Event Data Publishing Reference Schemas and Sample Files
Defines schema and sample output code snippet of Oracle Access Governance components published to Oracle Cloud Infrastructure (OCI) Buckets and OCI Streams.
Header Schema and Sample Output Reference
There are headers related to event types, covering Day 0 and Day N export, and another event types, covering for publishing of data objects, which includes policies, identities, resources, and so on for create, update, and delete operations.
Day 0 Message Header Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"eventId": {
"type": "string"
},
"correlationId": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventTypeVersion": {
"type": "string"
},
"version": {
"type": "string"
},
"operation": {
"type": "string"
},
"messageType": {
"type": "string"
},
"eventType": {
"type": "string"
},
"opcRequestId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"serviceInstanceId": {
"type": "string"
}
},
"additionalProperties": false
}Day 0 Sample Header
{
"headers": {
"eventId": "752d5e14-a784-4d91-9cf4-57c0a72d7620",
"correlationId": "9a0041f5-f67f-4b06-8fbd-c9b64d1d5ee3",
"eventTime": "2024-09-05T16:57:59.922065942Z",
"eventTypeVersion": "1.0",
"version": "1.0",
"operation": "CREATE",
"messageType": "DAY0",
"eventType": "com.oracle.idm.agcs.data.enablement.DAY0",
"opcRequestId": "2cec8907-abcd-1234-be17-2dc91122/00ab2d02/2497,
"tenancyId": "ocid1.tenancy.oc1..aaaaaaaazp2vvzjsn6newkqrpkwndxpdoixtqfgyhnf4y24h7d5ny27h6f3q",
"serviceInstanceId": "ocid1.agcsgovernanceinstance.oc1.iad.amaaaaaaebkbezqawho7s4aseb4u43vrzy53yiv7ylgfjqk223wpjc7j4ubq"
}
}Day 0 Object Export Header Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"eventId": {
"type": "string"
},
"correlationId": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventTypeVersion": {
"type": "string"
},
"operation": {
"type": "string"
},
"messageType": {
"type": "string"
},
"status": {
"type": "string"
},
"eventType": {
"type": "string"
},
"opcRequestId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"serviceInstanceId": {
"type": "string"
}
},
"additionalProperties": false
}Sample Output: Day 0 Object Export Header
{
"headers": {
"eventId": "8787e121-abcd-1234",
"correlationId": "dc989b5c-abcd-1234",
"eventTime": "2024-08-27T21:44:15.274034651Z",
"eventType": "com.oracle.idm.agcs.data.enablement.policyStatement.created",
"eventTypeVersion": "1.0",
"operation": "CREATE",
"messageType": "TARGET_ACCESS_POLICY_STATEMENT",
"status": "IN_PROGRESS",
"opcRequestId": "2cec8907-abcd-1234-be17-2dc91122/00ab2d02/2497",
"tenancyId": "ocid1.tenancy.oc1..abcd1234",
"serviceInstanceId": "ocid1.dev.dev.1234"
}
}Day N Object Export Header Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"eventId": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventTypeVersion": {
"type": "string"
},
"operation": {
"type": "string"
},
"messageType": {
"type": "string"
},
"eventType": {
"type": "string"
},
"opcRequestId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"serviceInstanceId": {
"type": "string"
}
},
"additionalProperties": false
}Sample Output: Day 0 Object Export Header
{
"headers": {
"eventId": "b8bfe07f-1234",
"eventTime": "2024-05-18T23:19:56.360412Z",
"tenancyId": "ocid.tenancy.oc1.1234",
"serviceInstanceId": "ocid1.instance.oc1.1234",
"opcRequestId": "request-1234",
"eventType": "com.oracle.idm.agcs.cloudGroup.created",
"eventTypeVersion": "1.0",
"operation": "CREATE",
"messageType": "GROUP"
}
}Header Schema Attribute Definition
Here's the schema for Day 0 and Day N headers available in the output file.
Table - Header Schema Attribute Definition for Day 0
| Attributes | Description |
|---|---|
| correlationId | Unique identifier to correlate two or more events. For example, if a new resource is created and a new policy grants access to the resource, two events will be published and be identified with this identifier. |
| eventId | Unique identifier for each event published either to OCI Bucket or OCI Streams. It ensures that each event can be processed and traced distinctly. |
| eventTime | Timestamp when the event occurred with nanosecond precision. This is required to consume data sequentially and accurately.
