Create a new access profile with specified entitlements and configuration
POST /api/private/lifecycle_management/access_profilesCreates a new Veza Access Profile that defines a collection of entitlements that can be granted to users. Access profiles can contain direct relationships to entities (like groups, roles, or permissions) or can inherit entities from other access profiles, depending on the profile type capabilities.
Access Profiles support versioning, allowing you to draft changes before publishing them to users. An Access Profile contains a version that will be modified after initial creation - the version allows drafts and retired versions in the future.
Entity Object Schema
Sync Identity Action Schema
Simplified Response:
profile_type
string
Required
ID of the access profile type to use
entities_to_create_relationships_to
array
Optional
Array of entity objects to create direct relationships to
inherit_entities_from_access_profiles
array
Optional
Array of access profile IDs to inherit entities from
labels
array[string]
Optional
Opaque field for customer to add any labels
access_request_policy_id
string
Optional
The access request policy associated with the access profile
application_datasource_id
string
Optional
Datasource to use for this profile in the assign application use case
application_sync_identity_action
object
Optional
Action to use when creating an identity for this datasource
custom_properties
object
Optional
Map of custom properties for the access profile
assigned_to_entity_type
string
Optional
Type of the entity to assign to
assigned_to_entity_id
string
Optional
ID of the entity to assign to
grant_by
string
Optional
How the grant is applied (PolicyRules.GrantBy enum)
created_by_access_profile
boolean
Optional
Whether this entity was created by the access profile
custom_properties
object
Optional
Map of custom properties for the entity
sync_identity_action
object
Optional
Action to use when creating an identity for this entity
condition
object
Optional
Condition to check if identity should be granted access
Create a basic access profile with direct entity relationships:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Salesforce Developer",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
},
{
"entity_type": "SalesforcePermissionSet",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
},
{
"entity_type": "SalesforceRole",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza4-dev-ed:0PSDn000000ED4MOAW"
}
]
}'Create a business role that inherits from other access profiles:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Developer",
"state": "RUNNING",
"profile_type": "business-role-type-id",
"inherit_entities_from_access_profiles": [
"software-developers-profile-id"
]
}'Create an access profile with sync identity actions:
curl -X POST "$BASE_URL/api/private/lifecycle_management/access_profiles" \
-H "authorization: Bearer $VEZA_TOKEN" \
-H "Content-Type: application/json" \
--data-raw '{
"name": "Advanced Salesforce Profile",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-org-datasource-id",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA",
"sync_identity_action": {
"policy_id": "policy-12345",
"name": "salesforce_sync_action"
}
}
],
"labels": ["requestable", "salesforce"]
}'name
string
Required
Name of the access profile
description
string
Optional
Description of the access profile's purpose
state
string
Required
entity_type
string
Required
Type of the entity (e.g., "SalesforceGroup", "ActiveDirectoryGroup")
datasource_id
string
Required
ID of the datasource containing the entity
entity_id
string
Required
policy_id
string
Required
ID of the policy to use for sync action
name
string
Required
Name of the sync identity action
{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Salesforce Developer",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"current_version_number": 1,
"created_at": "2024-04-12T15:29:36.187811047Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"current_version": {
"access_profile_id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"created_at": "2024-04-12T15:29:36.188843505Z",
"created_by": "3cedc292-4014-45e9-b7d9-8cb1695e1454",
"entities_to_create_relationships_to": [
{
"entity_type": "SalesforceGroup",
"datasource_id": "sf-dev-org-12345",
"entity_id": "veza-dev-ed:00GDp0000019laeMAA"
}
],
"inherit_entities_from_access_profiles": [],
"state": "PUBLISHED",
"updated_at": "2024-04-12T15:29:36.188843505Z",
"version_number": 1
},
"description": "",
"draft_version_number": 0,
"inherited_by_other_profiles": false,
"inherits_from_other_profiles": false,
"integrations": [
"SALESFORCE"
],
"provider_ids": [
"sf-dev-org-12345"
],
"provider_external_ids": [
"external-id-123"
