Skip to main content

Patch SOD policy by ID

Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the JSON Patch standard. Requires role of ORG_ADMIN. This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception.

Path Parameters
    id string required

    The ID of the SOD policy being modified.

    Example: 2c918083-5d19-1a86-015d-28455b4a2329
Request Body array required

A list of SOD Policy update operations according to the JSON Patch standard.

The following fields are patchable:

  • name
  • description
  • ownerRef
  • externalPolicyReference
  • compensatingControls
  • correctionAdvice
  • state
  • tags
  • violationOwnerAssignmentConfig
  • scheduled
  • conflictingAccessCriteria
  • Array [
  • op string required

    Possible values: [add, remove, replace, move, copy, test]

    The operation to be performed

    path string required

    A string JSON Pointer representing the target path to an element to be affected by the operation

    value object

    The value to be used for the operation, required for "add" and "replace" operations

    anyOf

    MOD1

    The value to be used for the operation, required for "add" and "replace" operations

  • ]
Responses

Indicates the PATCH operation succeeded, and returns the SOD policy's new representation.


Schema
    name string

    Policy Business Name

    description string nullable

    Optional description of the SOD policy

    ownerRef object
    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    externalPolicyReference string nullable

    Optional External Policy Reference

    policyQuery string

    Search query of the SOD policy

    compensatingControls string nullable

    Optional compensating controls(Mitigating Controls)

    correctionAdvice string nullable

    Optional correction advice

    state string

    Possible values: [ENFORCED, NOT_ENFORCED]

    whether the policy is enforced or not

    tags string[]

    tags for this policy object

    violationOwnerAssignmentConfig object nullable
    assignmentRule string nullable

    Possible values: [MANAGER, STATIC, null]

    Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity

    ownerRef object nullable
    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    scheduled boolean

    Default value: false

    defines whether a policy has been scheduled or not

    type string

    Possible values: [GENERAL, CONFLICTING_ACCESS_BASED]

    Default value: GENERAL

    whether a policy is query based or conflicting access based

    conflictingAccessCriteria object nullable
    leftCriteria object
    name string

    Business name for the access construct list

    criteriaList object[]

    Possible values: >= 1, <= 50

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [
  • type string

    Possible values: [ENTITLEMENT]

    Type of the propery to which this reference applies to

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]
  • rightCriteria object
    name string

    Business name for the access construct list

    criteriaList object[]

    Possible values: >= 1, <= 50

    List of criteria. There is a min of 1 and max of 50 items in the list.

  • Array [
  • type string

    Possible values: [ENTITLEMENT]

    Type of the propery to which this reference applies to

    id string

    ID of the object to which this reference applies to

    name string

    Human-readable display name of the object to which this reference applies to

  • ]
Loading...