Gets a list of access items for the identity filtered by item type
GET/historical-identities/:id/access-items
This method retrieves a list of access item for the identity filtered by the access item type Requires authorization scope of 'idn:identity-history:read'
Request
Path Parameters
The identity id
Query Parameters
The type of access item for the identity. If not provided, it defaults to account.
Types of access items: accessProfile, account, app, entitlement, role
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
source: eq
standalone: eq
privileged: eq
attribute: eq
cloudGoverned: eq
Sort results using the standard syntax described in V3 API Standard Collection Parameters
Sorting is supported for the following fields: name, value, standalone, privileged, attribute, source, cloudGoverned, removeDate, nativeIdentity, entitlementCount
This param is used to search if certain fields of the access item contain the string provided.
Searching is supported for the following fields depending on the type:
Access Profiles: name, description
Accounts: name, nativeIdentity
Apps: name
Entitlements: name, value, description
Roles: name, description
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
The list of access items.
- application/json
- Schema
- Example (from schema)
- Access Profile
- Account
- App
- Entitlement
- Role
Schema
Array [
- AccessItemAccessProfileResponse
- AccessItemAccountResponse
- AccessItemAppResponse
- AccessItemEntitlementResponse
- AccessItemRoleResponse
]
oneOf
the access item type. accessProfile in this case
the access item id
the access profile name
the name of the source
the id of the source
the description for the access profile
the display name of the identity
the number of entitlements the access profile will create
the name of
the date the access profile is no longer assigned to the specified identity
indicates whether the access profile is standalone
indicates whether the access profile is
the access item type. account in this case
the access item id
the native identifier used to uniquely identify an acccount
the name of the source
the id of the source
the number of entitlements the account will create
the display name of the identity
the access item type. entitlement in this case
the access item id
the access item display name
the associated source name if it exists
the app role id
the access item type. entitlement in this case
the access item id
the entitlement attribute
the associated value
the type of entitlement
the name of the source
the id of the source
the description for the entitlment
the display name of the identity
indicates whether the entitlement is standalone
indicates whether the entitlement is privileged
indicates whether the entitlement is cloud governed
the access item type. role in this case
the access item id
the role display name
the description for the role
the associated source name if it exists
the date the role is no longer assigned to the specified identity
indicates whether the role is revocable
[
{},
{},
{},
{},
{}
]
[
{
"accessType": "accessProfile",
"id": "2c918087763e69d901763e72e97f006f",
"sourceName": "DataScienceDataset",
"sourceId": "2793o32dwd",
"description": "AccessProfile - Workday/Citizenship access",
"displayName": "Dr. Arden Rogahn MD",
"entitlementCount": 12,
"appDisplayName": "AppName",
"removeDate": "2024-07-01T06:00:00.00Z",
"standalone": false,
"revocable": true
}
]
[
{
"accessType": "account",
"id": "2c918087763e69d901763e72e97f006f",
"nativeIdentity": "dr.arden.ogahn.d",
"sourceName": "DataScienceDataset",
"sourceId": "2793o32dwd",
"entitlementCount": 12,
"displayName": "Dr. Arden Rogahn MD"
}
]
[
{
"accessType": "app",
"id": "2c918087763e69d901763e72e97f006f",
"name": "appName",
"appRoleId": "2c918087763e69d901763e72e97f006f"
}
]
[
{
"accessType": "entitlement",
"id": "2c918087763e69d901763e72e97f006f",
"attribute": "groups",
"value": "Upward mobility access",
"type": "group",
"sourceName": "DataScienceDataset",
"sourceId": "2793o32dwd",
"description": "Entitlement - Workday/Citizenship access",
"displayName": "Dr. Arden Rogahn MD",
"standalone": true,
"privileged": false,
"cloudGoverned": false
}
]
[
{
"accessType": "role",
"id": "2c918087763e69d901763e72e97f006f",
"name": "sample",
"description": "Role - Workday/Citizenship access",
"removeDate": "2024-07-01T06:00:00.00Z",
"revocable": true
}
]
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 404 response object
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}