npm - sailpoint-api-client - Versions diffs - 1.7.17 → 1.7.19 - Mend

sailpoint-api-client 1.7.17 → 1.7.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/v2025/api.ts CHANGED Viewed

@@ -7469,13 +7469,13 @@ export interface ApprovalConfigV2025 {
      */
     'tenantId'?: string;
     /**
-     * The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+     * The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
      * @type {string}
      * @memberof ApprovalConfigV2025
      */
     'id'?: string;
     /**
-     * The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+     * The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
      * @type {string}
      * @memberof ApprovalConfigV2025
      */
@@ -8574,6 +8574,13 @@ export interface ArgumentV2025 {
      */
     'type'?: string | null;
 }
+/**
+ *
+ * @export
+ * @interface ArrayInner1V2025
+ */
+export interface ArrayInner1V2025 {
+}
 /**
  *
  * @export
@@ -24874,6 +24881,46 @@ export interface JITConfigurationV2025 {
      */
     'sourceAttributeMappings'?: { [key: string]: string; };
 }
+/**
+ * A JSONPatch Operation for Role Mining endpoints, supporting only remove and replace operations as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)
+ * @export
+ * @interface JsonPatchOperationRoleMiningV2025
+ */
+export interface JsonPatchOperationRoleMiningV2025 {
+    /**
+     * The operation to be performed
+     * @type {string}
+     * @memberof JsonPatchOperationRoleMiningV2025
+     */
+    'op': JsonPatchOperationRoleMiningV2025OpV2025;
+    /**
+     * A string JSON Pointer representing the target path to an element to be affected by the operation
+     * @type {string}
+     * @memberof JsonPatchOperationRoleMiningV2025
+     */
+    'path': string;
+    /**
+     *
+     * @type {JsonPatchOperationRoleMiningValueV2025}
+     * @memberof JsonPatchOperationRoleMiningV2025
+     */
+    'value'?: JsonPatchOperationRoleMiningValueV2025;
+}
+export const JsonPatchOperationRoleMiningV2025OpV2025 = {
+    Remove: 'remove',
+    Replace: 'replace'
+} as const;
+export type JsonPatchOperationRoleMiningV2025OpV2025 = typeof JsonPatchOperationRoleMiningV2025OpV2025[keyof typeof JsonPatchOperationRoleMiningV2025OpV2025];
+/**
+ * @type JsonPatchOperationRoleMiningValueV2025
+ * The value to be used for the operation, required for \"replace\" operations
+ * @export
+ */
+export type JsonPatchOperationRoleMiningValueV2025 = Array<ArrayInner1V2025> | boolean | number | object | string;
 /**
  * A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)
  * @export
@@ -24901,8 +24948,12 @@ export interface JsonPatchOperationV2025 {
 }
 export const JsonPatchOperationV2025OpV2025 = {
+    Add: 'add',
     Remove: 'remove',
-    Replace: 'replace'
+    Replace: 'replace',
+    Move: 'move',
+    Copy: 'copy',
+    Test: 'test'
 } as const;
 export type JsonPatchOperationV2025OpV2025 = typeof JsonPatchOperationV2025OpV2025[keyof typeof JsonPatchOperationV2025OpV2025];
@@ -33625,39 +33676,6 @@ export const PatOwnerV2025TypeV2025 = {
 export type PatOwnerV2025TypeV2025 = typeof PatOwnerV2025TypeV2025[keyof typeof PatOwnerV2025TypeV2025];
-/**
- *
- * @export
- * @interface PatchPotentialRoleRequestInnerV2025
- */
-export interface PatchPotentialRoleRequestInnerV2025 {
-    /**
-     * The operation to be performed
-     * @type {string}
-     * @memberof PatchPotentialRoleRequestInnerV2025
-     */
-    'op'?: PatchPotentialRoleRequestInnerV2025OpV2025;
-    /**
-     * A string JSON Pointer representing the target path to an element to be affected by the operation