Format: |
| eventTypeversion | Schema version used for sending response for each event. If there are significant changes to schema, then version is updated. For more details, refer Semantic Versioning Guidelines. |
| messageType | Type of data component being published. Possible values can be
|
| operation | Basic operations associated with the data publishing event. It can be CREATE, UPDATE, DELETE. For some operations, such as policies, if you have to update a policy, events are published with a combination of Create and Delete operations than the update operation. |
| status | Event Publishing status. Possible values: START, IN PROGRESS, SUCCESS, FAILED. These are sent in the output files. However, on the Oracle Access Governance Console, you can see Success or Failure status. |
| eventType | Event value used by the service to track the event operation. For example, if we add a new policy statement in a policy, the value is com.oracle.idm.agcs.data.enablement.policyStatement.created
|
| opcRequestId | Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. |
| tenancyId | Tenancy Oracle Cloud Identifier (OCID) where data is published by .Oracle Access Governance. |
| serviceInstanceId | Service Instance OCID of your Oracle Access Governance application. |
Identity Reference Schema and Sample Output File
Here's Identity schema for creation, modification, and deletion.
Identity Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "identities",
"type": "array",
"items": {
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"messageType": {
"type": "string"
},
"correlationId": {
"type": "string"
},
"globalIdentity": {
"type": "object",
"properties": {
"identity": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/identity.json"
},
"attributes": {
"type": "object",
"properties": {
"clearance": {
"type": "string"
},
"employeeNumber": {
"type": "string"
}
}
},
"id": {
"type": "string"
},
"targetIdentities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"targetId": {
"type": "string"
},
"identity": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/identity.json"
},
"externalId": {
"type": "string"
},
"id": {
"type": "string"
},
"domainId": {
"type": "string"
}
}
}
}
}
}
}
},
"operation": {
"type": "string"
},
"timestamp": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"globalIdentity"
]
}
}Identity Modification Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "identities",
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"messageType": {
"type": "string"
},
"correlationId": {
"type": "string"
},
"globalIdentity": {
"type": "object",
"properties": {
"identity": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/identity.json"
},
"attributes": {
"type": "object",
"properties": {
"clearance": {
"type": "string"
},
"employeeNumber": {
"type": "string"
}
}
},
"id": {
"type": "string"
},
"targetIdentities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"targetId": {
"type": "string"
},
"identity": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/identity.json"
},
"externalId": {
"type": "string"
},
"id": {
"type": "string"
},
"domainId": {
"type": "string"
}
}
}
}
}
}
}
},
"operation": {
"type": "string"
},
"timestamp": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"globalIdentity"
]
}Identity Deletion Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "identities",
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"globalIdentity": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"targetIdentities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"globalIdentity"
]
}Sample Output Code Snippet
{
"globalIdentity": {
"id": "globalId.ICF.EBS_HRMS_STAGE.f014bda5ef4003efa0d8149e59216953",
"identity": {
"agStatus": "AG_ACTIVE",
"agSubType": "WORKFORCE",
"agRisk": {
"value": 0,
"customAttributes": {}
},
"agOrganizations": [
{
"value": "ba987bed-15ae-47a2-a5b0-265432568ed0",
"displayName": "PERF_ORGANIZATION-1708541816625"
},
{
"value": "4bf99c0b-ae99-4787-a318-b5eb1e30b89d",
"displayName": "PERF_ORGANIZATION-1708541866473"
}
],
"customAttributes": {
"dateOfBirth": 56160000000,
"businessGroupId": "7328",
"supervisorName": "Ivanchuk, Mr. Dmytro",
"personType": "8351",
"personId": "28727",
"grade": "Professional.1",
"maritalStatus": "S",
"nationality": "UKR",
