Summary
The Identity Security Cloud API spec for load-entitlements-by-sources appears to list the wrong required permission.
Where I see the problem
- API version: v2025
- Endpoint: POST /load-entitlements-by-sources
- File (from this repo):
static/api-specs/idn/v2025/paths/load-entitlements-by-sources.yaml
What is currently in the spec
Under security -> userAuth, the scope is:
What I expected / suggested fix
Based on how this API behaves and other examples, I believe the scope should be:
idn:sources:manageidn:entitlement:manage
Suggested YAML change:
security:
- userAuth:
- idn:sources:manage
- idn:entitlement:manage
Summary
The Identity Security Cloud API spec for
load-entitlements-by-sourcesappears to list the wrong required permission.Where I see the problem
static/api-specs/idn/v2025/paths/load-entitlements-by-sources.yamlWhat is currently in the spec
Under
security -> userAuth, the scope is:idn:entitlement:manageWhat I expected / suggested fix
Based on how this API behaves and other examples, I believe the scope should be:
idn:sources:manageidn:entitlement:manageSuggested YAML change: