List SOD policies

GET 
https://sailpoint.api.identitynow.com/beta/sod-policies

deprecated

This endpoint has been deprecated and may be replaced or removed in future versions of the API.

This gets list of all SOD policies. Requires role of ORG_ADMIN

Request

Query Parameters

limit int32
Possible values: <= 250
Max number of results to return. See V3 API Standard Collection Parameters for more information.
Default value: 250
Example: 250
offset int32
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
Default value: 0
Example: 0
count boolean
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
Default value: false
Example: true
filters string
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
id: eq, in
name: eq, in
state: eq, in
Example: id eq "bc693f07e7b645539626c25954c58554"
sorters comma-separated
Sort results using the standard syntax described in V3 API Standard Collection Parameters
Sorting is supported for the following fields: id, name, created, modified, description
Example: id,name

Responses

200

List of all SOD policies.

application/json

Schema

Schema

Array [
idstring
Policy ID.
Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
namestring
Policy business name.
Example: policy-xyz
createddate-time
The time when this SOD policy is created.
Example: 2020-01-01T00:00:00.000000Z
modifieddate-time
The time when this SOD policy is modified.
Example: 2020-01-01T00:00:00.000000Z
descriptionstringnullable
Optional description of the SOD policy.
Example: This policy ensures compliance of xyz
ownerRef object
The owner of the SOD policy.
typestring
Owner type.
Possible values: [IDENTITY, GOVERNANCE_GROUP]
Example: IDENTITY
idstring
Owner's ID.
Example: 2c9180a46faadee4016fb4e018c20639
namestring
Owner's name.
Example: Support
externalPolicyReferencestringnullable
Optional external policy reference.
Example: XYZ policy
policyQuerystring
Search query of the SOD policy.
Example: @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)
compensatingControlsstringnullable
Optional compensating controls (Mitigating Controls).
Example: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvicestringnullable
Optional correction advice.
Example: Based on the role of the employee, managers should remove access that is not required for their job function.
statestring
Whether the policy is enforced or not.
Possible values: [ENFORCED, NOT_ENFORCED]
Example: ENFORCED
tagsstring[]
Tags for the policy object.
Example: ["TAG1","TAG2"]
creatorIdstring
Policy's creator ID.
Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierIdstringnullable
Policy's modifier ID.
Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig object
assignmentRulestringnullable
Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity
Possible values: [MANAGER, STATIC, null]
Example: MANAGER
ownerRef objectnullable
The owner of the violation assignment config.
typestring
Owner type.
Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]
Example: IDENTITY
idstring
Owner's ID.
Example: 2c9180a46faadee4016fb4e018c20639
namestring
Owner's name.
Example: Support
scheduledboolean
Defines whether a policy has been scheduled or not.
Default value: false
Example: true
typestring
Whether a policy is query based or conflicting access based.
Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]
Default value: GENERAL
Example: GENERAL
conflictingAccessCriteria objectnullable
leftCriteria object
namestring
Business name for the access construct list
Example: money-in
criteriaList object[]
List of criteria. There is a min of 1 and max of 50 items in the list.
Array [
typestring
DTO type
Possible values: [ENTITLEMENT]
Example: ENTITLEMENT
idstring
ID of the object to which this reference applies to
Example: 2c91808568c529c60168cca6f90c1313
namestring
Human-readable display name of the object to which this reference applies to
Example: Administrator
]
rightCriteria object
namestring
Business name for the access construct list
Example: money-in
criteriaList object[]
List of criteria. There is a min of 1 and max of 50 items in the list.
Array [
typestring
DTO type
Possible values: [ENTITLEMENT]
Example: ENTITLEMENT
idstring
ID of the object to which this reference applies to
Example: 2c91808568c529c60168cca6f90c1313
namestring
Human-readable display name of the object to which this reference applies to
Example: Administrator
]
]

Example (auto)