"job": "Buyer",
"startDate": 828921600000
},
"department": "Purchasing",
"displayName": "Ivan Shevchuk",
"emails": [
{
"value": "Ivan.Shevchuk@example.com"
}
],
"name": {
"familyName": "Shevchuk",
"givenName": "Ivan"
},
"organization": {},
"primaryEmail": "Ivan.Shevchuk@example.com",
"status": "Active",
"title": "MR.",
"userName": "28727"
},
"targetIdentities": [
{
"id": "targetId.account.ICF.EBS-UM.bdf6f156f130553394a859e02f793182",
"externalId": "1015628",
"targetId": "a83f87df-75ca-4c4d-966a-2928626e82b8",
"identity": {
"customAttributes": {
"operationType": "CREATE_OR_UPDATE",
"passwordExpireType": "None",
"effectiveStartDate": 1689206400000,
"roles": []
},
"name": {},
"primaryEmail": "Ivan.Shevchuk@example.com",
"status": "true"
}
},
{
"id": "targetId.account.ICF.EBS_HRMS_STAGE.f014bda5ef4003efa0d8149e59216953",
"externalId": "28727",
"targetId": "f2a858e5-c449-4a5a-9714-c2e7471b1d2a",
"identity": {
"customAttributes": {
"personType": "8351",
"title": "MR.",
"businessGroupId": "7328",
"dateOfBirth": 56160000000,
"employeeNumber": "4",
"assignments": [
{
"element": {
"organizationId": "7376",
"UID": "28936",
"jobId": "30930",
"gradeId": "18000",
"supervisorId": "28725",
"effectiveDate": "828921600000"
}
}
],
"hireDate": 828921600000,
"gender": "M",
"maritalStatus": "S",
"operationType": "CREATE_OR_UPDATE",
"nationality": "UKR",
"lastName": "Shevchuk",
"firstName": "Ivan",
"addresses": []
},
"name": {},
"primaryEmail": "Ivan.Shevchuk@example.com",
"status": "true"
}
}
]
}
}Identity Schema Attribute Definition
Here's the attribute definition for an identity export file.
Table - Identity Schema Attribute Definition for Day 0
| Attributes | Description |
|---|---|
| globalIdentity | Composite identity profile object used by Oracle Access Governance as a source of truth to perform various governance and provisioning operations. It contains access profile details, including core and custom attributes. For more information, refer to Identities Access Details Reference, |
| globalIdentity → id | Unique identifier for the resource within Oracle Access Governance. This also includes the orchestrated system information from where the resource value is ingested. |
| targetIdentities | Orchestrated identity object integrated with Oracle Access Governance and matched with the composite identity profile. |
| targetIdentities → id | Unique identifier for the resource within Oracle Access Governance. In this case, it depicts orchestrated system integrated with Oracle Access Governance. This includes the orchestrated system name identifier. |
| targetId | Unique identifier for the orchestrated system integrated with Oracle Access Governance. |
Identity Collection Reference Schema and Sample Output File
Here's Identity Collection schema for creation, modification, and deletion.
Identity Collection Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"domainId": {
"type": "string"
},
"compartmentId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"add": {
"type": "object",
"properties": {
"identities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"targetId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetIdentityId": {
"type": "string"
}
}
}
}
}
}
}
},
"remove": {
"type": "object",
"properties": {
"identities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"targetId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetIdentityId": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"additionalProperties": false,
"required": [
"id"
]
}Identity Collection Modification Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"domainId": {
"type": "string"
},
"compartmentId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"add": {
"type": "object",
"properties": {
"identities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"targetId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetIdentityId": {
"type": "string"
}
}
}
}
}
}
}
},
"remove": {
"type": "object",
"properties": {
"identities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"targetId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetIdentityId": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"additionalProperties": false,
"required": [
"id"
]
}Identity Collection Deletion Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "identities",
