Skip to main content

Predict SOD violations for the given identity if they were granted the given access.

This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused.

A token with ORG_ADMIN or API authority is required to call this API.

Request Body required
  • identityId string required

    Identity id to be checked.

  • accessRefs object[] required

    The list of ENTITLEMENTs to consider for calculating possible violations in a preventive check.

  • type

    Possible values: [ENTITLEMENT]

    The type of object that is referenced

Responses

Violation Contexts


Schema
  • violationContexts object[]

    List of Violation Contexts

  • policy object
  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • conflictingAccessCriteria object
  • leftCriteria object
  • criteriaList object[]

    List of exception criteria. There is a min of 1 and max of 50 items in the list.

  • type

    Possible values: [ENTITLEMENT]

    The type of object that is referenced

  • rightCriteria object
  • criteriaList object[]

    List of exception criteria. There is a min of 1 and max of 50 items in the list.

  • type

    Possible values: [ENTITLEMENT]

    The type of object that is referenced

Loading...