-     * @type {string}
-     * @memberof PatchPotentialRoleRequestInnerV2025
-     */
-    'path': string;
-    /**
-     *
-     * @type {UpdateMultiHostSourcesRequestInnerValueV2025}
-     * @memberof PatchPotentialRoleRequestInnerV2025
-     */
-    'value'?: UpdateMultiHostSourcesRequestInnerValueV2025;
-}
-export const PatchPotentialRoleRequestInnerV2025OpV2025 = {
-    Remove: 'remove',
-    Replace: 'replace'
-} as const;
-export type PatchPotentialRoleRequestInnerV2025OpV2025 = typeof PatchPotentialRoleRequestInnerV2025OpV2025[keyof typeof PatchPotentialRoleRequestInnerV2025OpV2025];
 /**
  *
  * @export
@@ -39544,7 +39562,7 @@ export interface RoleMiningIdentityDistributionDistributionInnerV2025 {
      * @type {string}
      * @memberof RoleMiningIdentityDistributionDistributionInnerV2025
      */
-    'attributeValue'?: string;
+    'attributeValue'?: string | null;
     /**
      * The number of identities that have this attribute value
      * @type {number}
@@ -39721,6 +39739,25 @@ export const RoleMiningPotentialRoleExportStateV2025 = {
 export type RoleMiningPotentialRoleExportStateV2025 = typeof RoleMiningPotentialRoleExportStateV2025[keyof typeof RoleMiningPotentialRoleExportStateV2025];
+/**
+ * The potential role reference
+ * @export
+ * @interface RoleMiningPotentialRolePotentialRoleRefV2025
+ */
+export interface RoleMiningPotentialRolePotentialRoleRefV2025 {
+    /**
+     * Id of the potential role
+     * @type {string}
+     * @memberof RoleMiningPotentialRolePotentialRoleRefV2025
+     */
+    'id'?: string;
+    /**
+     * Name of the potential role
+     * @type {string}
+     * @memberof RoleMiningPotentialRolePotentialRoleRefV2025
+     */
+    'name'?: string;
+}
 /**
  *
  * @export
@@ -40002,12 +40039,24 @@ export interface RoleMiningPotentialRoleV2025 {
      * @memberof RoleMiningPotentialRoleV2025
      */
     'identityIds'?: Array<string>;
+    /**
+     * The status for this identity group which can be OBTAINED or COMPRESSED
+     * @type {string}
+     * @memberof RoleMiningPotentialRoleV2025
+     */
+    'identityGroupStatus'?: string | null;
     /**
      * Name of the potential role.
      * @type {string}
      * @memberof RoleMiningPotentialRoleV2025
      */
     'name'?: string;
+    /**
+     *
+     * @type {RoleMiningPotentialRolePotentialRoleRefV2025}
+     * @memberof RoleMiningPotentialRoleV2025
+     */
+    'potentialRoleRef'?: RoleMiningPotentialRolePotentialRoleRefV2025 | null;
     /**
      *
      * @type {RoleMiningPotentialRoleProvisionStateV2025 & object}
@@ -47379,13 +47428,6 @@ export const SubscriptionPatchRequestInnerV2025OpV2025 = {
 export type SubscriptionPatchRequestInnerV2025OpV2025 = typeof SubscriptionPatchRequestInnerV2025OpV2025[keyof typeof SubscriptionPatchRequestInnerV2025OpV2025];
-/**
- *
- * @export
- * @interface SubscriptionPatchRequestInnerValueAnyOfInnerV2025
- */
-export interface SubscriptionPatchRequestInnerValueAnyOfInnerV2025 {
-}
 /**
  * The value to be used for the operation, required for \"add\" and \"replace\" operations
  * @export
@@ -55447,7 +55489,7 @@ export const AccessRequestsV2025ApiAxiosParamCreator = function (configuration?:
             };
         },
         /**
-         * >**Required scopes:** ORG_ADMIN requires idn:access-request:manage. USER level requires idn:access-request-self:manage (Personal Access Token only).  Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token\'s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it does not return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests.
