Skip to main content

Predict SOD violations for identity.

POST 

/sod-violations/predict

deprecated

This endpoint has been deprecated and may be replaced or removed in future versions of the API.

This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused.

A token with ORG_ADMIN or API authority is required to call this API.

Request

Body

required

    identityId stringrequired

    Identity id to be checked.

    accessRefs

    object[]

    required

    The list of entitlements to consider for possible violations in a preventive check.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    Entitlement's DTO type.

    id string

    Entitlement's ID.

    name string

    Entitlement's display name.

  • ]

Responses

Violation Contexts

Schema

    violationContexts

    object[]

    List of Violation Contexts

  • Array [

  • policy

    object

    The types of objects supported for SOD policy violations.

    type

    Possible values: [ENTITLEMENT]

    The type of object supported for SOD policy violations.

    type string

    Possible values: [SOD_POLICY]

    SOD policy DTO type.

    id string

    SOD policy ID.

    name string

    SOD policy display name.

    conflictingAccessCriteria

    object

    leftCriteria

    object

    criteriaList

    object[]

    List of exception criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type

    Possible values: [ENTITLEMENT]

    The type of object that is referenced

  • ]

  • rightCriteria

    object

    criteriaList

    object[]

    List of exception criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type

    Possible values: [ENTITLEMENT]

    The type of object that is referenced

  • ]

  • ]

Loading...