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
}Sample Output Code Snippet
{
"id": "group.OCI.accessgovtest.632e77bf5a9595695e1d8ec629c0a32a",
"domainId": "resource.OCI.accessgovtest.499e3f20709d30c915ff95f686b9b4e0",
"externalId": "ocid1.group.oc1..aaaaaaaa45mrsaj4pz22vjs5avgn3uvdqszgihpxic45aenjjugyevrizmtq",
"targetId": "9dff2808-ea31-41a3-81ed-5800190acf38",
"compartmentId": "resource.OCI.accessgovtest.194ec6f9cb821ab9aaf075f0e7f42bc2",
"name": "group-events",
"remove": {
"identities": []
},
"add": {
"identities": [
{
"externalId": "ff016cee1a8b4739bde4eb080c5b0b19",
"targetIdentityId": "targetId.account.OCI.accessgovtest.1810d44f39cf1bb7913e0ac3941fcaab",
"id": "globalId.june-stage-qa1-agent.29025.kbezqawho7s4aseb4u43vrzy53yiv7ylgfjqk223wpjc7j4ubq"
},
{
"externalId": "ff09a2c5bee34be0ad88564381f93fbd",
"targetIdentityId": "targetId.account.OCI.accessgovtest.2938067570ac7dea662f5978e49fa4fd",
"id": "globalId.ICF.EBS_HRMS_STAGE.b9c25ec7b8b5cbf9aeaa000f204a36d3"
},
{
"externalId": "fdbeefb62f0d4923b2bcd1ae1e657924",
"targetIdentityId": "targetId.account.OCI.accessgovtest.c562efca9023e59e798ef1d544bf0ce1",
"id": "globalId.OCI.accessgovtest.c562efca9023e59e798ef1d544bf0ce1"
},
{
"externalId": "fec6a739324843ecbc7d6add45180b58",
"targetIdentityId": "targetId.account.OCI.accessgovtest.d7ba12539289eaff44e2ea3b22297dc3",
"id": "globalId.OCI.accessgovtest.d7ba12539289eaff44e2ea3b22297dc3"
},
{
"externalId": "fdabd17eb42f47369b81aa66884162ff",
"targetIdentityId": "targetId.account.OCI.accessgovtest.025820803c0bad2da4da49f1df78e258",
"id": "globalId.OCI.accessgovtest.025820803c0bad2da4da49f1df78e258"
},
{
"externalId": "fe9ac7d01ae84cbb829bf08ddff1a869",
"targetIdentityId": "targetId.account.OCI.accessgovtest.a6ba9c0697027906f1396935714da8c5",
"id": "globalId.OCI.accessgovtest.a6ba9c0697027906f1396935714da8c5"
}
]
}
}Identity Collection Schema Attribute Definition
Here's the attribute definition for an identity collection export file. You'll only be able to publish OCI group details.
Table - Identity Collection Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for the resource within Oracle Access Governance. This also includes the orchestrated system information from where the resource value is ingested. |
| domainId | Unique domain identifier (OCID) associated with the identity collection (IAM group) ingested into Oracle Access Governance. This is applicable only for OCI orchestrated system and contains OCI IAM groups. |
| externalId | Refers to OCID of the object on the OCI console. For an OCI group, the external id may look like ocid1.group.oc1.ab1234a |
| targetId | Unique identifier for the orchestrated system integrated with Oracle Access Governance. |
| compartmentId | Unique compartment identifier (OCID) associated with the identity collection. This is applicable only for OCI orchestrated system and contains OCI IAM groups. |
| name | Identity collection name. |
| description | Identity collection description. |
| add | Array of identities included in the identity collection. |
| remove | Array of identities excluded from this identity collection. Update and Create operations share the same schema. However, when a new identity collection is created, you'll not receive any identities in this attribute. |
Policies Reference Schema and Sample Output File
Here's Policies schema for creation and deletion.
Policies Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"compartmentId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"policyStatementId": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"statement": {
"type": "string"
},
"subjects": {
"type": "array",
"items": {
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"type": {
"type": "string"
}
}
}
},
"verb": {
"type": "string"
},
"resourceType": {
"type": "string"
},
"location": {
"type": "object",
"properties": {
"compartment": {
"type": "string"
}
}
},
"tags": {
"type": "object"
}
}
},
"additionalProperties": false,
"required": [
"id"
]
}Policies Modification Schema
Policy Modifications are handled using a combination of create and delete operations. To update a policy, existing policy is first deleted before replacing it with a policy with new parameters.