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  >**Security:** idn:access-request:manage is for ORG_ADMIN level. idn:access-request-self:manage is for USER level.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token\'s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it does not return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests.
          * @summary Submit access request
          * @param {AccessRequestV2025} accessRequestV2025
          * @param {*} [axiosOptions] Override http request option.
@@ -55919,7 +55961,7 @@ export const AccessRequestsV2025ApiFp = function(configuration?: Configuration)
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
         /**
-         * >**Required scopes:** ORG_ADMIN requires idn:access-request:manage. USER level requires idn:access-request-self:manage (Personal Access Token only).  Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token\'s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it does not return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests.
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  >**Security:** idn:access-request:manage is for ORG_ADMIN level. idn:access-request-self:manage is for USER level.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token\'s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it does not return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests.
          * @summary Submit access request
          * @param {AccessRequestV2025} accessRequestV2025
          * @param {*} [axiosOptions] Override http request option.
@@ -56080,7 +56122,7 @@ export const AccessRequestsV2025ApiFactory = function (configuration?: Configura
             return localVarFp.closeAccessRequest(requestParameters.closeAccessRequestV2025, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
-         * >**Required scopes:** ORG_ADMIN requires idn:access-request:manage. USER level requires idn:access-request-self:manage (Personal Access Token only).  Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token\'s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it does not return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests.
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  >**Security:** idn:access-request:manage is for ORG_ADMIN level. idn:access-request-self:manage is for USER level.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token\'s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it does not return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests.
          * @summary Submit access request
          * @param {AccessRequestsV2025ApiCreateAccessRequestRequest} requestParameters Request parameters.
          * @param {*} [axiosOptions] Override http request option.
@@ -56494,7 +56536,7 @@ export class AccessRequestsV2025Api extends BaseAPI {
     }
     /**
-     * >**Required scopes:** ORG_ADMIN requires idn:access-request:manage. USER level requires idn:access-request-self:manage (Personal Access Token only).  Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token\'s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it does not return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests.
+     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  >**Security:** idn:access-request:manage is for ORG_ADMIN level. idn:access-request-self:manage is for USER level.  :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token\'s user context. :::  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it does not return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has,  without changing the account details or end date information from the existing assignment,  the API will cancel the request as a duplicate.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.  :::caution  If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits.  :::  __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. These fields should be used within the \'requestedItems\' section for the revoke requests.  * Usage of \'requestedForWithRequestedItems\' field is not supported for revoke requests.
      * @summary Submit access request
      * @param {AccessRequestsV2025ApiCreateAccessRequestRequest} requestParameters Request parameters.
      * @param {*} [axiosOptions] Override http request option.
@@ -59860,8 +59902,8 @@ export const ApprovalsV2025ApiAxiosParamCreator = function (configuration?: Conf
         /**
          * Deletes an approval configuration. Configurations at the APPROVAL_REQUEST scope cannot be deleted.
          * @summary Delete Approval Configuration
-         * @param {string} id The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
-         * @param {DeleteApprovalConfigRequestScopeV2025} scope The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+         * @param {string} id The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+         * @param {DeleteApprovalConfigRequestScopeV2025} scope The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
@@ -60054,7 +60096,7 @@ export const ApprovalsV2025ApiAxiosParamCreator = function (configuration?: Conf
         /**
          * Retrieves a singular approval configuration that matches the given ID
          * @summary Get Approval Config
-         * @param {string} id The id of the object the config applies to, for example one of the following: [(approvalID), (roleID), (entitlementID), (accessProfileID), (sourceID), (applicationID), \&quot;ENTITLEMENT_DESCRIPTIONS\&quot;, \&quot;ACCESS_REQUEST_APPROVAL\&quot;, (tenantID)]
+         * @param {string} id The id of the object the config applies to, for example one of the following: [(approvalID), (roleID), (entitlementID), (accessProfileID), \&quot;ENTITLEMENT_DESCRIPTIONS\&quot;, \&quot;ACCESS_REQUEST_APPROVAL\&quot;, (tenantID)]
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
@@ -60140,8 +60182,8 @@ export const ApprovalsV2025ApiAxiosParamCreator = function (configuration?: Conf
         /**
          * Upserts a singular approval configuration that matches the given configID and configScope. If id and scope are not provided, it will default to setting the tenant config.
