Skip to main content

Completed Access Request Approvals List

GET 
/access-request-approvals/completed

This endpoint returns list of completed approvals. See owner-id query parameter below for authorization info.

Request

Query Parameters

    owner-id string

    If present, the value returns only completed approvals for the specified identity.

    • ORG_ADMIN users can call this with any identity ID value.
    • ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
    • Non-ORG_ADMIN users can only specify me or pass their own identity ID value.
    limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
    offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

    Example: 0
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in, ge, gt, le, lt, ne, isnull, sw

    requestedFor.id: eq, in, ge, gt, le, lt, ne, isnull, sw

    modified: gt, lt, ge, le, eq, in, ne, sw

    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: created, modified

Responses

List of Completed Approvals.

Schema
  • Array [
    • id string

    The approval id.

    name string

    The name of the approval.

    created date-time

    When the approval was created.

    modified date-time

    When the approval was modified last time.

    requestCreated date-time

    When the access-request was created.

    requestType AccessRequestTypenullable

    Possible values: [GRANT_ACCESS, REVOKE_ACCESS, null]

    Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.

    requester object

    Access item requester's identity.

    type string

    Possible values: [IDENTITY]

    Access item requester's DTO type.

    id string

    Access item requester's identity ID.

    name string

    Access item owner's human-readable display name.

    requestedFor object[]

    Possible values: >= 1, <= 10

    Identities access was requested for.

  • Array [
    • type string

    Possible values: [IDENTITY]

    DTO type of identity the access item is requested for.

    id string

    ID of identity the access item is requested for.

    name string

    Human-readable display name of identity the access item is requested for.

  • ]
    • reviewedBy object

    Identity who reviewed the access item request.

    type string

    Possible values: [IDENTITY]

    DTO type of identity who reviewed the access item request.

    id string

    ID of identity who reviewed the access item request.

    name string

    Human-readable display name of identity who reviewed the access item request.

    owner object

    Access item owner's identity.

    type string

    Possible values: [IDENTITY]

    Access item owner's DTO type.

    id string

    Access item owner's identity ID.

    name string

    Access item owner's human-readable display name.

    requestedObject object

    The requested access item.

    id string

    Id of the object.

    name string

    Name of the object.

    description string

    Description of the object.

    type string

    Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

    Type of the object.

    requesterComment object

    The requester's comment.

    comment stringnullable

    Comment content.

    created date-time

    Date and time comment was created.

    author object

    Author of the comment

    type string

    Possible values: [IDENTITY]

    The type of object

    id string

    The unique ID of the object

    name string

    The display name of the object

    reviewerComment objectnullable
    comment stringnullable

    Comment content.

    author object
    type string

    Possible values: [IDENTITY]

    DTO type of the commenting identity.

    id string

    ID of the commenting identity.

    name string

    Display name of the commenting identity.

    created date-time

    Date and time comment was created.

    previousReviewersComments object[]

    The history of the previous reviewers comments.

  • Array [
    • comment stringnullable

    Comment content.

    created date-time

    Date and time comment was created.

    author object

    Author of the comment

    type string

    Possible values: [IDENTITY]

    The type of object

    id string

    The unique ID of the object

    name string

    The display name of the object

  • ]
    • forwardHistory object[]

    The history of approval forward action.

  • Array [
    • oldApproverName string

    Display name of approver from whom the approval was forwarded.

    newApproverName string

    Display name of approver to whom the approval was forwarded.

    comment stringnullable

    Comment made while forwarding.

    modified date-time

    Time at which approval was forwarded.

    forwarderName stringnullable

    Display name of forwarder who forwarded the approval.

    reassignmentType ReassignmentType

    Possible values: [MANUAL_REASSIGNMENT, AUTOMATIC_REASSIGNMENT, AUTO_ESCALATION, SELF_REVIEW_DELEGATION]

    The approval reassignment type.

    • MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
    • AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
    • AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to Setting Global Reminders and Escalation Policies.
    • SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to Self-review Prevention and Preventing Self-approval.
  • ]
    • commentRequiredWhenRejected boolean

    Default value: false

    When true the rejector has to provide comments when rejecting

    state CompletedApprovalState

    Possible values: [APPROVED, REJECTED]

    The final state of the approval

    removeDate date-timenullable

    The date the role or access profile is no longer assigned to the specified identity.

    removeDateUpdateRequested boolean

    Default value: false

    If true, then the request was to change the remove date or sunset date.

    currentRemoveDate date-timenullable

    The remove date or sunset date that was assigned at the time of the request.

    sodViolationContext object

    The details of the SOD violations for the associated approval.

    state string

    Possible values: [SUCCESS, ERROR]

    The status of SOD violation check

    uuid string

    The id of the Violation check event

    violationCheckResult object

    The inner object representing the completed SOD Violation check

    message object

    If the request failed, includes any error message that was generated.

    locale stringnullable

    The locale for the message text, a BCP 47 language tag.

    localeOrigin LocaleOriginnullable

    Possible values: [DEFAULT, REQUEST, null]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

    text string

    Actual text of the error message in the indicated locale.

    clientMetadata object

    Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.

    property name* string
    violationContexts object[]
  • Array [
    • policy object

    SOD policy.

    type string

    Possible values: [SOD_POLICY]

    SOD policy DTO type.

    id string

    SOD policy ID.

    name string

    SOD policy display name.

    conflictingAccessCriteria object

    The object which contains the left and right hand side of the entitlements that got violated according to the policy.

    leftCriteria object
    criteriaList object[]
  • Array [
    • existing boolean

    Default value: false

    If the entitlement already belonged to the user or not.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]
    • rightCriteria object
    criteriaList object[]
  • Array [
    • existing boolean

    Default value: false

    If the entitlement already belonged to the user or not.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]
  • ]
    • violatedPolicies object[]

    A list of the Policies that were violated.

  • Array [
    • type string

    Possible values: [SOD_POLICY]

    SOD policy DTO type.

    id string

    SOD policy ID.

    name string

    SOD policy display name.

  • ]
    • preApprovalTriggerResult objectnullable

    If the access request submitted event trigger is configured and this access request was intercepted by it, then this is the result of the trigger's decision to either approve or deny the request.

    comment string

    The comment from the trigger

    decision CompletedApprovalState

    Possible values: [APPROVED, REJECTED]

    The approval decision of the trigger

    reviewer string

    The name of the approver

    date date-time

    The date and time the trigger decided on the request

    clientMetadata object

    Arbitrary key-value pairs provided during the request.

    property name* string
    requestedAccounts stringnullable
  • ]
Loading...