SOD policy creation using API -- /api/v3/create-sod-policy

Identity Security Cloud (ISC) ISC Discussion and Questions
1

hi,
i have been trying to write a PS script to bulk load SoD policies. but found out that API is having issue . i can not create SOD policy whatever i try on postman . it always throws error.

{
    "locale": "en-US",
    "localeOrigin": "DEFAULT",
    "text": "The request was syntactically correct but its content is semantically invalid."
}

this is the body of the request…

{
    "description": "The Segregation of Duties has been defined as provided in ----",
    "ownerRef": {
        "type": "IDENTITY",
        "id": "---------------",
        "name": "---, ----"
    },
    "policyQuery": "@access(id:--------------------)  AND  @access(id:-------------)",
    "compensatingControls": "TBD",
    "correctionAdvice": "TBD",
    "state": "ENFORCED",
    "tags": [],
    "violationOwnerAssignmentConfig": {
        "assignmentRule": null,
        "ownerRef": null
    },
    "scheduled": false,
    "creatorId": "-----------------------",
    "modifierId": null,
    "type": "CONFLICTING_ACCESS_BASED",
    "conflictingAccessCriteria": {
        "leftCriteria": {
            "name": "------------",
            "criteriaList": [
                {
                    "type": "ENTITLEMENT",
                    "id": "------------------",
                    "name": "--------------"
                }
            ]
        },
        "rightCriteria": {
            "name": "------------------",
            "criteriaList": [
                {
                    "type": "ENTITLEMENT",
                    "id": "----------------",
                    "name": "-----------------"
                }
            ]
        }
    },
    "name": "-----------------------"
}
2

Hi @saurabhKY,

Few things I noticed you are using the sample body from the documentation including creator Id and and few more attributes you can totally skip them initially when you are troubleshooting.
Only Include the necessary attributes like name of policy type of policy, the right and left criteria and ensure you are using correct Entitlement ID’s and not adding any more than 50 entitlements in a list.

I hope it works…

2 Likes
3

@703hardik these i added after too many retries. i should have removed that while posting here… even without these fields it wasnt working .
after posting here i managed it to work with below payload.

{
“name”: “-------------”,
“description”: “The Segregation of Duties has been defined as ---------”,
“externalPolicyReference”: “”,
“compensatingControls”: “TBD”,
“correctionAdvice”: “TBD”,
“state”: “ENFORCED”,
“scheduled”: false,
“tags”: [ ],
“type”: “CONFLICTING_ACCESS_BASED”,
“conflictingAccessCriteria”: {
“leftCriteria”: {
“name”: “------------”,
“criteriaList”: [
{
“type”: “ENTITLEMENT”,
“id”: “-------------”
}
]
},
“rightCriteria”: {
“name”: “-------”,
“criteriaList”: [
{
“type”: “ENTITLEMENT”,
“id”: “-------------”
}
]
}
},
“ownerRef”: {
“type”: “IDENTITY”,
“name”: “----------”,
“id”: “-------------------------”
},
“violationOwnerAssignmentConfig”: {}
}

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.