sailpoint-api-client 1.6.4 → 1.6.6

package/v3/api.ts

@@ -189,7 +189,7 @@ export interface AccessCriteria {
  */
 export interface AccessCriteriaCriteriaListInner {
     /**
-     * Type of the propery to which this reference applies to
+     * Type of the property to which this reference applies to
      * @type {string}
      * @memberof AccessCriteriaCriteriaListInner
      */
@@ -214,6 +214,51 @@ export const AccessCriteriaCriteriaListInnerTypeV3 = {
 
 export type AccessCriteriaCriteriaListInnerTypeV3 = typeof AccessCriteriaCriteriaListInnerTypeV3[keyof typeof AccessCriteriaCriteriaListInnerTypeV3];
 
+/**
+ * 
+ * @export
+ * @interface AccessCriteriaRequest
+ */
+export interface AccessCriteriaRequest {
+    /**
+     * Business name for the access construct list
+     * @type {string}
+     * @memberof AccessCriteriaRequest
+     */
+    'name'?: string;
+    /**
+     * List of criteria. There is a min of 1 and max of 50 items in the list.
+     * @type {Array<AccessCriteriaRequestCriteriaListInner>}
+     * @memberof AccessCriteriaRequest
+     */
+    'criteriaList'?: Array<AccessCriteriaRequestCriteriaListInner>;
+}
+/**
+ * 
+ * @export
+ * @interface AccessCriteriaRequestCriteriaListInner
+ */
+export interface AccessCriteriaRequestCriteriaListInner {
+    /**
+     * Type of the property to which this reference applies to
+     * @type {string}
+     * @memberof AccessCriteriaRequestCriteriaListInner
+     */
+    'type'?: AccessCriteriaRequestCriteriaListInnerTypeV3;
+    /**
+     * ID of the object to which this reference applies to
+     * @type {string}
+     * @memberof AccessCriteriaRequestCriteriaListInner
+     */
+    'id'?: string;
+}
+
+export const AccessCriteriaRequestCriteriaListInnerTypeV3 = {
+    Entitlement: 'ENTITLEMENT'
+} as const;
+
+export type AccessCriteriaRequestCriteriaListInnerTypeV3 = typeof AccessCriteriaRequestCriteriaListInnerTypeV3[keyof typeof AccessCriteriaRequestCriteriaListInnerTypeV3];
+
 /**
  * Identity the access item is requested for.
  * @export
@@ -4972,8 +5017,7 @@ export interface CampaignAllOfFilter {
 }
 
 export const CampaignAllOfFilterTypeV3 = {
-    CampaignFilter: 'CAMPAIGN_FILTER',
-    Rule: 'RULE'
+    CampaignFilter: 'CAMPAIGN_FILTER'
 } as const;
 
 export type CampaignAllOfFilterTypeV3 = typeof CampaignAllOfFilterTypeV3[keyof typeof CampaignAllOfFilterTypeV3];
@@ -6519,6 +6563,25 @@ export interface ConflictingAccessCriteria {
      */
     'rightCriteria'?: AccessCriteria;
 }
+/**
+ * 
+ * @export
+ * @interface ConflictingAccessCriteriaRequest
+ */
+export interface ConflictingAccessCriteriaRequest {
+    /**
+     * 
+     * @type {AccessCriteriaRequest}
+     * @memberof ConflictingAccessCriteriaRequest
+     */
+    'leftCriteria'?: AccessCriteriaRequest;
+    /**
+     * 
+     * @type {AccessCriteriaRequest}
+     * @memberof ConflictingAccessCriteriaRequest
+     */
+    'rightCriteria'?: AccessCriteriaRequest;
+}
 /**
  * 
  * @export
@@ -21495,12 +21558,6 @@ export interface SodPolicy {
      * @memberof SodPolicy
      */
     'type'?: SodPolicyTypeV3;
-    /**
-     * 
-     * @type {SodPolicyConflictingAccessCriteria}
-     * @memberof SodPolicy
-     */
-    'conflictingAccessCriteria'?: SodPolicyConflictingAccessCriteria;
 }
 
 export const SodPolicyStateV3 = {
@@ -21516,25 +21573,6 @@ export const SodPolicyTypeV3 = {
 
 export type SodPolicyTypeV3 = typeof SodPolicyTypeV3[keyof typeof SodPolicyTypeV3];
 
-/**
- * 
- * @export
- * @interface SodPolicyConflictingAccessCriteria
- */
-export interface SodPolicyConflictingAccessCriteria {
-    /**
-     * 
-     * @type {AccessCriteria}
-     * @memberof SodPolicyConflictingAccessCriteria
-     */
-    'leftCriteria'?: AccessCriteria;
-    /**
-     * 
-     * @type {AccessCriteria}
-     * @memberof SodPolicyConflictingAccessCriteria
-     */
-    'rightCriteria'?: AccessCriteria;
-}
 /**
  * SOD policy.
  * @export
@@ -21600,6 +21638,302 @@ export const SodPolicyOwnerRefTypeV3 = {
 
 export type SodPolicyOwnerRefTypeV3 = typeof SodPolicyOwnerRefTypeV3[keyof typeof SodPolicyOwnerRefTypeV3];
 
+/**
+ * 
+ * @export
+ * @interface SodPolicyRead
+ */
+export interface SodPolicyRead {
+    /**
+     * Policy id
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'id'?: string;
+    /**
+     * Policy Business Name
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'name'?: string;
+    /**
+     * The time when this SOD policy is created.
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'created'?: string;
+    /**
+     * The time when this SOD policy is modified.
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'modified'?: string;
+    /**
+     * Optional description of the SOD policy
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'description'?: string | null;
+    /**
+     * 
+     * @type {SodPolicyOwnerRef}
+     * @memberof SodPolicyRead
+     */
+    'ownerRef'?: SodPolicyOwnerRef;
+    /**
+     * Optional External Policy Reference
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'externalPolicyReference'?: string | null;
+    /**
+     * Search query of the SOD policy
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'policyQuery'?: string;
+    /**
+     * Optional compensating controls(Mitigating Controls)
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'compensatingControls'?: string | null;
+    /**
+     * Optional correction advice
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'correctionAdvice'?: string | null;
+    /**
+     * whether the policy is enforced or not
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'state'?: SodPolicyReadStateV3;
+    /**
+     * tags for this policy object
+     * @type {Array<string>}
+     * @memberof SodPolicyRead
+     */
+    'tags'?: Array<string>;
+    /**
+     * Policy\'s creator ID
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'creatorId'?: string;
+    /**
+     * Policy\'s modifier ID
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'modifierId'?: string | null;
+    /**
+     * 
+     * @type {ViolationOwnerAssignmentConfig}
+     * @memberof SodPolicyRead
+     */
+    'violationOwnerAssignmentConfig'?: ViolationOwnerAssignmentConfig;
+    /**
+     * defines whether a policy has been scheduled or not
+     * @type {boolean}
+     * @memberof SodPolicyRead
+     */
+    'scheduled'?: boolean;
+    /**
+     * whether a policy is query based or conflicting access based
+     * @type {string}
+     * @memberof SodPolicyRead
+     */
+    'type'?: SodPolicyReadTypeV3;
+    /**
+     * 
+     * @type {SodPolicyReadAllOfConflictingAccessCriteria}
+     * @memberof SodPolicyRead
+     */
+    'conflictingAccessCriteria'?: SodPolicyReadAllOfConflictingAccessCriteria;
+}
+
+export const SodPolicyReadStateV3 = {
+    Enforced: 'ENFORCED',
+    NotEnforced: 'NOT_ENFORCED'
+} as const;
+
+export type SodPolicyReadStateV3 = typeof SodPolicyReadStateV3[keyof typeof SodPolicyReadStateV3];
+export const SodPolicyReadTypeV3 = {
+    General: 'GENERAL',
+    ConflictingAccessBased: 'CONFLICTING_ACCESS_BASED'
+} as const;
+
+export type SodPolicyReadTypeV3 = typeof SodPolicyReadTypeV3[keyof typeof SodPolicyReadTypeV3];
+
+/**
+ * 
+ * @export
+ * @interface SodPolicyReadAllOfConflictingAccessCriteria
+ */
+export interface SodPolicyReadAllOfConflictingAccessCriteria {
+    /**
+     * 
+     * @type {AccessCriteria}
+     * @memberof SodPolicyReadAllOfConflictingAccessCriteria
+     */
+    'leftCriteria'?: AccessCriteria;
+    /**
+     * 
+     * @type {AccessCriteria}
+     * @memberof SodPolicyReadAllOfConflictingAccessCriteria
+     */
+    'rightCriteria'?: AccessCriteria;
+}
+/**
+ * 
+ * @export
+ * @interface SodPolicyRequest
+ */
+export interface SodPolicyRequest {
+    /**
+     * Policy id
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'id'?: string;
+    /**
+     * Policy Business Name
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'name'?: string;
+    /**
+     * The time when this SOD policy is created.
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'created'?: string;
+    /**
+     * The time when this SOD policy is modified.
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'modified'?: string;
+    /**
+     * Optional description of the SOD policy
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'description'?: string | null;
+    /**
+     * 
+     * @type {SodPolicyOwnerRef}
+     * @memberof SodPolicyRequest
+     */
+    'ownerRef'?: SodPolicyOwnerRef;
+    /**
+     * Optional External Policy Reference
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'externalPolicyReference'?: string | null;
+    /**
+     * Search query of the SOD policy
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'policyQuery'?: string;
+    /**
+     * Optional compensating controls(Mitigating Controls)
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'compensatingControls'?: string | null;
+    /**
+     * Optional correction advice
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'correctionAdvice'?: string | null;
+    /**
+     * whether the policy is enforced or not
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'state'?: SodPolicyRequestStateV3;
+    /**
+     * tags for this policy object
+     * @type {Array<string>}
+     * @memberof SodPolicyRequest
+     */
+    'tags'?: Array<string>;
+    /**
+     * Policy\'s creator ID
