Update SOD policy by ID

PUT 
https://sailpoint.api.identitynow.com/beta/sod-policies/:id

deprecated

This endpoint has been deprecated and may be replaced or removed in future versions of the API.

This updates a specified SOD policy. Requires role of ORG_ADMIN.

Request

Path Parameters

id stringrequired
The ID of the SOD policy to update.
Example: ef38f94347e94562b5bb8424a56397d8

application/json

Bodyrequired

namestring
Policy business name.
Example: policy-xyz
descriptionstringnullable
Optional description of the SOD policy.
Example: This policy ensures compliance of xyz
ownerRef object
The owner of the SOD policy.
typestring
Owner type.
Possible values: [IDENTITY, GOVERNANCE_GROUP]
Example: IDENTITY
idstring
Owner's ID.
Example: 2c9180a46faadee4016fb4e018c20639
namestring
Owner's name.
Example: Support
externalPolicyReferencestringnullable
Optional external policy reference.
Example: XYZ policy
policyQuerystring
Search query of the SOD policy.
Example: @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)
compensatingControlsstringnullable
Optional compensating controls (Mitigating Controls).
Example: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvicestringnullable
Optional correction advice.
Example: Based on the role of the employee, managers should remove access that is not required for their job function.
statestring
Whether the policy is enforced or not.
Possible values: [ENFORCED, NOT_ENFORCED]
Example: ENFORCED
tagsstring[]
Tags for the policy object.
Example: ["TAG1","TAG2"]
violationOwnerAssignmentConfig object
assignmentRulestringnullable
Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity
Possible values: [MANAGER, STATIC, null]
Example: MANAGER
ownerRef objectnullable
The owner of the violation assignment config.
typestring
Owner type.
Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]
Example: IDENTITY
idstring
Owner's ID.
Example: 2c9180a46faadee4016fb4e018c20639
namestring
Owner's name.
Example: Support
scheduledboolean
Defines whether a policy has been scheduled or not.
Default value: false
Example: true
typestring
Whether a policy is query based or conflicting access based.
Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]
Default value: GENERAL
Example: GENERAL
conflictingAccessCriteria objectnullable
leftCriteria object
namestring
Business name for the access construct list
Example: money-in
criteriaList object[]
List of criteria. There is a min of 1 and max of 50 items in the list.
Array [
typestring
DTO type
Possible values: [ENTITLEMENT]
Example: ENTITLEMENT
idstring
ID of the object to which this reference applies to
Example: 2c91808568c529c60168cca6f90c1313
namestring
Human-readable display name of the object to which this reference applies to
Example: Administrator
]
rightCriteria object
namestring
Business name for the access construct list
Example: money-in
criteriaList object[]
List of criteria. There is a min of 1 and max of 50 items in the list.
Array [
typestring
DTO type
Possible values: [ENTITLEMENT]
Example: ENTITLEMENT
idstring
ID of the object to which this reference applies to
Example: 2c91808568c529c60168cca6f90c1313
namestring
Human-readable display name of the object to which this reference applies to
Example: Administrator
]