Policies Deletion Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
},
"additionalProperties": false,
"required": [
"id"
]
}
}Sample Output Code Snippet
{
"headers": {
"eventId": "8788h161-acde-43a4-87e4-b6f01ca3aaf0",
"correlationId": "dc98e55c-f574-422f-a9ce-326fce9d9edc",
"eventTime": "2024-08-27T21:44:15.274034651Z",
"eventType": "com.oracle.idm.agcs.data.enablement.policyStatement.created",
"eventTypeVersion": "1.0",
"operation": "CREATE",
"messageType": "TARGET_ACCESS_POLICY_STATEMENT",
"status": "IN_PROGRESS",
"opcRequestId": <opc-request-id>,
"tenancyId": <tenancy-id>,
"serviceInstanceId": <service-instance-ocid>
},
"data": "[{\"id\":\"tapolicy.OCI.agcusttokyo.aed5bbcee30da0a828e76f01deef7090\",\"externalId\":\"ocid1.policy.oc1..aaaaaaaabgvxsco3avg772ehflmwvljaur75zvzdwh6y7wqhzhvcvp2mxtha\",\"targetId\":\"fdb6c5f7-6e3a-4f36-9dd0-a17993be389f\",\"policyStatementId\":\"tapolicystmt.OCI.agcusttokyo.a72df097dce1deecf8606c59b6dec588\",\"name\":\"DummyPolicy20Nov\",\"description\":\"DummyPolicy20Nov\",\"statement\":\"Allow group \\u0027TestAlpha\\u0027/\\u0027ComputeGroup\\u0027 to manage instance-family in tenancy\",\"subjects\":[{\"id\":\"TestAlpha/ComputeGroup\"}],\"verb\":\"MANAGE\",\"resourceTypes\":[\"VolumeAttachment\",\"InstanceConsoleConnection\",\"Instance\",\"AppCatalogListing\",\"ComputeCapacityReservation\",\"DedicatedVmHost\",\"AutoScalingConfiguration\",\"InstanceAgentCommand\",\"ConsoleHistory\"],\"location\":{\"compartment\":\"agcusttokyo\"}},{\"id\":\"tapolicy.OCI.agcusttokyo.aed5bbcee30da0a828e76f01deef7090\",\"externalId\":\"ocid1.policy.oc1..aaaaaaaabgvxsco3avg772ehflmwvljaur75zvzdwh6y7wqhzhvcvp2mxtha\",\"targetId\":\"fdb6c5f7-6e3a-4f36-9dd0-a17993be389f\",\"policyStatementId\":\"tapolicystmt.OCI.agcusttokyo.08940cfb6db80a7d9b4027e3c9994d51\",\"name\":\"DummyPolicy20Nov\",\"description\":\"DummyPolicy20Nov\",\"statement\":\"Allow group \\u0027TestAlpha\\u0027/\\u002726DecCloudCompute\\u0027 to read app-catalog-listing in tenancy\",\"subjects\":[{\"id\":\"TestAlpha/26DecCloudCompute\"}],\"verb\":\"READ\",\"resourceTypes\":[\"AppCatalogListing\"],\"location\":{\"compartment\":\"agcusttokyo\"}}]"
}Policies Schema Attribute Definition
Here's the attribute definition for policy export file.
Table - Policy Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for the policy assigned within Oracle Access Governance. |
| compartmentId | Unique compartment identifier (OCID) associated with the policy. This is applicable only for OCI policies. |
| externalId | Unique policy identifier in OCI, called OCID. For policy, the external id may look like ocid1.policy.oc1.aa1234 |
| policyStatementId | Unique identifier for each policy statement associated with the policy. |
| name | Policy name. |
| description | Policy description |
| statement | Policy rules governing control of resources. Each policy consists of one or more policy statements |
| subjects | Array of principals to which the access is granted by this policy, for example, IAM group-name. |
| verb | Access grant type assigned to a resource by using verbs in the policy. Possible verbs may be inspect, read, use, inspect. manage.
|
| resourceType | Array of resource types associated with a policy. It can be family resource-type or individual resource-type. For example, instance, volumes, volume-family, and so on. For more information, see Resource Types in OCI.
|
| location | Scope of access granted through this policy, such as specific compartment or entire tenancy. |
Resource Reference Schema and Sample
Here's resource schema for creation, modification, and deletion.
