Skip to main content

Create SOD policy

POST 

/sod-policies

This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. Requires role of ORG_ADMIN.

Request

Body

required

    name string

    Policy Business Name

    description stringnullable

    Optional description of the SOD policy

    ownerRef

    object

    The owner of the SOD policy.

    type string

    Possible values: [IDENTITY, GOVERNANCE_GROUP]

    Owner type.

    id string

    Owner's ID.

    name string

    Owner's name.

    externalPolicyReference stringnullable

    Optional External Policy Reference

    policyQuery string

    Search query of the SOD policy

    compensatingControls stringnullable

    Optional compensating controls(Mitigating Controls)

    correctionAdvice stringnullable

    Optional correction advice

    state string

    Possible values: [ENFORCED, NOT_ENFORCED]

    whether the policy is enforced or not

    tags string[]

    tags for this policy object

    violationOwnerAssignmentConfig

    object

    nullable

    assignmentRule stringnullable

    Possible values: [MANAGER, STATIC, null]

    Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity

    ownerRef

    object

    nullable

    The owner of the violation assignment config.

    type string

    Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]

    Owner type.

    id string

    Owner's ID.

    name string

    Owner's name.

    scheduled boolean

    defines whether a policy has been scheduled or not

    type string

    Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]

    Default value: GENERAL

    whether a policy is query based or conflicting access based

    conflictingAccessCriteria

    object

    leftCriteria

    object

    name string

    Business name for the access construct list

    criteriaList

    object[]

    Possible values: >= 1, <= 50

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    Type of the propery to which this reference applies to

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]

  • rightCriteria

    object

    name string

    Business name for the access construct list

    criteriaList

    object[]

    Possible values: >= 1, <= 50

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    Type of the propery to which this reference applies to

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]

Responses

SOD policy created

Schema

    id string

    Policy id

    name string

    Policy Business Name

    created date-time

    The time when this SOD policy is created.

    modified date-time

    The time when this SOD policy is modified.

    description stringnullable

    Optional description of the SOD policy

    ownerRef

    object

    The owner of the SOD policy.

    type string

    Possible values: [IDENTITY, GOVERNANCE_GROUP]

    Owner type.

    id string

    Owner's ID.

    name string

    Owner's name.

    externalPolicyReference stringnullable

    Optional External Policy Reference

    policyQuery string

    Search query of the SOD policy

    compensatingControls stringnullable

    Optional compensating controls(Mitigating Controls)

    correctionAdvice stringnullable

    Optional correction advice

    state string

    Possible values: [ENFORCED, NOT_ENFORCED]

    whether the policy is enforced or not

    tags string[]

    tags for this policy object

    creatorId string

    Policy's creator ID

    modifierId stringnullable

    Policy's modifier ID

    violationOwnerAssignmentConfig

    object

    nullable

    assignmentRule stringnullable

    Possible values: [MANAGER, STATIC, null]

    Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity

    ownerRef

    object

    nullable

    The owner of the violation assignment config.

    type string

    Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]

    Owner type.

    id string

    Owner's ID.

    name string

    Owner's name.

    scheduled boolean

    defines whether a policy has been scheduled or not

    type string

    Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]

    Default value: GENERAL

    whether a policy is query based or conflicting access based

    conflictingAccessCriteria

    object

    leftCriteria

    object

    name string

    Business name for the access construct list

    criteriaList

    object[]

    Possible values: >= 1, <= 50

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    Type of the propery to which this reference applies to

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]

  • rightCriteria

    object

    name string

    Business name for the access construct list

    criteriaList

    object[]

    Possible values: >= 1, <= 50

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [

  • type string

    Possible values: [ENTITLEMENT]

    Type of the propery to which this reference applies to

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]

Loading...