Skip to main content

Pending Access Request Approvals List

GET 

/access-request-approvals/pending

This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.

Request

Query Parameters

    owner-id string

    If present, the value returns only pending approvals for the specified identity.

    • ORG_ADMIN users can call this with any identity ID value.
    • ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
    • Non-ORG_ADMIN users can only specify me or pass their own identity ID value.
    Example: 2c91808568c529c60168cca6f90c1313
    limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
    offset int32

    Default value: 0

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

    Example: 0
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in

    requestedFor.id: eq, in

    modified: gt, lt, ge, le, eq, in

    Example: id eq "2c91808568c529c60168cca6f90c1313"
    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: created, modified

    Example: modified

Responses

List of Pending Approvals.

Schema

  • Array [

  • id string

    The approval id.

    name string

    The name of the approval.

    created date-time

    When the approval was created.

    modified date-time

    When the approval was modified last time.

    requestCreated date-time

    When the access-request was created.

    requestType AccessRequestType (string)nullable

    Possible values: [GRANT_ACCESS, REVOKE_ACCESS, null]

    Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.

    requester

    object

    Access item requester's identity.

    type string

    Possible values: [IDENTITY]

    Access item requester's DTO type.

    id string

    Access item requester's identity ID.

    name string

    Access item owner's human-readable display name.

    requestedFor

    object[]

    Possible values: >= 1, <= 10

    Identities access was requested for.

  • Array [

  • type string

    Possible values: [IDENTITY]

    DTO type of identity the access item is requested for.

    id string

    ID of identity the access item is requested for.

    name string

    Human-readable display name of identity the access item is requested for.

  • ]

  • owner

    object

    Access item owner's identity.

    type string

    Possible values: [IDENTITY]

    Access item owner's DTO type.

    id string

    Access item owner's identity ID.

    name string

    Access item owner's human-readable display name.

    requestedObject

    object

    The requested access item.

    id string

    Id of the object.

    name string

    Name of the object.

    description string

    Description of the object.

    type string

    Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

    Type of the object.

    requesterComment

    object

    The requester's comment.

    comment stringnullable

    Comment content.

    created date-time

    Date and time comment was created.

    author

    object

    Author of the comment

    type string

    Possible values: [IDENTITY]

    The type of object

    id string

    The unique ID of the object

    name string

    The display name of the object

    previousReviewersComments

    object[]

    The history of the previous reviewers comments.

  • Array [

  • comment stringnullable

    Comment content.

    created date-time

    Date and time comment was created.

    author

    object

    Author of the comment

    type string

    Possible values: [IDENTITY]

    The type of object

    id string

    The unique ID of the object

    name string

    The display name of the object

  • ]

  • forwardHistory

    object[]

    The history of approval forward action.

  • Array [

  • oldApproverName string

    Display name of approver from whom the approval was forwarded.

    newApproverName string

    Display name of approver to whom the approval was forwarded.

    comment stringnullable

    Comment made while forwarding.

    modified date-time

    Time at which approval was forwarded.

    forwarderName stringnullable

    Display name of forwarder who forwarded the approval.

    reassignmentType ReassignmentType (string)

    Possible values: [MANUAL_REASSIGNMENT, AUTOMATIC_REASSIGNMENT, AUTO_ESCALATION, SELF_REVIEW_DELEGATION]

    The approval reassignment type.

    • MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
    • AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
    • AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to Setting Global Reminders and Escalation Policies.
    • SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to Self-review Prevention and Preventing Self-approval.
  • ]

  • commentRequiredWhenRejected boolean

    When true the rejector has to provide comments when rejecting

    actionInProcess PendingApprovalAction (string)

    Possible values: [APPROVED, REJECTED, FORWARDED]

    Action that is performed on this approval, and system has not finished performing that action yet.

    removeDate date-time

    The date the role or access profile or entitlement is no longer assigned to the specified identity.

    removeDateUpdateRequested boolean

    If true, then the request is to change the remove date or sunset date.

    currentRemoveDate date-time

    The remove date or sunset date that was assigned at the time of the request.

    sodViolationContext

    object

    nullable

    An object referencing a completed SOD violation check

    state stringnullable

    Possible values: [SUCCESS, ERROR, null]

    The status of SOD violation check

    uuid stringnullable

    The id of the Violation check event

    violationCheckResult

    object

    The inner object representing the completed SOD Violation check

    message

    object

    If the request failed, this includes any error message that was generated.

    locale stringnullable

    The locale for the message text, a BCP 47 language tag.

    localeOrigin LocaleOrigin (string)nullable

    Possible values: [DEFAULT, REQUEST, null]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

    text string

    Actual text of the error message in the indicated locale.

    clientMetadata

    object

    nullable

    Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.

    property name* string

    violationContexts

    object[]

    nullable

  • Array [

  • policy

    object

    SOD policy.

    type string

    Possible values: [SOD_POLICY]

    SOD policy DTO type.

    id string

    SOD policy ID.

    name string

    SOD policy display name.

    conflictingAccessCriteria

    object

    The object which contains the left and right hand side of the entitlements that got violated according to the policy.

    leftCriteria

    object

    criteriaList

    object[]

  • Array [

  • existing boolean

    If the entitlement already belonged to the user or not.

    type DtoType (string)

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, MACHINE_IDENTITY, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]

  • rightCriteria

    object

    criteriaList

    object[]

  • Array [

  • existing boolean

    If the entitlement already belonged to the user or not.

    type DtoType (string)

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, MACHINE_IDENTITY, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]

  • ]

  • violatedPolicies

    object[]

    nullable

    A list of the SOD policies that were violated.

  • Array [

  • type string

    Possible values: [SOD_POLICY]

    SOD policy DTO type.

    id string

    SOD policy ID.

    name string

    SOD policy display name.

  • ]

  • ]

Loading...