Resource Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "resources",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"resourceName": {
"type": "string"
},
"resourceType": {
"type": "string"
},
"description": {
"type": "string"
}
},
"additionalProperties": false
}
}Resource Modification Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "resources",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"resourceName": {
"type": "string"
},
"resourceType": {
"type": "string"
},
"description": {
"type": "string"
}
},
"additionalProperties": false
}
}Resource Deletion Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
},
"additionalProperties": false,
"required": [
"id"
]
}
}Sample Output Code Snippet
{
"id": "resource.ICF.ADUPDATE.4bbac5904b6302dc82871da2c9756fea",
"externalId": "48713388",
"targetId": "ade93352-e7d5-46e6-847a-c765be1f0aad",
"tenancyId": "ocid1.tenancy.oc1..aaaaaaaahvjxelu7yccuhj3wrq5uqiybu7f5tfxvwteiwaupnlkj4woz6ybq",
"resourceName": "ADUPDATE",
"resourceType": "AD",
"description": ""
}Resources Schema Attribute Definition
Here's the attribute definition for an resource export file.
Table - Resource Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier assigned within Oracle Access Governance for resource tracing. It also contains orchestrated system identifier from which the resource is ingested into Oracle Access Governance. |
| externalId | Unique resource identifier in OCI. |
| targetId | Unique identifier for the orchestrated system integrated with Oracle Access Governance. |
| tenancyId | Unique tenancy identifier (OCID) in which the resource is located. This is applicable only for OCI orchestrated system and contains OCI resources. |
| resourceName | Resource name. |
| resourceType | Resource Type |
| description | Resource description |
Resource to Policy Statement
Here's a schema for list of policies associated with a resource.
Policy Statement to Resource Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "accessPolicyStatementResourceMapping",
"type": "array",
"items": {
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"policies": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"policyStatementId": {
"type": "string"
}
}
}
}
}
}
}Sample Output Code Snippet
{
"compartmentId": "ocid1.tenancy.oc1..ppppppp2h5y42lkaalhtrwmqyinmwipjyxc3xmod4h7m3d2bmdjg6qwerty",
"id": "resource.OCI.agcusttokyo.1b65a16c154269702eea873f34cef690",
"externalId": "ocid1.database.oc1.ap-tokyo-1.anxhiljrzqwertya7o46ijh4nv3rjzpnqjwqidqh37rcptyngy5g46ebnlea",
"targetId": "e88d075e-d2a6-4f1d-8c1b-f472917b8770",
"policies": [
{
"id": "tapolicy.OCI.agcusttokyo.70ffb4c4f706aa55a5a35cb7902fe47a",
"externalId": "ocid1.policy.oc1..aaaaaaaaxkyqwertyenond5hoclrmmvhlxw3tjukgqbbstfmepigetr6ulqq",
"policyStatementId": "tapolicystmt.OCI.agcusttokyo.99cd276ef37300a357c0a1488dae2567"
}
]
}Resources to Policy Schema Attribute Definition
Here's the attribute definition for an identity export file.
Table - Resource to Policy Schema Attribute Definition
| Attributes | Description |
|---|---|
| compartmentId | Unique compartment identifier (OCID) associated with the resource. This is applicable only for OCI resources. |
| id | Unique identifier for the resource assigned within Oracle Access Governance. |
| externalId | Unique resource identifier in OCI, called resource OCID. |
| targetId | Unique identifier to identify orchestrated system associated with the resource. |
| policies | Array of policies attached to a resource. Each policy contains details like policy id, policy statement id, and external id to identify policies |
Policy Statement to Resource
Here's a schema for a policy statement associated with a list of resources.
