Remove Entitlement from Account

POST /removeAccountToEntitlement

This method deprovisions one or more "Entitlements" from an "Account". The "Entitlements" and "Account" correspond to a particular IT Application (e.g Microsoft Active Directory) which is modeled in SSM as "Endpoint" of a "Security System".

Mandatory params:

securitysystem - Name of the Security System for the relevant IT Application modeled in SSM.

endpoint- Name of the Endpoint corresponding to the Security System.

accountname - Account name from which the entitlements should be deprovisioned.

entitlementtype - Entitlement type for the entitlements which are to be deprovisioned. e.g. AD Groups, EBS Responsibilities, SAP Roles etc.

entitlementvalue - Names of the actual entitlements which are to be deprovisioned.

The Authorization must have Bearer followed by Token.

Request

application/x-www-form-urlencoded

Body

accountname string

endpoint string

entitlementtype string

entitlementvalue string

securitysystem string

Responses

Removes Entitlement from Account Success / Removes Entitlement from Account Failure

Response Headers

Date
string
Server
string
Set-Cookie
string
Transfer-Encoding
string
X-Frame-Options
string

application/json

Schema
Example (from schema)
Removes Entitlement from Account Failure
Removes Entitlement from Account Success

Schema

errorCode string

message string

{
  "errorCode": "0",
  "message": "SUCCESS"
}

{
  "errorCode": "1",
  "message": "Account (johnWS) has NO Entitlement (Entitlement1)"
}

{
  "errorCode": "0",
  "message": "SUCCESS"
}

Remove Entitlement from Account

/removeAccountToEntitlement

Request​

Body

Responses​

Request

Responses