          * @summary Put Approval Config
-         * @param {string} id The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
-         * @param {PutApprovalsConfigScopeV2025} scope The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+         * @param {string} id The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+         * @param {PutApprovalsConfigScopeV2025} scope The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
          * @param {ApprovalConfigV2025} approvalConfigV2025
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
@@ -60476,8 +60518,8 @@ export const ApprovalsV2025ApiFp = function(configuration?: Configuration) {
         /**
          * Deletes an approval configuration. Configurations at the APPROVAL_REQUEST scope cannot be deleted.
          * @summary Delete Approval Configuration
-         * @param {string} id The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
-         * @param {DeleteApprovalConfigRequestScopeV2025} scope The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+         * @param {string} id The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+         * @param {DeleteApprovalConfigRequestScopeV2025} scope The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
@@ -60528,7 +60570,7 @@ export const ApprovalsV2025ApiFp = function(configuration?: Configuration) {
         /**
          * Retrieves a singular approval configuration that matches the given ID
          * @summary Get Approval Config
-         * @param {string} id The id of the object the config applies to, for example one of the following: [(approvalID), (roleID), (entitlementID), (accessProfileID), (sourceID), (applicationID), \&quot;ENTITLEMENT_DESCRIPTIONS\&quot;, \&quot;ACCESS_REQUEST_APPROVAL\&quot;, (tenantID)]
+         * @param {string} id The id of the object the config applies to, for example one of the following: [(approvalID), (roleID), (entitlementID), (accessProfileID), \&quot;ENTITLEMENT_DESCRIPTIONS\&quot;, \&quot;ACCESS_REQUEST_APPROVAL\&quot;, (tenantID)]
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
@@ -60554,8 +60596,8 @@ export const ApprovalsV2025ApiFp = function(configuration?: Configuration) {
         /**
          * Upserts a singular approval configuration that matches the given configID and configScope. If id and scope are not provided, it will default to setting the tenant config.
          * @summary Put Approval Config
-         * @param {string} id The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
-         * @param {PutApprovalsConfigScopeV2025} scope The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+         * @param {string} id The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+         * @param {PutApprovalsConfigScopeV2025} scope The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
          * @param {ApprovalConfigV2025} approvalConfigV2025
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
@@ -60844,15 +60886,15 @@ export interface ApprovalsV2025ApiCancelApprovalRequest {
  */
 export interface ApprovalsV2025ApiDeleteApprovalConfigRequestRequest {
     /**
-     * The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+     * The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
      * @type {string}
      * @memberof ApprovalsV2025ApiDeleteApprovalConfigRequest
      */
     readonly id: string
     /**
-     * The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
-     * @type {'DOMAIN_OBJECT' | 'ROLE' | 'APPLICATION' | 'ACCESS_PROFILE' | 'ENTITLEMENT' | 'APPROVAL_TYPE' | 'TENANT' | 'SOURCE'}
+     * The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+     * @type {'DOMAIN_OBJECT' | 'ROLE' | 'ACCESS_PROFILE' | 'ENTITLEMENT' | 'APPROVAL_TYPE' | 'TENANT'}
      * @memberof ApprovalsV2025ApiDeleteApprovalConfigRequest