Responses

200

SOD Policy by ID

application/json

Schema

Schema

idstring
Policy ID.
Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
namestring
Policy business name.
Example: policy-xyz
createddate-time
The time when this SOD policy is created.
Example: 2020-01-01T00:00:00.000000Z
modifieddate-time
The time when this SOD policy is modified.
Example: 2020-01-01T00:00:00.000000Z
descriptionstringnullable
Optional description of the SOD policy.
Example: This policy ensures compliance of xyz
ownerRef object
The owner of the SOD policy.
typestring
Owner type.
Possible values: [IDENTITY, GOVERNANCE_GROUP]
Example: IDENTITY
idstring
Owner's ID.
Example: 2c9180a46faadee4016fb4e018c20639
namestring
Owner's name.
Example: Support
externalPolicyReferencestringnullable
Optional external policy reference.
Example: XYZ policy
policyQuerystring
Search query of the SOD policy.
Example: @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)
compensatingControlsstringnullable
Optional compensating controls (Mitigating Controls).
Example: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvicestringnullable
Optional correction advice.
Example: Based on the role of the employee, managers should remove access that is not required for their job function.
statestring
Whether the policy is enforced or not.
Possible values: [ENFORCED, NOT_ENFORCED]
Example: ENFORCED
tagsstring[]
Tags for the policy object.
Example: ["TAG1","TAG2"]
creatorIdstring
Policy's creator ID.
Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierIdstringnullable
Policy's modifier ID.
Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig object
assignmentRulestringnullable
Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity
Possible values: [MANAGER, STATIC, null]
Example: MANAGER
ownerRef objectnullable
The owner of the violation assignment config.
typestring
Owner type.
Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]
Example: IDENTITY
idstring
Owner's ID.
Example: 2c9180a46faadee4016fb4e018c20639
namestring
Owner's name.
Example: Support
scheduledboolean
Defines whether a policy has been scheduled or not.
Default value: false
Example: true
typestring
Whether a policy is query based or conflicting access based.
Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]
Default value: GENERAL
Example: GENERAL
conflictingAccessCriteria objectnullable
leftCriteria object
namestring
Business name for the access construct list
Example: money-in
criteriaList object[]
List of criteria. There is a min of 1 and max of 50 items in the list.
Array [
typestring
DTO type
Possible values: [ENTITLEMENT]
Example: ENTITLEMENT
idstring
ID of the object to which this reference applies to
Example: 2c91808568c529c60168cca6f90c1313
namestring
Human-readable display name of the object to which this reference applies to
Example: Administrator
]
rightCriteria object
namestring
Business name for the access construct list
Example: money-in
criteriaList object[]
List of criteria. There is a min of 1 and max of 50 items in the list.
Array [
typestring
DTO type
Possible values: [ENTITLEMENT]
Example: ENTITLEMENT
idstring
ID of the object to which this reference applies to
Example: 2c91808568c529c60168cca6f90c1313
namestring
Human-readable display name of the object to which this reference applies to
Example: Administrator
]

Example (auto)

{
  "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
  "name": "policy-xyz",
  "created": "2020-01-01T00:00:00.000000Z",
  "modified": "2020-01-01T00:00:00.000000Z",
  "description": "This policy ensures compliance of xyz",
  "ownerRef": {
    "type": "IDENTITY",
    "id": "2c9180a46faadee4016fb4e018c20639",
    "name": "Support"
  },
  "externalPolicyReference": "XYZ policy",
  "policyQuery": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)",
  "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
  "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
  "state": "ENFORCED",
  "tags": [
    "TAG1",
    "TAG2"
  ],
  "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
  "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
  "violationOwnerAssignmentConfig": {
    "assignmentRule": "MANAGER",
    "ownerRef": {
      "type": "IDENTITY",
      "id": "2c9180a46faadee4016fb4e018c20639",
      "name": "Support"
    }
  },
  "scheduled": true,
  "type": "GENERAL",
  "conflictingAccessCriteria": {
    "leftCriteria": {
      "name": "money-in",
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66",
          "name": "Administrator"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67",
          "name": "Administrator"
        }
      ]
    },
    "rightCriteria": {
      "name": "money-in",
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66",
          "name": "Administrator"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67",
          "name": "Administrator"
        }
      ]
    }
  }
}