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'creatorId'?: string;
+    /**
+     * Policy\'s modifier ID
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'modifierId'?: string | null;
+    /**
+     * 
+     * @type {ViolationOwnerAssignmentConfig}
+     * @memberof SodPolicyRequest
+     */
+    'violationOwnerAssignmentConfig'?: ViolationOwnerAssignmentConfig;
+    /**
+     * defines whether a policy has been scheduled or not
+     * @type {boolean}
+     * @memberof SodPolicyRequest
+     */
+    'scheduled'?: boolean;
+    /**
+     * whether a policy is query based or conflicting access based
+     * @type {string}
+     * @memberof SodPolicyRequest
+     */
+    'type'?: SodPolicyRequestTypeV3;
+    /**
+     * 
+     * @type {SodPolicyRequestAllOfConflictingAccessCriteria}
+     * @memberof SodPolicyRequest
+     */
+    'conflictingAccessCriteria'?: SodPolicyRequestAllOfConflictingAccessCriteria;
+}
+
+export const SodPolicyRequestStateV3 = {
+    Enforced: 'ENFORCED',
+    NotEnforced: 'NOT_ENFORCED'
+} as const;
+
+export type SodPolicyRequestStateV3 = typeof SodPolicyRequestStateV3[keyof typeof SodPolicyRequestStateV3];
+export const SodPolicyRequestTypeV3 = {
+    General: 'GENERAL',
+    ConflictingAccessBased: 'CONFLICTING_ACCESS_BASED'
+} as const;
+
+export type SodPolicyRequestTypeV3 = typeof SodPolicyRequestTypeV3[keyof typeof SodPolicyRequestTypeV3];
+
+/**
+ * 
+ * @export
+ * @interface SodPolicyRequestAllOfConflictingAccessCriteria
+ */
+export interface SodPolicyRequestAllOfConflictingAccessCriteria {
+    /**
+     * 
+     * @type {AccessCriteriaRequest}
+     * @memberof SodPolicyRequestAllOfConflictingAccessCriteria
+     */
+    'leftCriteria'?: AccessCriteriaRequest;
+    /**
+     * 
+     * @type {AccessCriteriaRequest}
+     * @memberof SodPolicyRequestAllOfConflictingAccessCriteria
+     */
+    'rightCriteria'?: AccessCriteriaRequest;
+}
 /**
  * 
  * @export
@@ -26983,7 +27317,7 @@ export const AccessRequestsApiAxiosParamCreator = function (configuration?: Conf
             };
         },
         /**
-         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests. 
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token’s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests. 
          * @summary Submit access request
          * @param {AccessRequest} accessRequest 
          * @param {*} [axiosOptions] Override http request option.
@@ -27074,7 +27408,7 @@ export const AccessRequestsApiAxiosParamCreator = function (configuration?: Conf
          * @param {boolean} [count] If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.
          * @param {number} [limit] Max number of results to return.
          * @param {number} [offset] Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
-         * @param {string} [filters] Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accessRequestId**: *in*  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
+         * @param {string} [filters] Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accessRequestId**: *eq, in, ge, gt, le, lt, ne, sw*  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
          * @param {string} [sorters] Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)  Sorting is supported for the following fields: **created, modified, accountActivityItemId, name**
          * @param {string} [requestState] Filter the results by the state of the request. The only valid value is *EXECUTING*.
          * @param {*} [axiosOptions] Override http request option.
@@ -27220,7 +27554,7 @@ export const AccessRequestsApiFp = function(configuration?: Configuration) {
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
         /**
-         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests. 
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token’s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests. 
          * @summary Submit access request
          * @param {AccessRequest} accessRequest 
          * @param {*} [axiosOptions] Override http request option.
@@ -27254,7 +27588,7 @@ export const AccessRequestsApiFp = function(configuration?: Configuration) {
          * @param {boolean} [count] If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.
          * @param {number} [limit] Max number of results to return.
          * @param {number} [offset] Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
-         * @param {string} [filters] Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accessRequestId**: *in*  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
+         * @param {string} [filters] Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accessRequestId**: *eq, in, ge, gt, le, lt, ne, sw*  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
          * @param {string} [sorters] Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)  Sorting is supported for the following fields: **created, modified, accountActivityItemId, name**
          * @param {string} [requestState] Filter the results by the state of the request. The only valid value is *EXECUTING*.
          * @param {*} [axiosOptions] Override http request option.
@@ -27300,7 +27634,7 @@ export const AccessRequestsApiFactory = function (configuration?: Configuration,
             return localVarFp.cancelAccessRequest(requestParameters.cancelAccessRequest, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
-         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests. 
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token’s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests. 
          * @summary Submit access request
          * @param {AccessRequestsApiCreateAccessRequestRequest} requestParameters Request parameters.
          * @param {*} [axiosOptions] Override http request option.
@@ -27425,7 +27759,7 @@ export interface AccessRequestsApiListAccessRequestStatusRequest {
     readonly offset?: number
 
