Skip to main content

Update SOD policy by ID

PUT 

https://sailpoint.api.identitynow.com/beta/sod-policies/:id

deprecated

This endpoint has been deprecated and may be replaced or removed in future versions of the API.

This updates a specified SOD policy. Requires role of ORG_ADMIN.

Request

Path Parameters

    id stringrequired

    The ID of the SOD policy to update.

    Example: ef38f94347e94562b5bb8424a56397d8

Bodyrequired

    namestring

    Policy business name.

    Example: policy-xyz
    descriptionstringnullable

    Optional description of the SOD policy.

    Example: This policy ensures compliance of xyz
    ownerRef object

    The owner of the SOD policy.

    typestring

    Owner type.

    Possible values: [IDENTITY, GOVERNANCE_GROUP]

    Example: IDENTITY
    idstring

    Owner's ID.

    Example: 2c9180a46faadee4016fb4e018c20639
    namestring

    Owner's name.

    Example: Support
    externalPolicyReferencestringnullable

    Optional external policy reference.

    Example: XYZ policy
    policyQuerystring

    Search query of the SOD policy.

    Example: @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)
    compensatingControlsstringnullable

    Optional compensating controls (Mitigating Controls).

    Example: Have a manager review the transaction decisions for their "out of compliance" employee
    correctionAdvicestringnullable

    Optional correction advice.

    Example: Based on the role of the employee, managers should remove access that is not required for their job function.
    statestring

    Whether the policy is enforced or not.

    Possible values: [ENFORCED, NOT_ENFORCED]

    Example: ENFORCED
    tagsstring[]

    Tags for the policy object.

    Example: ["TAG1","TAG2"]
    violationOwnerAssignmentConfig object
    assignmentRulestringnullable

    Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity

    Possible values: [MANAGER, STATIC, null]

    Example: MANAGER
    ownerRef objectnullable

    The owner of the violation assignment config.

    typestring

    Owner type.

    Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]

    Example: IDENTITY
    idstring

    Owner's ID.

    Example: 2c9180a46faadee4016fb4e018c20639
    namestring

    Owner's name.

    Example: Support
    scheduledboolean

    Defines whether a policy has been scheduled or not.

    Default value: false
    Example: true
    typestring

    Whether a policy is query based or conflicting access based.

    Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]

    Default value: GENERAL
    Example: GENERAL
    conflictingAccessCriteria objectnullable
    leftCriteria object
    namestring

    Business name for the access construct list

    Example: money-in
    criteriaList object[]

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [
  • typestring

    DTO type

    Possible values: [ENTITLEMENT]

    Example: ENTITLEMENT
    idstring

    ID of the object to which this reference applies to

    Example: 2c91808568c529c60168cca6f90c1313
    namestring

    Human-readable display name of the object to which this reference applies to

    Example: Administrator
  • ]
  • rightCriteria object
    namestring

    Business name for the access construct list

    Example: money-in
    criteriaList object[]

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [
  • typestring

    DTO type

    Possible values: [ENTITLEMENT]

    Example: ENTITLEMENT
    idstring

    ID of the object to which this reference applies to

    Example: 2c91808568c529c60168cca6f90c1313
    namestring

    Human-readable display name of the object to which this reference applies to

    Example: Administrator
  • ]

Responses

SOD Policy by ID

Schema
    idstring

    Policy ID.

    Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
    namestring

    Policy business name.

    Example: policy-xyz
    createddate-time

    The time when this SOD policy is created.

    Example: 2020-01-01T00:00:00.000000Z
    modifieddate-time

    The time when this SOD policy is modified.

    Example: 2020-01-01T00:00:00.000000Z
    descriptionstringnullable

    Optional description of the SOD policy.

    Example: This policy ensures compliance of xyz
    ownerRef object

    The owner of the SOD policy.

    typestring

    Owner type.

    Possible values: [IDENTITY, GOVERNANCE_GROUP]

    Example: IDENTITY
    idstring

    Owner's ID.