Conflicting Access Based Policy

{
  "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
  "name": "Conflicting-Policy-Name",
  "created": "2020-01-01T00:00:00.000000Z",
  "modified": "2020-01-01T00:00:00.000000Z",
  "description": "Modified description",
  "ownerRef": {
    "type": "IDENTITY",
    "id": "2c91808568c529c60168cca6f90c1313",
    "name": "Owner Name"
  },
  "externalPolicyReference": "XYZ policy",
  "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
  "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
  "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
  "state": "ENFORCED",
  "tags": [
    "string"
  ],
  "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
  "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
  "violationOwnerAssignmentConfig": {
    "assignmentRule": "MANAGER",
    "ownerRef": {
      "type": "IDENTITY",
      "id": "2c91808568c529c60168cca6f90c1313",
      "name": "Violation Owner Name"
    }
  },
  "scheduled": true,
  "type": "CONFLICTING_ACCESS_BASED",
  "conflictingAccessCriteria": {
    "leftCriteria": {
      "name": "money-in",
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67"
        }
      ]
    },
    "rightCriteria": {
      "name": "money-out",
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a68"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a69"
        }
      ]
    }
  }
}

General Policy

{
  "description": "Modified Description",
  "ownerRef": {
    "type": "IDENTITY",
    "id": "2c918087682f9a86016839c05e8f1aff",
    "name": "Owner Name"
  },
  "externalPolicyReference": "New policy",
  "policyQuery": "policy query implementation",
  "compensatingControls": "Compensating controls",
  "correctionAdvice": "Correction advice",
  "tags": [],
  "state": "ENFORCED",
  "scheduled": false,
  "creatorId": "2c918087682f9a86016839c05e8f1aff",
  "modifierId": null,
  "violationOwnerAssignmentConfig": null,
  "type": "GENERAL",
  "conflictingAccessCriteria": null,
  "id": "52c11db4-733e-4c31-949a-766c95ec95f1",
  "name": "General-Policy-Name",
  "created": "2020-05-12T19:47:38Z",
  "modified": "2020-05-12T19:47:38Z"
}

400

Client Error - Returned if the request body is invalid.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

401

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema

Schema

error
A message describing the error
Example: JWT validation failed: JWT is expired

Example (auto)

{
  "error": "JWT validation failed: JWT is expired"
}

403

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

403

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

404

Not Found - returned if the request URL refers to a resource or object that does not exist

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

404

An example of a 404 response object

{
  "detailCode": "404 Not found",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server did not find a current representation for the target resource."
    }
  ]
}

429

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema

Schema

message
A message describing the error
Example: Rate Limit Exceeded

Example (auto)

{
  "message": " Rate Limit Exceeded "
}

500

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

500

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Authorization: oauth2

type: Personal Access Token
scopes: idn:sod-policy:write

• go
• powershell
  SailPoint SDK
• python
  SailPoint SDK
• csharp
• curl
• dart
• http
• java
• javascript
• kotlin
• c
• nodejs
• objective-c
• ocaml
• php
• r
• ruby
• rust
• shell
• swift

• NATIVE

Request Collapse all

Base URL

https://sailpoint.api.identitynow.com/beta

Auth

Bearer Token

Parameters

id — pathrequired

Body required

• Example (from schema)
• Conflicting Access Based Policy
• General Policy

{
  "name": "policy-xyz",
  "description": "This policy ensures compliance of xyz",
  "ownerRef": {
    "type": "IDENTITY",
    "id": "2c9180a46faadee4016fb4e018c20639",
    "name": "Support"
  },
  "externalPolicyReference": "XYZ policy",
  "policyQuery": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)",
  "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
  "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
  "state": "ENFORCED",
  "tags": [
    "TAG1",
    "TAG2"
  ],
  "violationOwnerAssignmentConfig": {
    "assignmentRule": "MANAGER",
    "ownerRef": {
      "type": "IDENTITY",
      "id": "2c9180a46faadee4016fb4e018c20639",
      "name": "Support"
    }
  },
  "scheduled": true,
  "type": "GENERAL",
  "conflictingAccessCriteria": {
    "leftCriteria": {
      "name": "money-in",
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66",
          "name": "Administrator"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67",
          "name": "Administrator"
        }
      ]
    },
    "rightCriteria": {
      "name": "money-in",
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66",
          "name": "Administrator"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67",
          "name": "Administrator"
        }
      ]
    }
  }
}

ResponseClear

Click the Send API Request button above and see the response here!