Skip to main content

This endpoint simulates provisioning a set of access items, and then checks against a set of policies to determine if granting the access items would cause creation of new policy violations.

POST 

/CheckedPolicyViolations

>This submits a set of access items to request and a set of policies to check after the access provisioning is simulated in order to determine if policy violations would be created by provisioning the access items. It receives a payload that includes:

An identity: Used as the recipient for the access items on the simulation.

A provisioning plan: To specify the changes to be simulatedly provisioned in the provided identity

A list of policies: to check after the simulation of provisioning plan was applied to the identity in order to determine if the access granted in the simulation causes new policy violations.

Optionally you can pass a list of attributes, as query params, to be included or excluded from the response, this setting is applicable only to top level attributes as defined in the schema urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation.

Valid values: - policies - identity - plan - violations - leftBundles - rightBundles

Request

Query Parameters

    attributes string

    A list of attributes to indicate what top level attributes to include in the response

    authnPassword string

    Password for authentication

    authnUsername string

    Username for authentication

    excludedAttributes string

    A list of attributes to indicate what top level attributes to exclude from the response

    lookupByName boolean

    This is not required in this endpoint, the returned object is a new PolicyViolation and not one returned from the persistence layer. This is inherited from the BaseSCIMResource and is used to override the default id based lookup, and use a name based lookup instead, if for any reason the artifact id is not present.

    Example: false

Body

required

    identity string

    An identity for whom access is requested on the provisioning simulation

    plan

    object

    A provisioning plan detailing the access to request on the simulation

    value

    object

    accounts

    object[]

  • Array [

  • op string

    The operation to perform on the provisioning.

    instance string

    A particular instance to provision this access to

    application string

    The application that owns the access items in the request

    attributes

    object[]

  • Array [

  • op string

    The operation to perform on the access item.

    name string

    The type of access item to provision.

    value string

    The name of the access item to provision.

  • ]

  • ]

  • type string
    policies string[]

    A list of policies to check for new policy violations on the access provisioned by the simulation.

Responses

Returns a list of violations based on simulated requested access

Schema

    identity string

    An identity for whom access was requested on the provisioning simulation

    meta

    object

    resourceType string

    violations

    undefined[]

  • Array [

  • entitlements string[]

    An array of the entitlements used in the provisioning simulation.

    policyName string

    The name of the policy that conflicted with the access items provisioned in the simulation causing policy violation.

    policyType string

    The type of the policy that conflicted with the access items provisioned in the simulation causing policy violation(s).

    description string

    The description of the policy violation(s) caused by the access provisioned in the simulation.

    constraintName string

    The specific constraint in the policy that conflicted with the access items provisioned in the simulation.

    leftBundles string[]

    The left set of entitlements defined in the policy constraint in order to check against another set of entitlements for compliance.

    rightBundles string[]

    The right set of entitlements defined in the policy constraint in order to check against another set of entitlements for compliance.

  • ]

  • schemas string[]

    The SCIM schema for Checked Policy Violations.

    policies string[]

    The set of policies used to check for conflicting access in the provisioning simulation

    plan

    object

    A provisioning plan detailing the access to request on the simulation

    value

    object

    accounts

    object[]

  • Array [

  • op string

    The operation performed on the access in the provisioning simulation.

    instance string

    A particular instance to provision this access to

    application string

    The application that owns the access provisioned in the simulation.

    attributes

    object[]

  • Array [

  • op string

    The operation performed on the access in the provisioning simulation.

    name string

    The type of provisioned access.

    value string

    The name of the provisioned access items.

  • ]

  • ]

  • type string
Loading...