Skip to main content

Create SOD policy

POST 

/sod-policies

deprecated

This endpoint has been deprecated and may be replaced or removed in future versions of the API.

This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. Requires role of ORG_ADMIN.

Request

Body

required

    name string

    Policy business name.

    description stringnullable

    Optional description of the SOD policy.

    ownerRef

    object

    The owner of the SOD policy.

    type string

    Possible values: [IDENTITY, GOVERNANCE_GROUP]

    Owner type.

    id string

    Owner's ID.

    name string

    Owner's name.

    externalPolicyReference stringnullable

    Optional external policy reference.

    policyQuery string

    Search query of the SOD policy.

    compensatingControls stringnullable

    Optional compensating controls (Mitigating Controls).

    correctionAdvice stringnullable

    Optional correction advice.

    state string

    Possible values: [ENFORCED, NOT_ENFORCED]

    Whether the policy is enforced or not.

    tags string[]

    Tags for the policy object.

    violationOwnerAssignmentConfig

    object

    nullable

    assignmentRule stringnullable

    Possible values: [MANAGER, STATIC, null]

    Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity

    ownerRef

    object

    nullable

    The owner of the violation assignment config.

    type string

    Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]

    Owner type.

    id string

    Owner's ID.

    name string

    Owner's name.

    scheduled boolean

    Defines whether a policy has been scheduled or not.

    type string

    Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]

    Default value: GENERAL

    Whether a policy is query based or conflicting access based.

    conflictingAccessCriteria

    object

    leftCriteria

    object

    name string

    Business name for the access construct list

    criteriaList

    object[]

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    DTO type

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]

  • rightCriteria

    object

    name string

    Business name for the access construct list

    criteriaList

    object[]

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    DTO type

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]

Responses

SOD policy created

Schema

    id string

    Policy ID.

    name string

    Policy business name.

    created date-time

    The time when this SOD policy is created.

    modified date-time

    The time when this SOD policy is modified.

    description stringnullable

    Optional description of the SOD policy.

    ownerRef

    object

    The owner of the SOD policy.

    type string

    Possible values: [IDENTITY, GOVERNANCE_GROUP]

    Owner type.

    id string

    Owner's ID.

    name string

    Owner's name.

    externalPolicyReference stringnullable

    Optional external policy reference.

    policyQuery string

    Search query of the SOD policy.

    compensatingControls stringnullable

    Optional compensating controls (Mitigating Controls).

    correctionAdvice stringnullable

    Optional correction advice.

    state string

    Possible values: [ENFORCED, NOT_ENFORCED]

    Whether the policy is enforced or not.

    tags string[]

    Tags for the policy object.

    creatorId string

    Policy's creator ID.

    modifierId stringnullable

    Policy's modifier ID.

    violationOwnerAssignmentConfig

    object

    nullable

    assignmentRule stringnullable

    Possible values: [MANAGER, STATIC, null]

    Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity

    ownerRef

    object

    nullable

    The owner of the violation assignment config.

    type string

    Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]

    Owner type.

    id string

    Owner's ID.

    name string

    Owner's name.

    scheduled boolean

    Defines whether a policy has been scheduled or not.

    type string

    Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]

    Default value: GENERAL

    Whether a policy is query based or conflicting access based.

    conflictingAccessCriteria

    object

    leftCriteria

    object

    name string

    Business name for the access construct list

    criteriaList

    object[]

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    DTO type

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]

  • rightCriteria

    object

    name string

    Business name for the access construct list

    criteriaList

    object[]

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    DTO type

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]

Loading...