned_to_entity_type": "text",
        "assigned_to_entity_id": "text",
        "extraction_datasource_id": "text",
        "provider_id": "text",
        "provider_external_id": "text",
        "entity_name": "text",
        "native_id": "text",
        "grant_by": 1,
        "created_by_access_profile": true,
        "custom_properties": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "sync_identity_action": {
          "policy_id": "text",
          "name": "text"
        },
        "condition": {
          "type": 1,
          "condition_string": "text"
        },
        "create_entitlement_detail_id": "text",
        "created_at": "2025-08-25T15:00:15.249Z"
      }
    ],
    "inherit_entities_from_access_profiles": [
      "text"
    ],
    "members": [
      "text"
    ],
    "rbac_id": "text",
    "access_request_policy_id": "text",
    "application_datasource_id": "text",
    "application_sync_identity_action": {
      "policy_id": "text",
      "name": "text"
    },
    "created_by": "text",
    "created_at": "2025-08-25T15:00:15.249Z",
    "updated_at": "2025-08-25T15:00:15.249Z",
    "published_by": "text",
    "published_at": "2025-08-25T15:00:15.249Z"
  }
}

Request schema

Path parameters

Path parameter

Type

Required?

Description

id

string

Required

Unique identifier of the access profile

version

string

Required

Version number of the access profile to update

Request body

Field

Type

Required?

Description

entities_to_create_relationships_to

array

Optional

Array of entity objects to create direct relationships to

inherit_entities_from_access_profiles

array

Optional

Array of access profile IDs to inherit entities from

Entity Object Schema

Field

Type

Required?

Description

entity_type

string

Required

Type of the entity (e.g., "SalesforceGroup", "ActiveDirectoryGroup")

datasource_id

string

Required

ID of the lifecycle manager datasource containing the entity

entity_id

string

Required

Unique identifier of the entity within the datasource

sync_identity_action

object

Optional

Action to use when creating an identity for this entity

Request Examples

Update direct entity relationships:

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/3a2371b6-95ec-4d9e-b95c-d75d51daa39b/versions/1" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "entities_to_create_relationships_to": [
      {
        "entity_type": "SalesforceGroup",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza-dev-ed:00GDp0000019laeMAA"
      },
      {
        "entity_type": "SalesforcePermissionSet",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
      },
      {
        "entity_type": "SalesforceRole",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1"
      }
    ],
    "inherit_entities_from_access_profiles": []
  }'

Update access profile inheritance:

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/business-role-id/versions/2" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "entities_to_create_relationships_to": [],
    "inherit_entities_from_access_profiles": [
      "base-developer-profile-id",
      "salesforce-access-profile-id"
    ]
  }'

Update both relationships and inheritance:

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/combined-profile-id/versions/1" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "entities_to_create_relationships_to": [
      {
        "entity_type": "ActiveDirectoryGroup",
        "datasource_id": "ad-datasource-id",
        "entity_id": "ad-dev-group-123"
      }
    ],
    "inherit_entities_from_access_profiles": [
      "base-permissions-profile-id"
    ]
  }'

Getting the Current Version: Use List Access Profiles or Get Access Profile to retrieve the current_version_number before making updates.

Response Examples

{
  "value": {
    "id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
    "version": 1,
    "entities_to_create_relationships_to": [
      {
        "entity_type": "SalesforceGroup",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza-dev-ed:00GDp0000019laeMAA"
      },
      {
        "entity_type": "SalesforcePermissionSet",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
      },
      {
        "entity_type": "SalesforceRole",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1"
      }
    ],
    "inherit_entities_from_access_profiles": [],
    "updated_at": "2024-07-15T16:45:30.789123456Z"
  }
}

PreviousUpdate Access Profile Labels NextList Available Integrations

Last updated 2 days ago

Was this helpful?

