SailPoint · Capability
Identity Security Cloud V3 API — Roles
Identity Security Cloud V3 API — Roles. 7 operations. Lead operation: List roles. Self-contained Naftiko capability covering one Sailpoint business surface.
What You Can Do
GET
Listroles
— List roles
/v1/roles
POST
Createrole
— Create a role
/v1/roles
POST
Bulkdeleteroles
— Bulk delete roles
/v1/roles/bulk-delete
GET
Getrole
— Get a role
/v1/roles/{id}
PATCH
Patchrole
— Patch a role
/v1/roles/{id}
DELETE
Deleterole
— Delete a role
/v1/roles/{id}
GET
Listroleidentities
— List identities assigned a role
/v1/roles/{id}/identities
MCP Tools
list-roles
List roles
read-only
idempotent
create-role
Create a role
bulk-delete-roles
Bulk delete roles
get-role
Get a role
read-only
idempotent
patch-role
Patch a role
idempotent
delete-role
Delete a role
idempotent
list-identities-assigned-role
List identities assigned a role
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Identity Security Cloud V3 API — Roles
description: 'Identity Security Cloud V3 API — Roles. 7 operations. Lead operation: List roles. Self-contained Naftiko capability
covering one Sailpoint business surface.'
tags:
- Sailpoint
- Roles
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
SAILPOINT_API_KEY: SAILPOINT_API_KEY
capability:
consumes:
- type: http
namespace: identity-security-cloud-v3-roles
baseUri: https://{tenant}.api.identitynow.com/v3
description: Identity Security Cloud V3 API — Roles business capability. Self-contained, no shared references.
resources:
- name: roles
path: /roles
operations:
- name: listroles
method: GET
description: List roles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: for-subadmin
in: query
type: string
description: Filters the returned list according to what is visible to the indicated ROLE_SUBADMIN identity. The
value is either an identity ID or 'me' for the calling ident
- name: filters
in: query
type: string
description: 'Filter results using the standard syntax. Filtering is supported for the following fields and operators:
id (eq, in), name (eq, sw), created (gt, ge, le), modif'
- name: sorters
in: query
type: string
description: 'Sort results using the standard syntax. Sorting is supported for the following fields: name, created,
modified.'
- name: for-segment-ids
in: query
type: string
description: Filters roles to only those assigned to the segment(s) with the specified IDs.
- name: include-unsegmented
in: query
type: boolean
description: Indicates whether the response should include unsegmented roles.
- name: createrole
method: POST
description: Create a role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: roles-bulk-delete
path: /roles/bulk-delete
operations:
- name: bulkdeleteroles
method: POST
description: Bulk delete roles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: roles-id
path: /roles/{id}
operations:
- name: getrole
method: GET
description: Get a role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The role ID.
required: true
- name: patchrole
method: PATCH
description: Patch a role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The role ID.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deleterole
method: DELETE
description: Delete a role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The role ID.
required: true
- name: roles-id-identities
path: /roles/{id}/identities
operations:
- name: listroleidentities
method: GET
description: List identities assigned a role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The role ID.
required: true
- name: filters
in: query
type: string
description: 'Filter results using the standard syntax. Filtering is supported for the following fields: name (eq,
sw).'
- name: sorters
in: query
type: string
description: 'Sort results using the standard syntax. Sorting is supported for the following fields: name, created,
modified.'
authentication:
type: bearer
token: '{{env.SAILPOINT_API_KEY}}'
exposes:
- type: rest
namespace: identity-security-cloud-v3-roles-rest
port: 8080
description: REST adapter for Identity Security Cloud V3 API — Roles. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/roles
name: roles
description: REST surface for roles.
operations:
- method: GET
name: listroles
description: List roles
call: identity-security-cloud-v3-roles.listroles
with:
for-subadmin: rest.for-subadmin
filters: rest.filters
sorters: rest.sorters
for-segment-ids: rest.for-segment-ids
include-unsegmented: rest.include-unsegmented
outputParameters:
- type: object
mapping: $.
- method: POST
name: createrole
description: Create a role
call: identity-security-cloud-v3-roles.createrole
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/roles/bulk-delete
name: roles-bulk-delete
description: REST surface for roles-bulk-delete.
operations:
- method: POST
name: bulkdeleteroles
description: Bulk delete roles
call: identity-security-cloud-v3-roles.bulkdeleteroles
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/roles/{id}
name: roles-id
description: REST surface for roles-id.
operations:
- method: GET
name: getrole
description: Get a role
call: identity-security-cloud-v3-roles.getrole
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: patchrole
description: Patch a role
call: identity-security-cloud-v3-roles.patchrole
with:
id: rest.id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deleterole
description: Delete a role
call: identity-security-cloud-v3-roles.deleterole
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/roles/{id}/identities
name: roles-id-identities
description: REST surface for roles-id-identities.
operations:
- method: GET
name: listroleidentities
description: List identities assigned a role
call: identity-security-cloud-v3-roles.listroleidentities
with:
id: rest.id
filters: rest.filters
sorters: rest.sorters
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: identity-security-cloud-v3-roles-mcp
port: 9090
transport: http
description: MCP adapter for Identity Security Cloud V3 API — Roles. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: list-roles
description: List roles
hints:
readOnly: true
destructive: false
idempotent: true
call: identity-security-cloud-v3-roles.listroles
with:
for-subadmin: tools.for-subadmin
filters: tools.filters
sorters: tools.sorters
for-segment-ids: tools.for-segment-ids
include-unsegmented: tools.include-unsegmented
outputParameters:
- type: object
mapping: $.
- name: create-role
description: Create a role
hints:
readOnly: false
destructive: false
idempotent: false
call: identity-security-cloud-v3-roles.createrole
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: bulk-delete-roles
description: Bulk delete roles
hints:
readOnly: false
destructive: false
idempotent: false
call: identity-security-cloud-v3-roles.bulkdeleteroles
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-role
description: Get a role
hints:
readOnly: true
destructive: false
idempotent: true
call: identity-security-cloud-v3-roles.getrole
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: patch-role
description: Patch a role
hints:
readOnly: false
destructive: false
idempotent: true
call: identity-security-cloud-v3-roles.patchrole
with:
id: tools.id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-role
description: Delete a role
hints:
readOnly: false
destructive: true
idempotent: true
call: identity-security-cloud-v3-roles.deleterole
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: list-identities-assigned-role
description: List identities assigned a role
hints:
readOnly: true
destructive: false
idempotent: true
call: identity-security-cloud-v3-roles.listroleidentities
with:
id: tools.id
filters: tools.filters
sorters: tools.sorters
outputParameters:
- type: object
mapping: $.