      */
     readonly scope: DeleteApprovalConfigRequestScopeV2025
@@ -60977,7 +61019,7 @@ export interface ApprovalsV2025ApiGetApprovalsRequest {
  */
 export interface ApprovalsV2025ApiGetApprovalsConfigRequest {
     /**
-     * The id of the object the config applies to, for example one of the following: [(approvalID), (roleID), (entitlementID), (accessProfileID), (sourceID), (applicationID), \&quot;ENTITLEMENT_DESCRIPTIONS\&quot;, \&quot;ACCESS_REQUEST_APPROVAL\&quot;, (tenantID)]
+     * The id of the object the config applies to, for example one of the following: [(approvalID), (roleID), (entitlementID), (accessProfileID), \&quot;ENTITLEMENT_DESCRIPTIONS\&quot;, \&quot;ACCESS_REQUEST_APPROVAL\&quot;, (tenantID)]
      * @type {string}
      * @memberof ApprovalsV2025ApiGetApprovalsConfig
      */
@@ -61005,15 +61047,15 @@ export interface ApprovalsV2025ApiMoveApprovalRequest {
  */
 export interface ApprovalsV2025ApiPutApprovalsConfigRequest {
     /**
-     * The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+     * The ID defined by the scope field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
      * @type {string}
      * @memberof ApprovalsV2025ApiPutApprovalsConfig
      */
     readonly id: string
     /**
-     * The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE [[sourceID]]:SOURCE [[applicationID]]:APPLICATION ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
-     * @type {'DOMAIN_OBJECT' | 'ROLE' | 'APPLICATION' | 'ACCESS_PROFILE' | 'ENTITLEMENT' | 'APPROVAL_TYPE' | 'TENANT' | 'SOURCE'}
+     * The scope of the field, where [[id]]:[[scope]] is the following [[roleID]]:ROLE [[entitlementID]]:ENTITLEMENT [[accessProfileID]]:ACCESS_PROFILE ENTITLEMENT_DESCRIPTIONS:APPROVAL_TYPE ACCESS_REQUEST_APPROVAL:APPROVAL_TYPE [[tenantID]]:TENANT [[domainObjectID]]:DOMAIN_OBJECT
+     * @type {'DOMAIN_OBJECT' | 'ROLE' | 'ACCESS_PROFILE' | 'ENTITLEMENT' | 'APPROVAL_TYPE' | 'TENANT'}
      * @memberof ApprovalsV2025ApiPutApprovalsConfig
      */
     readonly scope: PutApprovalsConfigScopeV2025
@@ -61306,12 +61348,10 @@ export class ApprovalsV2025Api extends BaseAPI {
 export const DeleteApprovalConfigRequestScopeV2025 = {
     DomainObject: 'DOMAIN_OBJECT',
     Role: 'ROLE',
-    Application: 'APPLICATION',
     AccessProfile: 'ACCESS_PROFILE',
     Entitlement: 'ENTITLEMENT',
     ApprovalType: 'APPROVAL_TYPE',
-    Tenant: 'TENANT',
-    Source: 'SOURCE'
+    Tenant: 'TENANT'
 } as const;
 export type DeleteApprovalConfigRequestScopeV2025 = typeof DeleteApprovalConfigRequestScopeV2025[keyof typeof DeleteApprovalConfigRequestScopeV2025];
 /**
@@ -61320,12 +61360,10 @@ export type DeleteApprovalConfigRequestScopeV2025 = typeof DeleteApprovalConfigR
 export const PutApprovalsConfigScopeV2025 = {
     DomainObject: 'DOMAIN_OBJECT',
     Role: 'ROLE',
-    Application: 'APPLICATION',
     AccessProfile: 'ACCESS_PROFILE',
     Entitlement: 'ENTITLEMENT',
     ApprovalType: 'APPROVAL_TYPE',
-    Tenant: 'TENANT',
-    Source: 'SOURCE'
+    Tenant: 'TENANT'
 } as const;
 export type PutApprovalsConfigScopeV2025 = typeof PutApprovalsConfigScopeV2025[keyof typeof PutApprovalsConfigScopeV2025];
@@ -91167,18 +91205,18 @@ export const IAIRoleMiningV2025ApiAxiosParamCreator = function (configuration?:
          * @summary Update a potential role
          * @param {string} sessionId The role mining session id
          * @param {string} potentialRoleId The potential role summary id
-         * @param {Array<PatchPotentialRoleRequestInnerV2025>} patchPotentialRoleRequestInnerV2025
+         * @param {Array<JsonPatchOperationRoleMiningV2025>} jsonPatchOperationRoleMiningV2025
          * @param {string} [xSailPointExperimental] Use this header to enable this experimental API.
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        patchPotentialRole: async (sessionId: string, potentialRoleId: string, patchPotentialRoleRequestInnerV2025: Array<PatchPotentialRoleRequestInnerV2025>, xSailPointExperimental?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+        patchPotentialRole: async (sessionId: string, potentialRoleId: string, jsonPatchOperationRoleMiningV2025: Array<JsonPatchOperationRoleMiningV2025>, xSailPointExperimental?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
             // verify required parameter 'sessionId' is not null or undefined
             assertParamExists('patchPotentialRole', 'sessionId', sessionId)
             // verify required parameter 'potentialRoleId' is not null or undefined
             assertParamExists('patchPotentialRole', 'potentialRoleId', potentialRoleId)
-            // verify required parameter 'patchPotentialRoleRequestInnerV2025' is not null or undefined
-            assertParamExists('patchPotentialRole', 'patchPotentialRoleRequestInnerV2025', patchPotentialRoleRequestInnerV2025)
+            // verify required parameter 'jsonPatchOperationRoleMiningV2025' is not null or undefined
+            assertParamExists('patchPotentialRole', 'jsonPatchOperationRoleMiningV2025', jsonPatchOperationRoleMiningV2025)
             if (xSailPointExperimental === undefined) {
                 xSailPointExperimental = 'true';
             }
@@ -91205,6 +91243,10 @@ export const IAIRoleMiningV2025ApiAxiosParamCreator = function (configuration?:
             // oauth required
             await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+            // authentication applicationAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "applicationAuth", [], configuration)
             localVarHeaderParameter['Content-Type'] = 'application/json-patch+json';
@@ -91215,7 +91257,7 @@ export const IAIRoleMiningV2025ApiAxiosParamCreator = function (configuration?:
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
-            localVarRequestOptions.data = serializeDataIfNeeded(patchPotentialRoleRequestInnerV2025, localVarRequestOptions, configuration)
+            localVarRequestOptions.data = serializeDataIfNeeded(jsonPatchOperationRoleMiningV2025, localVarRequestOptions, configuration)
             return {
                 url: toPathString(localVarUrlObj),
@@ -91227,18 +91269,18 @@ export const IAIRoleMiningV2025ApiAxiosParamCreator = function (configuration?:
          * @summary Update a potential role session
          * @param {string} sessionId The role mining session id
          * @param {string} potentialRoleId The potential role summary id
-         * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025
+         * @param {Array<JsonPatchOperationRoleMiningV2025>} jsonPatchOperationRoleMiningV2025
          * @param {string} [xSailPointExperimental] Use this header to enable this experimental API.