],
"labels": [
"requestable",
"salesforce"
],
"state": "RUNNING",
"updated_at": "2024-04-12T15:29:36.217957547Z",
"used_by_workflow": false,
"access_profiles_inherited": [],
"access_profiles_inherited_by": []
}
}{
"value": {
"id": "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"name": "Salesforce Developer",
"state": "RUNNING",
"profile_type": "a730b9cd-d600-4fb7-a803-8ab5b697c0b9",
"current_version_number": 1,
"integrations": ["SALESFORCE"],
"provider_ids": ["sf-dev-org-12345"],
"labels": ["requestable", "salesforce"],
"created_at": "2024-04-12T15:29:36.187811047Z",
"updated_at": "2024-04-12T15:29:36.217957547Z"
}
}Initial state: INITIAL, RUNNING, PAUSED, DRY_RUN, PENDING
Unique identifier of the entity
List of profiles that this one inherits from
The access request policy that is associated with the access profile
This is only available if the profile type is doesn't allow entitlements or inherited profiles This is the datasource to use for this profile in the assign application use case, when the profile is assigned it will create a relationship to the datasource
OK
Default error response
{
"value": {
"id": "text",
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"current_version_number": 1,
"draft_version_number": 1,
"used_by_workflow": true,
"integrations": [
"text"
],
"current_version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:34:44.205Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:34:44.205Z",
"updated_at": "2025-08-26T13:34:44.205Z",
"published_by": "text",
"published_at": "2025-08-26T13:34:44.205Z"
},
"access_profiles_inherited": [
"text"
],
"access_profiles_inherited_by": [
"text"
],
"inherits_from_other_profiles": true,
"inherited_by_other_profiles": true,
"labels": [
"text"
],
"provider_ids": [
"text"
],
"provider_external_ids": [
"text"
],
"datasource_ids": [
"text"
],
"rbac_id": "text",
"member_details": [
{
"access_profile_id": "text",
"access_profile_name": "text",
"identity_id": "text",
"identity_name": "text",
"created_from": 1,
"workflow": "text"
}
],
"requestable": true,
"require_approval_to_start": true,
"started_at": "2025-08-26T13:34:44.205Z",
"started_by": "text",
"catalog_item_info": {
"name": "text",
"description": "text",
"markdown_description": "text",
"icon": "text",
"recommended": true
},
"access_request_policy_id": "text",
"created_entitlements": [
{
"datasource_id": "text",
"entity_type": "text",
"attribute_transformers": {
"values": [
{
"destination_attribute": "text",
"destination_value_formatter": "text",
"continuous_sync": true,
"additional_value_formatter": [
"text"
],
"pipeline_functions": "text",
"unique_identifier": true
}
]
},
"add_member_condition": {
"type": 1,
"condition_string": "text"
},
"created_entity_id": "text",
"access_request_id": "text",
"id": "text",
"last_sync_job_id": "text"
}
],
"last_synced_at": "2025-08-26T13:34:44.205Z",
"sync_allowed": true,
"last_sync_job_ids": [
"text"
],
"identity_created_by": "text",
"last_sync_error_message": "text",
"profile_type_rbac_id": "text",
"created_by": "text",
"created_at": "2025-08-26T13:34:44.205Z",
"updated_at": "2025-08-26T13:34:44.205Z",
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
},
"version": {
"access_profile_id": "text",
"version_number": 1,
"state": 1,
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"extraction_datasource_id": "text",
"provider_id": "text",
"provider_external_id": "text",
"entity_name": "text",
"native_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
},
"create_entitlement_detail_id": "text",
"created_at": "2025-08-26T13:34:44.205Z"
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"members": [
"text"
],
"rbac_id": "text",
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"created_by": "text",
"created_at": "2025-08-26T13:34:44.205Z",
"updated_at": "2025-08-26T13:34:44.205Z",
"published_by": "text",
"published_at": "2025-08-26T13:34:44.205Z"
}
}POST /api/private/lifecycle_management/access_profiles HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 706
{
"name": "text",
"description": "text",
"state": 1,
"profile_type": "text",
"entities_to_create_relationships_to": [
{
"entity_type": "text",
"datasource_id": "text",
"entity_id": "text",
"assigned_to_entity_type": "text",
"assigned_to_entity_id": "text",
"grant_by": 1,
"created_by_access_profile": true,
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"condition": {
"type": 1,
"condition_string": "text"
}
}
],
"inherit_entities_from_access_profiles": [
"text"
],
"labels": [
"text"
],
"access_request_policy_id": "text",
"application_datasource_id": "text",
"application_sync_identity_action": {
"policy_id": "text",
"name": "text"
},
"custom_properties": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}