SCIM 2.0 PATCH operations
You can use a PATCH request to modify a System for Cross-domain Identity Management (SCIM) 2.0 resource that has one or more required SCIM 2.0 attributes.
The requester needs permissions to read the values of these required attributes and to write permissions for the attributes being modified, even if the PATCH request does not alter the requirements.
Example
You can modify an LDAP Mapping SCIM 2.0 resource type using the following schema definition, where uid
and cn
are mapped to their LDAP equivalents.
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Schema"],
"id": "urn:test:schema:person",
"attributes": [
{
"name": "uid",
"type": "string",
"multiValued": false,
"required": true,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "cn",
"type": "string",
"multiValued": false,
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
...
}
The following PATCH operation fails if the SCIM 2 service account does not have access to both uid
and cn
.
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations":[{
"op":"add",
"path":"cn",
"value": "new cn value”
}]
}