     /**
-     * Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accessRequestId**: *in*  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
+     * Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accessRequestId**: *eq, in, ge, gt, le, lt, ne, sw*  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
      * @type {string}
      * @memberof AccessRequestsApiListAccessRequestStatus
      */
@@ -27480,7 +27814,7 @@ export class AccessRequestsApi extends BaseAPI {
     }
 
     /**
-     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests. 
+     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token’s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests. 
      * @summary Submit access request
      * @param {AccessRequestsApiCreateAccessRequestRequest} requestParameters Request parameters.
      * @param {*} [axiosOptions] Override http request option.
@@ -51239,13 +51573,13 @@ export const SODPoliciesApiAxiosParamCreator = function (configuration?: Configu
         /**
          * This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. Requires role of ORG_ADMIN.
          * @summary Create sod policy
-         * @param {SodPolicy} sodPolicy 
+         * @param {SodPolicyRequest} sodPolicyRequest 
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        createSodPolicy: async (sodPolicy: SodPolicy, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
-            // verify required parameter 'sodPolicy' is not null or undefined
-            assertParamExists('createSodPolicy', 'sodPolicy', sodPolicy)
+        createSodPolicy: async (sodPolicyRequest: SodPolicyRequest, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'sodPolicyRequest' is not null or undefined
+            assertParamExists('createSodPolicy', 'sodPolicyRequest', sodPolicyRequest)
             const localVarPath = `/sod-policies`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
@@ -51273,7 +51607,7 @@ export const SODPoliciesApiAxiosParamCreator = function (configuration?: Configu
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
-            localVarRequestOptions.data = serializeDataIfNeeded(sodPolicy, localVarRequestOptions, configuration)
+            localVarRequestOptions.data = serializeDataIfNeeded(sodPolicyRequest, localVarRequestOptions, configuration)
 
             return {
                 url: toPathString(localVarUrlObj),
@@ -51826,15 +52160,15 @@ export const SODPoliciesApiAxiosParamCreator = function (configuration?: Configu
          * This updates a specified SOD policy. Requires role of ORG_ADMIN.
          * @summary Update sod policy by id
          * @param {string} id The ID of the SOD policy to update.
-         * @param {SodPolicy} sodPolicy 
+         * @param {SodPolicyRead} sodPolicyRead 
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        putSodPolicy: async (id: string, sodPolicy: SodPolicy, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+        putSodPolicy: async (id: string, sodPolicyRead: SodPolicyRead, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
             // verify required parameter 'id' is not null or undefined
             assertParamExists('putSodPolicy', 'id', id)
-            // verify required parameter 'sodPolicy' is not null or undefined
-            assertParamExists('putSodPolicy', 'sodPolicy', sodPolicy)
+            // verify required parameter 'sodPolicyRead' is not null or undefined
+            assertParamExists('putSodPolicy', 'sodPolicyRead', sodPolicyRead)
             const localVarPath = `/sod-policies/{id}`
                 .replace(`{${"id"}}`, encodeURIComponent(String(id)));
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
@@ -51863,7 +52197,7 @@ export const SODPoliciesApiAxiosParamCreator = function (configuration?: Configu
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
-            localVarRequestOptions.data = serializeDataIfNeeded(sodPolicy, localVarRequestOptions, configuration)
+            localVarRequestOptions.data = serializeDataIfNeeded(sodPolicyRead, localVarRequestOptions, configuration)
 
