create-sod-exception | SailPoint Developer Community

Create SOD exception

This API creates a SOD exception.

A token with API authority is required to call this API.

application/json

Request Body required

id string
Id of a SOD exception.
created date-time
The time when this SOD exception is created.
modified date-time
The time when this SOD exception is modified.
sodPolicy object
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
DTO type
id string
ID of the object to which this reference applies
name string
Human-readable display name of the object to which this reference applies
identity object
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
DTO type
id string
ID of the object to which this reference applies
name string
Human-readable display name of the object to which this reference applies
start date-time
The earliest date-time when this SOD exception is applicable.
end date-time
The last date-time when this SOD exception is applicable.
businessJustification string
The business justification for the exception.
mitigatingControl string
The mitigating control for the exception.
accessCriteria object
leftCriteria object
criteriaList object[]
List of exception criteria. There is a min of 1 and max of 50 items in the list.
type
Possible values: [ENTITLEMENT]
The type of object that is referenced
rightCriteria object
criteriaList object[]
List of exception criteria. There is a min of 1 and max of 50 items in the list.
type
Possible values: [ENTITLEMENT]
The type of object that is referenced
origin object
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
DTO type
id string
ID of the object to which this reference applies
name string
Human-readable display name of the object to which this reference applies

Responses

SOD exception created

application/json

Schema
Example (from schema)
S O D Exception

Schema

id string
Id of a SOD exception.
created date-time
The time when this SOD exception is created.
modified date-time
The time when this SOD exception is modified.
sodPolicy object
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
DTO type
id string
ID of the object to which this reference applies
name string
Human-readable display name of the object to which this reference applies
identity object
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
DTO type
id string
ID of the object to which this reference applies
name string
Human-readable display name of the object to which this reference applies
start date-time
The earliest date-time when this SOD exception is applicable.
end date-time
The last date-time when this SOD exception is applicable.
businessJustification string
The business justification for the exception.
mitigatingControl string
The mitigating control for the exception.
accessCriteria object
leftCriteria object
criteriaList object[]
List of exception criteria. There is a min of 1 and max of 50 items in the list.
type
Possible values: [ENTITLEMENT]
The type of object that is referenced
rightCriteria object
criteriaList object[]
List of exception criteria. There is a min of 1 and max of 50 items in the list.
type
Possible values: [ENTITLEMENT]
The type of object that is referenced
origin object
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
DTO type
id string
ID of the object to which this reference applies
name string
Human-readable display name of the object to which this reference applies

{
  "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
  "created": "2020-01-01T00:00:00.000Z",
  "modified": "2020-01-01T00:00:00.000Z",
  "sodPolicy": "00fc6afc-af1d-43af-b350-8d632f4c56ca",
  "identity": {
    "type": "IDENTITY",
    "id": "2c91808568c529c60168cca6f90c1313",
    "name": "William Wilson"
  },
  "start": "2020-01-01T00:00:00.000Z",
  "end": "2020-01-02T00:00:00.000Z",
  "businessJustification": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week.",
  "mitigatingControl": "The manager will audit Bill's changes this week.",
  "accessCriteria": {
    "leftCriteria": {
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66",
          "existing": true
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67",
          "existing": false
        }
      ]
    },
    "rightCriteria": {
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66",
          "existing": true
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67",
          "existing": false
        }
      ]
    }
  },
  "origin": {
    "type": "IDENTITY",
    "id": "2c91808568c529c60168cca6f90c1313",
    "name": "William Wilson"
  }
}

Exception

{
  "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
  "created": "2020-01-01T00:00:00.000000Z",
  "modified": "2020-01-01T00:00:00.000000Z",
  "sodPolicy": {
    "type": "SOD_POLICY",
    "id": "00fc6afc-af1d-43af-b350-8d632f4c56ca"
  },
  "identity": {
    "type": "IDENTITY",
    "id": "2c9180867473c1bd01747e8a7d65179b"
  },
  "start": "2020-01-01T00:00:00.000Z",
  "end": "2020-01-02T00:00:00.000Z",
  "businessJustification": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week.",
  "mitigatingControl": "The manager will audit Bill's changes this week.",
  "accessCriteria": {
    "leftCriteria": {
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a66"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a67"
        }
      ]
    },
    "rightCriteria": {
      "criteriaList": [
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a68"
        },
        {
          "type": "ENTITLEMENT",
          "id": "2c9180866166b5b0016167c32ef31a69"
        }
      ]
    }
  },
  "origin": {
    "type": "ACCOUNT_ACTIVITY",
    "id": "2c9180867372a2590173774358eb016d"
  }
}

Client Error - Returned if the request body is invalid.

application/json

Schema
Example (from schema)

Schema

detailCode string
Fine-grained error code providing more detail of the error.
trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale string
The locale for the message text, a BCP 47 language tag.
localeOrigin string
Possible values: [DEFAULT, REQUEST]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text string
Actual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale string
The locale for the message text, a BCP 47 language tag.
localeOrigin string
Possible values: [DEFAULT, REQUEST]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text string
Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema
Example (from schema)

Schema

error
A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema
Example (from schema)
403

Schema

detailCode string
Fine-grained error code providing more detail of the error.
trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale string
The locale for the message text, a BCP 47 language tag.
localeOrigin string
Possible values: [DEFAULT, REQUEST]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text string
Actual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale string
The locale for the message text, a BCP 47 language tag.
localeOrigin string
Possible values: [DEFAULT, REQUEST]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text string
Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema
Example (from schema)

Schema

message
A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema
Example (from schema)
500

Schema

detailCode string
Fine-grained error code providing more detail of the error.
trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale string
The locale for the message text, a BCP 47 language tag.
localeOrigin string
Possible values: [DEFAULT, REQUEST]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text string
Actual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale string
The locale for the message text, a BCP 47 language tag.
localeOrigin string
Possible values: [DEFAULT, REQUEST]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text string
Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Create SOD exception​

Create SOD exception