Create a new access profile type that defines capabilities and configuration options
POST /api/private/lifecycle_management/access_profiles_typesCreates a new access profile type, which defines how access profiles of this type can be configured and used within your organization. Access profile types determine capabilities such as whether profiles can inherit entities from other profiles or create direct relationships to entities.
Common access profile types include:
Profile - Basic access profiles for direct entity relationships
Business Role - Higher-level profiles that can inherit from other profiles
Standard Response:
allow_inherited_from_types
array[string]
Optional
List of access profile type IDs that profiles of this type can inherit from
allow_create_relationships
boolean
Optional
Whether profiles of this type can create direct relationships to entities
require_single_datasource
boolean
Optional
Whether profiles of this type must contain entities from only one datasource
require_single_integration
boolean
Optional
Whether profiles can only have access from a single integration (e.g., SNOWFLAKE)
add_integration_prefix_to_access_profile_names
boolean
Optional
Add integration prefix to profile names when require_single_integration is true
max_entitlements
integer
Optional
Maximum number of entitlements that can be added to profiles of this type
create_entitlement_based_on_profile
boolean
Optional
Create new entitlements if not found (only available if require_single_integration is true)
create_entitlements
array[object]
Optional
Entitlements to create based on attribute transformers when creating a profile
no_entitlements
boolean
Optional
If true, will not create any entitlements when creating a profile
on_create_behavior
string
Optional
Determines the state of the profile when created
instructions
string
Optional
Instructions for users when creating a profile of this type (markdown format)
time_before_sync_check_in_seconds
integer
Optional
How often to sync the profile (in seconds) with the target. Only allowed if create_entitlement_based_on_profile is true
access_request_policy_id
string
Optional
The access request policy associated with the access profile when creating a profile of this type
allow_overwrite_of_access_request_policy
boolean
Optional
Whether the access request policy can be overwritten when creating a profile
name_transformer
object
Optional
Name transformer rules for this profile type
remove_entitlement_on_member_upon_update
boolean
Optional
Remove deleted entitlements from members when access profile version is updated
time_before_sync_check_in_seconds
Defines sync frequency with target systems to ensure member lists stay current. Set to 0 to disable syncing.
Inheritance Rules
allow_inherited_from_types
Restricts which other access profile types can be inherited from. An empty array allows inheritance from any type.
allow_overwrite_of_access_request_policy
When false, the access request policy cannot be changed when creating individual profiles.
Create a basic access profile type for direct entity relationships:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Profile",
"description": "Basic Access Profile",
"allow_inherit_entities": false,
"allow_create_relationships": true,
"require_single_datasource": false
}'Create a business role type that can inherit from other profiles:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Business Role",
"description": "Access profile type for business roles that can inherit from other profiles",
"allow_inherit_entities": true,
"allow_create_relationships": false,
"require_single_datasource": false,
"max_entitlements": 50,
"instructions": "This business role allows users to inherit permissions from multiple technical profiles. Use this for high-level organizational roles."
}'Create an advanced profile type with detailed configuration:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles_types" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Application-Specific Access",
"description": "Profile type for application-specific access with sync capabilities",
"allow_inherit_entities": false,
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"create_entitlement_based_on_profile": true,
"time_before_sync_check_in_seconds": 3600,
"max_entitlements": 25,
"instructions": "Use this type for application-specific profiles that require regular synchronization with target systems."
}'name
string
Required
Name of the access profile type
description
string
Optional
Description of the access profile type purpose
allow_inherit_entities
boolean
Optional
Integration and Entitlement Management
require_single_integration
When true, profiles of this type can only contain entities from a single integration (e.g., SNOWFLAKE, ACTIVE_DIRECTORY, etc.).
create_entitlement_based_on_profile
Automatically creates new entitlements if they don't exist, based on attribute transformers. Only available when require_single_integration is true.
no_entitlements
When true, creating profiles of this type will only create the application connection without any specific entitlements.
Profile Behavior Configuration
on_create_behavior
Controls the initial state when profiles of this type are created (AccessProfile.OnCreateBehavior enum).
{
"value": {
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 0,
"require_single_datasource": false,
"created_at": "2024-07-15T16:10:30.123456789Z",
"updated_at": "2024-07-15T16:10:30.123456789Z"
}
}{
"value": {
"id": "13ddf132-0868-4330-a0a3-41b088f6a4dc",
"allow_create_relationships": false,
"allow_inherit_entities": true,
"allow_inherited_from_types": [],
"description": "Access profile type for business roles that can inherit from other profiles",
"integrations": [],
"name": "Business Role",
"profiles_count": 0,
"require_single_datasource": false,
"require_single_integration": false,
"max_entitlements": 50,
"create_entitlement_based_on_profile": false,
"create_entitlements": [],
"no_entitlements": false,
"on_create_behavior": "INITIAL",
"instructions": "This business role allows users to inherit permissions from multiple technical profiles. Use this for high-level organizational roles.",
"time_before_sync_check_in_seconds": 0,
"access_request_policy_id": null,
"allow_overwrite_of_access_request_policy": true,
"name_transformer": null,
"remove_entitlement_on_member_upon_update": false,
"created_at": "2024-07-15T16:10:30.123456789Z",
"updated_at": "2024-07-15T16:10:30.123456789Z"
}
}Whether profiles of this type can inherit entities from other access profiles
OK
Default error response
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"allow_inherit_entities": true,
"allow_inherited_from_types": [
"text"
],
"profiles_count": 1,
"integrations": [
"text"
],
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"add_integration_prefix_to_access_profile_names": true,
"rbac_id": "text",
"max_entitlements": 1,
"create_entitlement_based_on_profile": true,
"create_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"no_entitlements": true,
"enabled": true,
"on_create_behavior": 1,
"instructions": "text",
"time_before_sync_check_in_seconds": "text",
"access_request_policy_id": "text",
"allow_overwrite_of_access_request_policy": true,
"name_transformer": {
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
},
"remove_entitlement_on_member_upon_update": true
}
}POST /api/private/lifecycle_management/access_profiles_types HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 1119
{
"name": "text",
"description": "text",
"allow_inherit_entities": true,
"allow_inherited_from_types": [
"text"
],
"allow_create_relationships": true,
"require_single_datasource": true,
"require_single_integration": true,
"add_integration_prefix_to_access_profile_names": true,
"max_entitlements": 1,
"create_entitlement_based_on_profile": true,
"create_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
}
}
],
"no_entitlements": true,
"on_create_behavior": 1,
"instructions": "text",
"time_before_sync_check_in_seconds": "text",
"access_request_policy_id": "text",
"allow_overwrite_of_access_request_policy": true,
"name_transformer": {
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
},
"remove_entitlement_on_member_upon_update": true
}