             return {
                 url: toPathString(localVarUrlObj),
@@ -52009,12 +52343,12 @@ export const SODPoliciesApiFp = function(configuration?: Configuration) {
         /**
          * This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. Requires role of ORG_ADMIN.
          * @summary Create sod policy
-         * @param {SodPolicy} sodPolicy 
+         * @param {SodPolicyRequest} sodPolicyRequest 
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        async createSodPolicy(sodPolicy: SodPolicy, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SodPolicy>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.createSodPolicy(sodPolicy, axiosOptions);
+        async createSodPolicy(sodPolicyRequest: SodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SodPolicyRead>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.createSodPolicy(sodPolicyRequest, axiosOptions);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['SODPoliciesApi.createSodPolicy']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
@@ -52092,7 +52426,7 @@ export const SODPoliciesApiFp = function(configuration?: Configuration) {
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        async getSodPolicy(id: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SodPolicy>> {
+        async getSodPolicy(id: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SodPolicyRead>> {
             const localVarAxiosArgs = await localVarAxiosParamCreator.getSodPolicy(id, axiosOptions);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['SODPoliciesApi.getSodPolicy']?.[localVarOperationServerIndex]?.url;
@@ -52148,7 +52482,7 @@ export const SODPoliciesApiFp = function(configuration?: Configuration) {
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        async listSodPolicies(limit?: number, offset?: number, count?: boolean, filters?: string, sorters?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<Array<SodPolicy>>> {
+        async listSodPolicies(limit?: number, offset?: number, count?: boolean, filters?: string, sorters?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<Array<SodPolicyRead>>> {
             const localVarAxiosArgs = await localVarAxiosParamCreator.listSodPolicies(limit, offset, count, filters, sorters, axiosOptions);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['SODPoliciesApi.listSodPolicies']?.[localVarOperationServerIndex]?.url;
@@ -52162,7 +52496,7 @@ export const SODPoliciesApiFp = function(configuration?: Configuration) {
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        async patchSodPolicy(id: string, jsonPatchOperation: Array<JsonPatchOperation>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SodPolicy>> {
+        async patchSodPolicy(id: string, jsonPatchOperation: Array<JsonPatchOperation>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SodPolicyRead>> {
             const localVarAxiosArgs = await localVarAxiosParamCreator.patchSodPolicy(id, jsonPatchOperation, axiosOptions);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['SODPoliciesApi.patchSodPolicy']?.[localVarOperationServerIndex]?.url;
@@ -52186,12 +52520,12 @@ export const SODPoliciesApiFp = function(configuration?: Configuration) {
          * This updates a specified SOD policy. Requires role of ORG_ADMIN.
          * @summary Update sod policy by id
          * @param {string} id The ID of the SOD policy to update.
-         * @param {SodPolicy} sodPolicy 
+         * @param {SodPolicyRead} sodPolicyRead 
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        async putSodPolicy(id: string, sodPolicy: SodPolicy, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SodPolicy>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.putSodPolicy(id, sodPolicy, axiosOptions);
+        async putSodPolicy(id: string, sodPolicyRead: SodPolicyRead, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SodPolicyRead>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.putSodPolicy(id, sodPolicyRead, axiosOptions);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['SODPoliciesApi.putSodPolicy']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
@@ -52252,8 +52586,8 @@ export const SODPoliciesApiFactory = function (configuration?: Configuration, ba
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        createSodPolicy(requestParameters: SODPoliciesApiCreateSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SodPolicy> {
-            return localVarFp.createSodPolicy(requestParameters.sodPolicy, axiosOptions).then((request) => request(axios, basePath));
+        createSodPolicy(requestParameters: SODPoliciesApiCreateSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SodPolicyRead> {
+            return localVarFp.createSodPolicy(requestParameters.sodPolicyRequest, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
          * This deletes a specified SOD policy. Requires role of ORG_ADMIN.
@@ -52311,7 +52645,7 @@ export const SODPoliciesApiFactory = function (configuration?: Configuration, ba
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        getSodPolicy(requestParameters: SODPoliciesApiGetSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SodPolicy> {
+        getSodPolicy(requestParameters: SODPoliciesApiGetSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SodPolicyRead> {
             return localVarFp.getSodPolicy(requestParameters.id, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
@@ -52351,7 +52685,7 @@ export const SODPoliciesApiFactory = function (configuration?: Configuration, ba
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        listSodPolicies(requestParameters: SODPoliciesApiListSodPoliciesRequest = {}, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<Array<SodPolicy>> {
+        listSodPolicies(requestParameters: SODPoliciesApiListSodPoliciesRequest = {}, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<Array<SodPolicyRead>> {
             return localVarFp.listSodPolicies(requestParameters.limit, requestParameters.offset, requestParameters.count, requestParameters.filters, requestParameters.sorters, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
@@ -52361,7 +52695,7 @@ export const SODPoliciesApiFactory = function (configuration?: Configuration, ba
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        patchSodPolicy(requestParameters: SODPoliciesApiPatchSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SodPolicy> {
+        patchSodPolicy(requestParameters: SODPoliciesApiPatchSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SodPolicyRead> {
             return localVarFp.patchSodPolicy(requestParameters.id, requestParameters.jsonPatchOperation, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
@@ -52381,8 +52715,8 @@ export const SODPoliciesApiFactory = function (configuration?: Configuration, ba
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        putSodPolicy(requestParameters: SODPoliciesApiPutSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SodPolicy> {
-            return localVarFp.putSodPolicy(requestParameters.id, requestParameters.sodPolicy, axiosOptions).then((request) => request(axios, basePath));
+        putSodPolicy(requestParameters: SODPoliciesApiPutSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SodPolicyRead> {
+            return localVarFp.putSodPolicy(requestParameters.id, requestParameters.sodPolicyRead, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
          * Runs the scheduled report for the policy retrieved by passed policy ID.  The report schedule is fetched from the policy retrieved by ID.
@@ -52425,10 +52759,10 @@ export const SODPoliciesApiFactory = function (configuration?: Configuration, ba
 export interface SODPoliciesApiCreateSodPolicyRequest {
     /**
      * 
-     * @type {SodPolicy}
+     * @type {SodPolicyRequest}
      * @memberof SODPoliciesApiCreateSodPolicy
      */
-    readonly sodPolicy: SodPolicy
+    readonly sodPolicyRequest: SodPolicyRequest
 }
 