[
  {
    "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
    "name": "policy-xyz",
    "created": "2020-01-01T00:00:00.000000Z",
    "modified": "2020-01-01T00:00:00.000000Z",
    "description": "This policy ensures compliance of xyz",
    "ownerRef": {
      "type": "IDENTITY",
      "id": "2c9180a46faadee4016fb4e018c20639",
      "name": "Support"
    },
    "externalPolicyReference": "XYZ policy",
    "policyQuery": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)",
    "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
    "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
    "state": "ENFORCED",
    "tags": [
      "TAG1",
      "TAG2"
    ],
    "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
    "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
    "violationOwnerAssignmentConfig": {
      "assignmentRule": "MANAGER",
      "ownerRef": {
        "type": "IDENTITY",
        "id": "2c9180a46faadee4016fb4e018c20639",
        "name": "Support"
      }
    },
    "scheduled": true,
    "type": "GENERAL",
    "conflictingAccessCriteria": {
      "leftCriteria": {
        "name": "money-in",
        "criteriaList": [
          {
            "type": "ENTITLEMENT",
            "id": "2c9180866166b5b0016167c32ef31a66",
            "name": "Administrator"
          },
          {
            "type": "ENTITLEMENT",
            "id": "2c9180866166b5b0016167c32ef31a67",
            "name": "Administrator"
          }
        ]
      },
      "rightCriteria": {
        "name": "money-in",
        "criteriaList": [
          {
            "type": "ENTITLEMENT",
            "id": "2c9180866166b5b0016167c32ef31a66",
            "name": "Administrator"
          },
          {
            "type": "ENTITLEMENT",
            "id": "2c9180866166b5b0016167c32ef31a67",
            "name": "Administrator"
          }
        ]
      }
    }
  }
]

Example

[
  {
    "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
    "name": "Conflicting-Policy-Name",
    "created": "2020-01-01T00:00:00.000000Z",
    "modified": "2020-01-01T00:00:00.000000Z",
    "description": "This policy ensures compliance of xyz",
    "ownerRef": {
      "type": "IDENTITY",
      "id": "2c91808568c529c60168cca6f90c1313",
      "name": "Owner Name"
    },
    "externalPolicyReference": "XYZ policy",
    "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
    "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
    "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
    "state": "ENFORCED",
    "tags": [
      "string"
    ],
    "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
    "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
    "violationOwnerAssignmentConfig": {
      "assignmentRule": "MANAGER",
      "ownerRef": {
        "type": "IDENTITY",
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "Violation Owner Name"
      }
    },
    "scheduled": true,
    "type": "CONFLICTING_ACCESS_BASED",
    "conflictingAccessCriteria": {
      "leftCriteria": {
        "name": "money-in",
        "criteriaList": [
          {
            "type": "ENTITLEMENT",
            "id": "2c9180866166b5b0016167c32ef31a66"
          },
          {
            "type": "ENTITLEMENT",
            "id": "2c9180866166b5b0016167c32ef31a67"
          }
        ]
      },
      "rightCriteria": {
        "name": "money-out",
        "criteriaList": [
          {
            "type": "ENTITLEMENT",
            "id": "2c9180866166b5b0016167c32ef31a68"
          },
          {
            "type": "ENTITLEMENT",
            "id": "2c9180866166b5b0016167c32ef31a69"
          }
        ]
      }
    }
  },
  {
    "description": "Description",
    "ownerRef": {
      "type": "IDENTITY",
      "id": "2c918087682f9a86016839c05e8f1aff",
      "name": "Owner Name"
    },
    "externalPolicyReference": "New policy",
    "policyQuery": "policy query implementation",
    "compensatingControls": "Compensating controls",
    "correctionAdvice": "Correction advice",
    "tags": [],
    "state": "ENFORCED",
    "scheduled": false,
    "creatorId": "2c918087682f9a86016839c05e8f1aff",
    "modifierId": null,
    "violationOwnerAssignmentConfig": null,
    "type": "GENERAL",
    "conflictingAccessCriteria": null,
    "id": "52c11db4-733e-4c31-949a-766c95ec95f1",
    "name": "General-Policy-Name",
    "created": "2020-05-12T19:47:38Z",
    "modified": "2020-05-12T19:47:38Z"
  }
]

400

Client Error - Returned if the request body is invalid.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

401

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema

Schema

error
A message describing the error
Example: JWT validation failed: JWT is expired

Example (auto)

{
  "error": "JWT validation failed: JWT is expired"
}

403

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

403

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

429

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema

Schema

message
A message describing the error
Example: Rate Limit Exceeded

Example (auto)

{
  "message": " Rate Limit Exceeded "
}

500

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

500

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Authorization: oauth2

type: Personal Access Token
scopes: idn:sod-policy:read

• go
• powershell
  SailPoint SDK
• python
  SailPoint SDK
• csharp
• curl
• dart
• http
• java
• javascript
• kotlin
• c
• nodejs
• objective-c
• ocaml
• php
• r
• ruby
• rust
• shell
• swift

• NATIVE

Request Collapse all

Base URL

https://sailpoint.api.identitynow.com/beta

Auth

Bearer Token

Parameters

limit — query

offset — query

count — query

---truefalse

filters — query

sorters — query

ResponseClear

Click the Send API Request button above and see the response here!