Policy Statement to Resource Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "accessPolicyStatementResourceMapping",
"type": "array",
"items": {
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"policyStatementId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"resources": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
}
}
}
}
}
}
}Sample Output Code Snippet
{
"compartmentId": "ocid1.tenancy.oc1..aaaaaaaazp2vvzjsn6newkqrpkwndxpdoixtqfgyhnf4y24h7d5ny27h6f3q",
"id": "tapolicy.OCI.ag-test.58a173b97f94c6ff0046448470573609",
"externalId": "ocid1.policy.oc1..aaaaaaaa3axgfgqgc3f4xcbno5p7driojc2hnaxr3jw3pu5xs7lhkoopo55a",
"policyStatementId": "tapolicystmt.OCI.ag-test.2dc34ea12d5f0cbd7e9429029b257c99",
"targetId": "2879c2b3-721c-4ede-afc5-5aa6c3b54e99",
"resources": [
{
"id": "resource.OCI.ag-test.189fa43b2323037d1da11e6f0e488296",
"externalId": "ocid1.instance.oc1.me-abudhabi-1.anqxkljrebkbezqcpoofyvho44qcyb76uu75aonuhexk42ibcv4ohpfat5iq"
},
{
"id": "resource.OCI.ag-test.s563541re3fca34e7105fe5a7c516025",
"externalId": "ocid1.instance.oc1.iad.anuwcljsebkbezqcowg5so6mnuewanlrohoovt7ce54ujhuqxi3h75hm6mrq"
},
{
"id": "resource.OCI.ag-test.d3e8c10a5659d18dda403bf00e1e2aea",
"externalId": "ocid1.instance.oc1.iad.anuwcljtebkbezqcxvwlq62t4ldkyb5kkttgvyobqvuh3tltz7qjtxchldja"
},
{
"id": "resource.OCI.ag-test.c189f74e4c77ca6416f0d92bb2db9f2a",
"externalId": "ocid1.instance.oc1.us-sanjose-1.abcdejrebkbezqctftv5vbfucdb3amdgslvbptnjpdqyvporupbhr3sluqq"
},
{
"id": "resource.OCI.ag-test.a1f0662fd624e07c6b41e14fdf918591",
"externalId": "ocid1.instance.oc1.iad.abcdejtebkbezqctyoxut22u26pvej5wglyodyjen6fb7qqid3ovy4sfbxa"
},
{
"id": "resource.OCI.ag-test.8d177901e639e144b6289ed1d81fe255",
"externalId": "ocid1.instance.oc1.iad.qwertyjtebkbezqcoxwhqw4wfpmlozp5ghrhr74222jcivbdaannyo6a26xq"
},
{
"id": "resource.OCI.ag-test.81bdacf188ed585e3aca85a131e23df5",
"externalId": "ocid1.instance.oc1.iad.qwertyjtebkbezqcdtejri54el6u7dw4bvjmz5t2rzxar76oz5szigf2o4aq"
},
{
"id": "resource.OCI.ag-test.3883fc488ff0531274fcee9d87f00fd2",
"externalId": "ocid1.instance.oc1.iad.qwertyjtebkbezqczdrg677joyhxf2kdm2jzlzmetzzylox4lptxd2svbnva"
},
{
"id": "resource.OCI.ag-test.3480fad0d9bf8a3fe13c54028f13f66c",
"externalId": "ocid1.instance.oc1.us-sanjose-1.qwertyjrebkbezqcyrzc7xu3flvidhwoyssaoiyyewi3bidnnnuucpfjmwwq"
},
{
"id": "resource.OCI.ag-test.3480fad0d9bf8a3fe13c54028f13f66c",
"externalId": "ocid1.instance.oc1.us-sanjose-1.qwertyjrebkbezqcyrzc7xu3flvidhwoyssaoiyyewi3bidnnnuucpfjmwwq"
},
{
"id": "resource.OCI.ag-test.2a14a90e547488318d2bca0b30a247f1",
"externalId": "ocid1.instance.oc1.ad.qwertyjtebkbezqcwyajizhztiujrmmshn3cuqiou4vtodhv4femidlpj7ha"
}
]
}Policy to Resources Schema Attribute Definition
Here are the definitions of the attribute included in the policy access to resource export file.
| Attributes | Description |
|---|---|
| compartmentId | Unique compartment identifier (OCID) associated with a policy. This is applicable only for OCI policies. |
| id | Unique identifier for the policy assigned within Oracle Access Governance. |
| externalId | Unique policy identifier in OCI, called OCID. |
| targetId | Unique identifier to identify orchestrated system associated with the policy. |
| resources | Array of resources attached to a resource. Each policy contains details like policy id, policy statement id, and external id to identify policies |
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.