    Example: 2c9180a46faadee4016fb4e018c20639
    namestring

    Owner's name.

    Example: Support
    externalPolicyReferencestringnullable

    Optional external policy reference.

    Example: XYZ policy
    policyQuerystring

    Search query of the SOD policy.

    Example: @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)
    compensatingControlsstringnullable

    Optional compensating controls (Mitigating Controls).

    Example: Have a manager review the transaction decisions for their "out of compliance" employee
    correctionAdvicestringnullable

    Optional correction advice.

    Example: Based on the role of the employee, managers should remove access that is not required for their job function.
    statestring

    Whether the policy is enforced or not.

    Possible values: [ENFORCED, NOT_ENFORCED]

    Example: ENFORCED
    tagsstring[]

    Tags for the policy object.

    Example: ["TAG1","TAG2"]
    creatorIdstring

    Policy's creator ID.

    Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
    modifierIdstringnullable

    Policy's modifier ID.

    Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
    violationOwnerAssignmentConfig object
    assignmentRulestringnullable

    Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity

    Possible values: [MANAGER, STATIC, null]

    Example: MANAGER
    ownerRef objectnullable

    The owner of the violation assignment config.

    typestring

    Owner type.

    Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]

    Example: IDENTITY
    idstring

    Owner's ID.

    Example: 2c9180a46faadee4016fb4e018c20639
    namestring

    Owner's name.

    Example: Support
    scheduledboolean

    Defines whether a policy has been scheduled or not.

    Default value: false
    Example: true
    typestring

    Whether a policy is query based or conflicting access based.

    Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]

    Default value: GENERAL
    Example: GENERAL
    conflictingAccessCriteria objectnullable
    leftCriteria object
    namestring

    Business name for the access construct list

    Example: money-in
    criteriaList object[]

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [
  • typestring

    DTO type

    Possible values: [ENTITLEMENT]

    Example: ENTITLEMENT
    idstring

    ID of the object to which this reference applies to

    Example: 2c91808568c529c60168cca6f90c1313
    namestring

    Human-readable display name of the object to which this reference applies to

    Example: Administrator
  • ]
  • rightCriteria object
    namestring

    Business name for the access construct list

    Example: money-in
    criteriaList object[]

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [
  • typestring

    DTO type

    Possible values: [ENTITLEMENT]

    Example: ENTITLEMENT
    idstring

    ID of the object to which this reference applies to

    Example: 2c91808568c529c60168cca6f90c1313
    namestring

    Human-readable display name of the object to which this reference applies to

    Example: Administrator
  • ]

Authorization: oauth2

type: Personal Access Token
scopes: idn:sod-policy:write

Request Collapse all
Base URL
https://sailpoint.api.identitynow.com/beta
Auth
Parameters
— pathrequired
Body required
{
  "name": "policy-xyz",
  "description": "This policy ensures compliance of xyz",
  "ownerRef": {
    "type": "IDENTITY",
    "id": "2c9180a46faadee4016fb4e018c20639",
    "name": "Support"
  },
  "externalPolicyReference": "XYZ policy",
  "policyQuery": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)",
  "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
  "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
  "state": "ENFORCED",
  "tags": [
    "TAG1",
    "TAG2"
  ],
  "violationOwnerAssignmentConfig": {
    "assignmentRule": "MANAGER",
    "ownerRef": {
      "type": "IDENTITY",
      "id": "2c9180a46faadee4016fb4e018c20639",
      "name": "Support"
    }
  },
  "scheduled": true,
  "type": "GENERAL",
  "conflictingAccessCriteria": {
    "leftCriteria": {
      "name": "money-in",
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66",
          "name": "Administrator"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67",
          "name": "Administrator"
        }
      ]
    },
    "rightCriteria": {
      "name": "money-in",
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66",
          "name": "Administrator"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67",
          "name": "Administrator"
        }
      ]
    }
  }
}
ResponseClear

Click the Send API Request button above and see the response here!