 /**
@@ -52656,10 +52990,10 @@ export interface SODPoliciesApiPutSodPolicyRequest {
 
     /**
      * 
-     * @type {SodPolicy}
+     * @type {SodPolicyRead}
      * @memberof SODPoliciesApiPutSodPolicy
      */
-    readonly sodPolicy: SodPolicy
+    readonly sodPolicyRead: SodPolicyRead
 }
 
 /**
@@ -52720,7 +53054,7 @@ export class SODPoliciesApi extends BaseAPI {
      * @memberof SODPoliciesApi
      */
     public createSodPolicy(requestParameters: SODPoliciesApiCreateSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig) {
-        return SODPoliciesApiFp(this.configuration).createSodPolicy(requestParameters.sodPolicy, axiosOptions).then((request) => request(this.axios, this.basePath));
+        return SODPoliciesApiFp(this.configuration).createSodPolicy(requestParameters.sodPolicyRequest, axiosOptions).then((request) => request(this.axios, this.basePath));
     }
 
     /**
@@ -52875,7 +53209,7 @@ export class SODPoliciesApi extends BaseAPI {
      * @memberof SODPoliciesApi
      */
     public putSodPolicy(requestParameters: SODPoliciesApiPutSodPolicyRequest, axiosOptions?: RawAxiosRequestConfig) {
-        return SODPoliciesApiFp(this.configuration).putSodPolicy(requestParameters.id, requestParameters.sodPolicy, axiosOptions).then((request) => request(this.axios, this.basePath));
+        return SODPoliciesApiFp(this.configuration).putSodPolicy(requestParameters.id, requestParameters.sodPolicyRead, axiosOptions).then((request) => request(this.axios, this.basePath));
     }
 
     /**