Update SOD policy by ID
PUT/sod-policies/:id
This updates a specified SOD policy. Requires role of ORG_ADMIN.
Request
Path Parameters
The ID of the SOD policy to update.
- application/json
Body
required
Array [
]
Array [
]
Policy Business Name
Optional description of the SOD policy
ownerRef
object
The owner of the SOD policy.
Possible values: [IDENTITY, GOVERNANCE_GROUP]
Owner type.
Owner's ID.
Owner's name.
Optional External Policy Reference
Search query of the SOD policy
Optional compensating controls(Mitigating Controls)
Optional correction advice
Possible values: [ENFORCED, NOT_ENFORCED]
whether the policy is enforced or not
tags for this policy object
violationOwnerAssignmentConfig
object
nullable
Possible values: [MANAGER, STATIC, null]
Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity
ownerRef
object
nullable
The owner of the violation assignment config.
Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]
Owner type.
Owner's ID.
Owner's name.
defines whether a policy has been scheduled or not
Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]
Default value: GENERAL
whether a policy is query based or conflicting access based
conflictingAccessCriteria
object
leftCriteria
object
Business name for the access construct list
criteriaList
object[]
Possible values: >= 1, <= 50
List of criteria. There is a min of 1 and max of 50 items in the list.
Possible values: [ENTITLEMENT]
Type of the propery to which this reference applies to
ID of the object to which this reference applies to
Human-readable display name of the object to which this reference applies to
rightCriteria
object
Business name for the access construct list
criteriaList
object[]
Possible values: >= 1, <= 50
List of criteria. There is a min of 1 and max of 50 items in the list.
Possible values: [ENTITLEMENT]
Type of the propery to which this reference applies to
ID of the object to which this reference applies to
Human-readable display name of the object to which this reference applies to
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
SOD Policy by ID
- application/json
- Schema
- Example (from schema)
- Conflicting Access Based Policy
- General Policy
Schema
Array [
]
Array [
]
Policy id
Policy Business Name
The time when this SOD policy is created.
The time when this SOD policy is modified.
Optional description of the SOD policy
ownerRef
object
The owner of the SOD policy.
Possible values: [IDENTITY, GOVERNANCE_GROUP]
Owner type.
Owner's ID.
Owner's name.
Optional External Policy Reference
Search query of the SOD policy
Optional compensating controls(Mitigating Controls)
Optional correction advice
Possible values: [ENFORCED, NOT_ENFORCED]
whether the policy is enforced or not
tags for this policy object
Policy's creator ID
Policy's modifier ID
violationOwnerAssignmentConfig
object
nullable
Possible values: [MANAGER, STATIC, null]
Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity
ownerRef
object
nullable
The owner of the violation assignment config.
Possible values: [IDENTITY, GOVERNANCE_GROUP, MANAGER, null]
Owner type.
Owner's ID.
Owner's name.
defines whether a policy has been scheduled or not
Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]
Default value: GENERAL
whether a policy is query based or conflicting access based
conflictingAccessCriteria
object
leftCriteria
object
Business name for the access construct list
criteriaList
object[]
Possible values: >= 1, <= 50
List of criteria. There is a min of 1 and max of 50 items in the list.
Possible values: [ENTITLEMENT]
Type of the propery to which this reference applies to
ID of the object to which this reference applies to
Human-readable display name of the object to which this reference applies to
rightCriteria
object
Business name for the access construct list
criteriaList
object[]
Possible values: >= 1, <= 50
List of criteria. There is a min of 1 and max of 50 items in the list.
Possible values: [ENTITLEMENT]
Type of the propery to which this reference applies to
ID of the object to which this reference applies to
Human-readable display name of the object to which this reference applies to
{
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "policy-xyz",
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "This policy ensures compliance of xyz",
"ownerRef": {
"type": "IDENTITY",
"id": "2c9180a46faadee4016fb4e018c20639",
"name": "Support"
},
"externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"TAG1",
"TAG2"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"type": "IDENTITY",
"id": "2c9180a46faadee4016fb4e018c20639",
"name": "Support"
}
},
"scheduled": true,
"type": "GENERAL",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66",
"name": "Administrator"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67",
"name": "Administrator"
}
]
},
"rightCriteria": {
"name": "money-in",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66",
"name": "Administrator"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67",
"name": "Administrator"
}
]
}
}
}
{
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Conflicting-Policy-Name",
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "Modified description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name"
},
"externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name"
}
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67"
}
]
},
"rightCriteria": {
"name": "money-out",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69"
}
]
}
}
}
{
"description": "Modified Description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name"
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
"correctionAdvice": "Correction advice",
"tags": [],
"state": "ENFORCED",
"scheduled": false,
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
"type": "GENERAL",
"conflictingAccessCriteria": null,
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z"
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT, REQUEST, null]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}