All pages
Powered by GitBook
1 of 1

Loading...

Update Access Profile Version

Update entity relationships of a specific access profile version

Endpoint

PATCH /api/private/lifecycle_management/access_profiles/{id}/versions/{version}

Description

Updates the details of a specific version of an Access Profile. This endpoint allows you to modify the entity relationships and inheritance configuration of an access profile version.

Important: An update to the entities_to_create_relationships_to and inherit_entities_from_access_profiles needs to happen in the version of the profile, not the actual profile. You will need to get the current_version_number from the access profile first.

Note that updates to relationships must be made to the version, not the profile itself. This versioning system allows you to draft changes before publishing them to users.

API Reference

Request schema

Path parameters

Path parameter
Type
Required?
Description

Request body

Field
Type
Required?
Description

Entity Object Schema

Field
Type
Required?
Description

Request Examples

Getting the Current Version: Use or Get Access Profile to retrieve the current_version_number before making updates.

Response Examples

sync_identity_action

object

Optional

Action to use when creating an identity for this entity

Update direct entity relationships:

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/3a2371b6-95ec-4d9e-b95c-d75d51daa39b/versions/1" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "entities_to_create_relationships_to": [
      {
        "entity_type": "SalesforceGroup",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza-dev-ed:00GDp0000019laeMAA"
      },
      {
        "entity_type": "SalesforcePermissionSet",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
      },
      {
        "entity_type": "SalesforceRole",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1"
      }
    ],
    "inherit_entities_from_access_profiles": []
  }'

Update access profile inheritance:

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/business-role-id/versions/2" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "entities_to_create_relationships_to": [],
    "inherit_entities_from_access_profiles": [
      "base-developer-profile-id",
      "salesforce-access-profile-id"
    ]
  }'

Update both relationships and inheritance:

curl -X PATCH "$BASE_URL/api/private/lifecycle_management/access_profiles/combined-profile-id/versions/1" \
  -H "authorization: Bearer $VEZA_TOKEN" \
  -H "Content-Type: application/json" \
  --data-raw '{
    "entities_to_create_relationships_to": [
      {
        "entity_type": "ActiveDirectoryGroup",
        "datasource_id": "ad-datasource-id",
        "entity_id": "ad-dev-group-123"
      }
    ],
    "inherit_entities_from_access_profiles": [
      "base-permissions-profile-id"
    ]
  }'

id

string

Required

Unique identifier of the access profile

version

string

Required

Version number of the access profile to update

entities_to_create_relationships_to

array

Optional

Array of entity objects to create direct relationships to

inherit_entities_from_access_profiles

array

Optional

Array of access profile IDs to inherit entities from

entity_type

string

Required

Type of the entity (e.g., "SalesforceGroup", "ActiveDirectoryGroup")

datasource_id

string

Required

ID of the lifecycle manager datasource containing the entity

entity_id

string

Required

{
  "value": {
    "id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
    "version": 1,
    "entities_to_create_relationships_to": [
      {
        "entity_type": "SalesforceGroup",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza-dev-ed:00GDp0000019laeMAA"
      },
      {
        "entity_type": "SalesforcePermissionSet",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
      },
      {
        "entity_type": "SalesforceRole",
        "datasource_id": "sf-dev-org-12345",
        "entity_id": "veza4-dev-ed:00E5g00000ACyDEEA1"
      }
    ],
    "inherit_entities_from_access_profiles": [],
    "updated_at": "2024-07-15T16:45:30.789123456Z"
  }
}
List Access Profiles

Unique identifier of the entity within the datasource

Authentication Required

This endpoint requires a valid Veza API key for authentication.

See Authentication for more about creating and managing API keys.

All requests must include the API key as a Bearer token in the Authorization header.

Example:

curl -X GET "$BASE_URL/api/preview/keys" \
  -H "authorization: Bearer $VEZA_TOKEN"
patch
Authorizations
Path parameters
value.access_profile_idstringRequired
value.version_numberstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
Responses
200

OK

application/json
default

Default error response

application/json
patch

The version of the access profile that includes how it is configured

access_profile_idstringRead-onlyOptional
version_numberinteger · int32Read-onlyOptional
stateinteger · enumOptional
inherit_entities_from_access_profilesstring[]Optional

List of profiles that this one inherits from

membersstring[]Read-onlyOptional

List of identities (via id) that are part of the access profile

rbac_idstringRead-onlyOptional
access_request_policy_idstringOptional

The access request policy that is associated with the access profile

application_datasource_idstringOptional

This is only available if the profile type is doesn't allow entitlements or inherited profiles This is the datasource to use for this profile in the assign application use case, when the profile is assigned it will create a relationship to the datasource

created_bystringRead-onlyOptional
created_atstring · date-timeRead-onlyOptional
updated_atstring · date-timeRead-onlyOptional
published_bystringRead-onlyOptional
published_atstring · date-timeRead-onlyOptional
{
  "value": {
    "access_profile_id": "text",
    "version_number": 1,
    "state": 1,
    "entities_to_create_relationships_to": [
      {
        "entity_type": "text",
        "datasource_id": "text",
        "entity_id": "text",
        "assigned_to_entity_type": "text",
        "assigned_to_entity_id": "text",
        "extraction_datasource_id": "text",
        "provider_id": "text",
        "provider_external_id": "text",
        "entity_name": "text",
        "native_id": "text",
        "grant_by": 1,
        "created_by_access_profile": true,
        "custom_properties": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "sync_identity_action": {
          "policy_id": "text",
          "name": "text"
        },
        "condition": {
          "type": 1,
          "condition_string": "text"
        },
        "create_entitlement_detail_id": "text",
        "created_at": "2025-08-26T13:03:13.921Z"
      }
    ],
    "inherit_entities_from_access_profiles": [
      "text"
    ],
    "members": [
      "text"
    ],
    "rbac_id": "text",
    "access_request_policy_id": "text",
    "application_datasource_id": "text",
    "application_sync_identity_action": {
      "policy_id": "text",
      "name": "text"
    },
    "created_by": "text",
    "created_at": "2025-08-26T13:03:13.921Z",
    "updated_at": "2025-08-26T13:03:13.921Z",
    "published_by": "text",
    "published_at": "2025-08-26T13:03:13.921Z"
  }
}
PATCH /api/private/lifecycle_management/access_profiles/{value.access_profile_id}/versions/{value.version_number} HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 576

{
  "state": 1,
  "entities_to_create_relationships_to": [
    {
      "entity_type": "text",
      "datasource_id": "text",
      "entity_id": "text",
      "assigned_to_entity_type": "text",
      "assigned_to_entity_id": "text",
      "grant_by": 1,
      "created_by_access_profile": true,
      "custom_properties": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      },
      "sync_identity_action": {
        "policy_id": "text",
        "name": "text"
      },
      "condition": {
        "type": 1,
        "condition_string": "text"
      }
    }
  ],
  "inherit_entities_from_access_profiles": [
    "text"
  ],
  "access_request_policy_id": "text",
  "application_datasource_id": "text",
  "application_sync_identity_action": {
    "policy_id": "text",
    "name": "text"
  }
}