PATCH /api/private/lifecycle_management/access_profiles/{value.access_profile_id}/versions/{value.version_number} HTTP/1.1 Host: your-tenant.cookiecloud.ai Authorization: Bearer JWT Content-Type: application/json Accept: */* Content-Length: 576 { "state": 1, "entities_to_create_relationships_to": [ { "entity_type": "text", "datasource_id": "text", "entity_id": "text", "assigned_to_entity_type": "text", "assigned_to_entity_id": "text", "grant_by": 1, "created_by_access_profile": true, "custom_properties": { "ANY_ADDITIONAL_PROPERTY": "text" }, "sync_identity_action": { "policy_id": "text", "name": "text" }, "condition": { "type": 1, "condition_string": "text" } } ], "inherit_entities_from_access_profiles": [ "text" ], "access_request_policy_id": "text", "application_datasource_id": "text", "application_sync_identity_action": { "policy_id": "text", "name": "text" } }

{ "value": { "access_profile_id": "text", "version_number": 1, "state": 1, "entities_to_create_relationships_to": [ { "entity_type": "text", "datasource_id": "text", "entity_id": "text", "assigned_to_entity_type": "text", "assigned_to_entity_id": "text", "extraction_datasource_id": "text", "provider_id": "text", "provider_external_id": "text", "entity_name": "text", "native_id": "text", "grant_by": 1, "created_by_access_profile": true, "custom_properties": { "ANY_ADDITIONAL_PROPERTY": "text" }, "sync_identity_action": { "policy_id": "text", "name": "text" }, "condition": { "type": 1, "condition_string": "text" }, "create_entitlement_detail_id": "text", "created_at": "2025-08-25T15:00:15.249Z" } ], "inherit_entities_from_access_profiles": [ "text" ], "members": [ "text" ], "rbac_id": "text", "access_request_policy_id": "text", "application_datasource_id": "text", "application_sync_identity_action": { "policy_id": "text", "name": "text" }, "created_by": "text", "created_at": "2025-08-25T15:00:15.249Z", "updated_at": "2025-08-25T15:00:15.249Z", "published_by": "text", "published_at": "2025-08-25T15:00:15.249Z" } }

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/3a2371b6-95ec-4d9e-b95c-d75d51daa39b/versions/1" \ -H "authorization: Bearer $VEZA_TOKEN" \ -H "Content-Type: application/json" \ --data-raw '{ "entities_to_create_relationships_to": [ { "entity_type": "SalesforceGroup", "datasource_id": "sf-dev-org-12345", "entity_id": "veza-dev-ed:00GDp0000019laeMAA" }, { "entity_type": "SalesforcePermissionSet", "datasource_id": "sf-dev-org-12345", "entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW" }, { "entity_type": "SalesforceRole", "datasource_id": "sf-dev-org-12345", "entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1" } ], "inherit_entities_from_access_profiles": [] }'

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/business-role-id/versions/2" \ -H "authorization: Bearer $VEZA_TOKEN" \ -H "Content-Type: application/json" \ --data-raw '{ "entities_to_create_relationships_to": [], "inherit_entities_from_access_profiles": [ "base-developer-profile-id", "salesforce-access-profile-id" ] }'

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/combined-profile-id/versions/1" \ -H "authorization: Bearer $VEZA_TOKEN" \ -H "Content-Type: application/json" \ --data-raw '{ "entities_to_create_relationships_to": [ { "entity_type": "ActiveDirectoryGroup", "datasource_id": "ad-datasource-id", "entity_id": "ad-dev-group-123" } ], "inherit_entities_from_access_profiles": [ "base-permissions-profile-id" ] }'

{ "value": { "id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b", "version": 1, "entities_to_create_relationships_to": [ { "entity_type": "SalesforceGroup", "datasource_id": "sf-dev-org-12345", "entity_id": "veza-dev-ed:00GDp0000019laeMAA" }, { "entity_type": "SalesforcePermissionSet", "datasource_id": "sf-dev-org-12345", "entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW" }, { "entity_type": "SalesforceRole", "datasource_id": "sf-dev-org-12345", "entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1" } ], "inherit_entities_from_access_profiles": [], "updated_at": "2024-07-15T16:45:30.789123456Z" } }