naftiko: 1.0.0-alpha2 info: label: Identity Security Cloud V3 API — Roles description: 'Identity Security Cloud V3 API — Roles. 7 operations. Lead operation: List roles. Self-contained Naftiko capability covering one Sailpoint business surface.' tags: - Sailpoint - Roles created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: SAILPOINT_API_KEY: SAILPOINT_API_KEY capability: consumes: - type: http namespace: identity-security-cloud-v3-roles baseUri: https://{tenant}.api.identitynow.com/v3 description: Identity Security Cloud V3 API — Roles business capability. Self-contained, no shared references. resources: - name: roles path: /roles operations: - name: listroles method: GET description: List roles outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: for-subadmin in: query type: string description: Filters the returned list according to what is visible to the indicated ROLE_SUBADMIN identity. The value is either an identity ID or 'me' for the calling ident - name: filters in: query type: string description: 'Filter results using the standard syntax. Filtering is supported for the following fields and operators: id (eq, in), name (eq, sw), created (gt, ge, le), modif' - name: sorters in: query type: string description: 'Sort results using the standard syntax. Sorting is supported for the following fields: name, created, modified.' - name: for-segment-ids in: query type: string description: Filters roles to only those assigned to the segment(s) with the specified IDs. - name: include-unsegmented in: query type: boolean description: Indicates whether the response should include unsegmented roles. - name: createrole method: POST description: Create a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: roles-bulk-delete path: /roles/bulk-delete operations: - name: bulkdeleteroles method: POST description: Bulk delete roles outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: roles-id path: /roles/{id} operations: - name: getrole method: GET description: Get a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The role ID. required: true - name: patchrole method: PATCH description: Patch a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The role ID. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deleterole method: DELETE description: Delete a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The role ID. required: true - name: roles-id-identities path: /roles/{id}/identities operations: - name: listroleidentities method: GET description: List identities assigned a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The role ID. required: true - name: filters in: query type: string description: 'Filter results using the standard syntax. Filtering is supported for the following fields: name (eq, sw).' - name: sorters in: query type: string description: 'Sort results using the standard syntax. Sorting is supported for the following fields: name, created, modified.' authentication: type: bearer token: '{{env.SAILPOINT_API_KEY}}' exposes: - type: rest namespace: identity-security-cloud-v3-roles-rest port: 8080 description: REST adapter for Identity Security Cloud V3 API — Roles. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/roles name: roles description: REST surface for roles. operations: - method: GET name: listroles description: List roles call: identity-security-cloud-v3-roles.listroles with: for-subadmin: rest.for-subadmin filters: rest.filters sorters: rest.sorters for-segment-ids: rest.for-segment-ids include-unsegmented: rest.include-unsegmented outputParameters: - type: object mapping: $. - method: POST name: createrole description: Create a role call: identity-security-cloud-v3-roles.createrole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/roles/bulk-delete name: roles-bulk-delete description: REST surface for roles-bulk-delete. operations: - method: POST name: bulkdeleteroles description: Bulk delete roles call: identity-security-cloud-v3-roles.bulkdeleteroles with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/roles/{id} name: roles-id description: REST surface for roles-id. operations: - method: GET name: getrole description: Get a role call: identity-security-cloud-v3-roles.getrole with: id: rest.id outputParameters: - type: object mapping: $. - method: PATCH name: patchrole description: Patch a role call: identity-security-cloud-v3-roles.patchrole with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleterole description: Delete a role call: identity-security-cloud-v3-roles.deleterole with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/roles/{id}/identities name: roles-id-identities description: REST surface for roles-id-identities. operations: - method: GET name: listroleidentities description: List identities assigned a role call: identity-security-cloud-v3-roles.listroleidentities with: id: rest.id filters: rest.filters sorters: rest.sorters outputParameters: - type: object mapping: $. - type: mcp namespace: identity-security-cloud-v3-roles-mcp port: 9090 transport: http description: MCP adapter for Identity Security Cloud V3 API — Roles. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-roles description: List roles hints: readOnly: true destructive: false idempotent: true call: identity-security-cloud-v3-roles.listroles with: for-subadmin: tools.for-subadmin filters: tools.filters sorters: tools.sorters for-segment-ids: tools.for-segment-ids include-unsegmented: tools.include-unsegmented outputParameters: - type: object mapping: $. - name: create-role description: Create a role hints: readOnly: false destructive: false idempotent: false call: identity-security-cloud-v3-roles.createrole with: body: tools.body outputParameters: - type: object mapping: $. - name: bulk-delete-roles description: Bulk delete roles hints: readOnly: false destructive: false idempotent: false call: identity-security-cloud-v3-roles.bulkdeleteroles with: body: tools.body outputParameters: - type: object mapping: $. - name: get-role description: Get a role hints: readOnly: true destructive: false idempotent: true call: identity-security-cloud-v3-roles.getrole with: id: tools.id outputParameters: - type: object mapping: $. - name: patch-role description: Patch a role hints: readOnly: false destructive: false idempotent: true call: identity-security-cloud-v3-roles.patchrole with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: delete-role description: Delete a role hints: readOnly: false destructive: true idempotent: true call: identity-security-cloud-v3-roles.deleterole with: id: tools.id outputParameters: - type: object mapping: $. - name: list-identities-assigned-role description: List identities assigned a role hints: readOnly: true destructive: false idempotent: true call: identity-security-cloud-v3-roles.listroleidentities with: id: tools.id filters: tools.filters sorters: tools.sorters outputParameters: - type: object mapping: $.