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        patchPotentialRoleSession: async (sessionId: string, potentialRoleId: string, jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, xSailPointExperimental?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+        patchPotentialRoleSession: async (sessionId: string, potentialRoleId: string, jsonPatchOperationRoleMiningV2025: Array<JsonPatchOperationRoleMiningV2025>, xSailPointExperimental?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
             // verify required parameter 'sessionId' is not null or undefined
             assertParamExists('patchPotentialRoleSession', 'sessionId', sessionId)
             // verify required parameter 'potentialRoleId' is not null or undefined
             assertParamExists('patchPotentialRoleSession', 'potentialRoleId', potentialRoleId)
-            // verify required parameter 'jsonPatchOperationV2025' is not null or undefined
-            assertParamExists('patchPotentialRoleSession', 'jsonPatchOperationV2025', jsonPatchOperationV2025)
+            // verify required parameter 'jsonPatchOperationRoleMiningV2025' is not null or undefined
+            assertParamExists('patchPotentialRoleSession', 'jsonPatchOperationRoleMiningV2025', jsonPatchOperationRoleMiningV2025)
             if (xSailPointExperimental === undefined) {
                 xSailPointExperimental = 'true';
             }
@@ -91279,7 +91321,7 @@ export const IAIRoleMiningV2025ApiAxiosParamCreator = function (configuration?:
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
-            localVarRequestOptions.data = serializeDataIfNeeded(jsonPatchOperationV2025, localVarRequestOptions, configuration)
+            localVarRequestOptions.data = serializeDataIfNeeded(jsonPatchOperationRoleMiningV2025, localVarRequestOptions, configuration)
             return {
                 url: toPathString(localVarUrlObj),
@@ -91783,13 +91825,13 @@ export const IAIRoleMiningV2025ApiFp = function(configuration?: Configuration) {
          * @summary Update a potential role
          * @param {string} sessionId The role mining session id
          * @param {string} potentialRoleId The potential role summary id
-         * @param {Array<PatchPotentialRoleRequestInnerV2025>} patchPotentialRoleRequestInnerV2025
+         * @param {Array<JsonPatchOperationRoleMiningV2025>} jsonPatchOperationRoleMiningV2025
          * @param {string} [xSailPointExperimental] Use this header to enable this experimental API.
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        async patchPotentialRole(sessionId: string, potentialRoleId: string, patchPotentialRoleRequestInnerV2025: Array<PatchPotentialRoleRequestInnerV2025>, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<object>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.patchPotentialRole(sessionId, potentialRoleId, patchPotentialRoleRequestInnerV2025, xSailPointExperimental, axiosOptions);
+        async patchPotentialRole(sessionId: string, potentialRoleId: string, jsonPatchOperationRoleMiningV2025: Array<JsonPatchOperationRoleMiningV2025>, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<object>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.patchPotentialRole(sessionId, potentialRoleId, jsonPatchOperationRoleMiningV2025, xSailPointExperimental, axiosOptions);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['IAIRoleMiningV2025Api.patchPotentialRole']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
@@ -91799,13 +91841,13 @@ export const IAIRoleMiningV2025ApiFp = function(configuration?: Configuration) {
          * @summary Update a potential role session
          * @param {string} sessionId The role mining session id
          * @param {string} potentialRoleId The potential role summary id
-         * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025
+         * @param {Array<JsonPatchOperationRoleMiningV2025>} jsonPatchOperationRoleMiningV2025
          * @param {string} [xSailPointExperimental] Use this header to enable this experimental API.
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        async patchPotentialRoleSession(sessionId: string, potentialRoleId: string, jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<object>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.patchPotentialRoleSession(sessionId, potentialRoleId, jsonPatchOperationV2025, xSailPointExperimental, axiosOptions);
+        async patchPotentialRoleSession(sessionId: string, potentialRoleId: string, jsonPatchOperationRoleMiningV2025: Array<JsonPatchOperationRoleMiningV2025>, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<object>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.patchPotentialRoleSession(sessionId, potentialRoleId, jsonPatchOperationRoleMiningV2025, xSailPointExperimental, axiosOptions);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['IAIRoleMiningV2025Api.patchPotentialRoleSession']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
@@ -92069,7 +92111,7 @@ export const IAIRoleMiningV2025ApiFactory = function (configuration?: Configurat
          * @throws {RequiredError}
          */
         patchPotentialRole(requestParameters: IAIRoleMiningV2025ApiPatchPotentialRoleRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<object> {
-            return localVarFp.patchPotentialRole(requestParameters.sessionId, requestParameters.potentialRoleId, requestParameters.patchPotentialRoleRequestInnerV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(axios, basePath));
+            return localVarFp.patchPotentialRole(requestParameters.sessionId, requestParameters.potentialRoleId, requestParameters.jsonPatchOperationRoleMiningV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
          * The method updates an existing potential role using.  The following fields can be modified:  * `description`  * `name`  * `saved`   >**NOTE: All other fields cannot be modified.**
@@ -92079,7 +92121,7 @@ export const IAIRoleMiningV2025ApiFactory = function (configuration?: Configurat
          * @throws {RequiredError}
          */
         patchPotentialRoleSession(requestParameters: IAIRoleMiningV2025ApiPatchPotentialRoleSessionRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<object> {
-            return localVarFp.patchPotentialRoleSession(requestParameters.sessionId, requestParameters.potentialRoleId, requestParameters.jsonPatchOperationV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(axios, basePath));
+            return localVarFp.patchPotentialRoleSession(requestParameters.sessionId, requestParameters.potentialRoleId, requestParameters.jsonPatchOperationRoleMiningV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
          * The  method updates an existing role mining session using PATCH. Supports op in {\"replace\"} and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated.
@@ -93015,10 +93057,10 @@ export interface IAIRoleMiningV2025ApiPatchPotentialRoleRequest {
     /**
      *
-     * @type {Array<PatchPotentialRoleRequestInnerV2025>}
+     * @type {Array<JsonPatchOperationRoleMiningV2025>}
      * @memberof IAIRoleMiningV2025ApiPatchPotentialRole
      */
-    readonly patchPotentialRoleRequestInnerV2025: Array<PatchPotentialRoleRequestInnerV2025>
+    readonly jsonPatchOperationRoleMiningV2025: Array<JsonPatchOperationRoleMiningV2025>
     /**
      * Use this header to enable this experimental API.
@@ -93050,10 +93092,10 @@ export interface IAIRoleMiningV2025ApiPatchPotentialRoleSessionRequest {
     /**
      *
-     * @type {Array<JsonPatchOperationV2025>}
+     * @type {Array<JsonPatchOperationRoleMiningV2025>}
      * @memberof IAIRoleMiningV2025ApiPatchPotentialRoleSession
      */
-    readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>
+    readonly jsonPatchOperationRoleMiningV2025: Array<JsonPatchOperationRoleMiningV2025>
     /**
      * Use this header to enable this experimental API.
@@ -93394,7 +93436,7 @@ export class IAIRoleMiningV2025Api extends BaseAPI {
      * @memberof IAIRoleMiningV2025Api
      */
     public patchPotentialRole(requestParameters: IAIRoleMiningV2025ApiPatchPotentialRoleRequest, axiosOptions?: RawAxiosRequestConfig) {
-        return IAIRoleMiningV2025ApiFp(this.configuration).patchPotentialRole(requestParameters.sessionId, requestParameters.potentialRoleId, requestParameters.patchPotentialRoleRequestInnerV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(this.axios, this.basePath));
+        return IAIRoleMiningV2025ApiFp(this.configuration).patchPotentialRole(requestParameters.sessionId, requestParameters.potentialRoleId, requestParameters.jsonPatchOperationRoleMiningV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(this.axios, this.basePath));
     }
     /**
@@ -93406,7 +93448,7 @@ export class IAIRoleMiningV2025Api extends BaseAPI {
      * @memberof IAIRoleMiningV2025Api
      */
     public patchPotentialRoleSession(requestParameters: IAIRoleMiningV2025ApiPatchPotentialRoleSessionRequest, axiosOptions?: RawAxiosRequestConfig) {
-        return IAIRoleMiningV2025ApiFp(this.configuration).patchPotentialRoleSession(requestParameters.sessionId, requestParameters.potentialRoleId, requestParameters.jsonPatchOperationV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(this.axios, this.basePath));
+        return IAIRoleMiningV2025ApiFp(this.configuration).patchPotentialRoleSession(requestParameters.sessionId, requestParameters.potentialRoleId, requestParameters.jsonPatchOperationRoleMiningV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(this.axios, this.basePath));
     }
     /**