Get an Access Guardrail
get
/access-governance/access-controls/20250331/accessGuardrails/{accessGuardrailId}
Returns details of an access guardrail with a given ID.
Request
Path Parameters
-
accessGuardrailId(required): string
Unique Access Guardrail identifier
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Response
Supported Media Types
- application/json
200 Response
The Access Guardrail for the given id
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : AccessGuardrail
Type:
objectDescription of AccessGuardrail.
Show Source
-
actionOnFailure:
object ActionOnFailure
The information about remediation in case of condition failure.
-
createdBy:
string
User name of the use who created the AccessGuardrail.
-
description:
string
description of the AccessGuardrail.
-
id(required):
string
The Unique Oracle ID (OCID) that is immutable on creation.
-
isDetectiveViolationCheckEnabled:
boolean
Set to true for enabling detective violation check
-
lifecycleState(required):
string
Allowed Values:
[ "CREATING", "UPDATING", "ACTIVE", "INACTIVE", "DELETING", "DELETED", "FAILED" ]The current state of the AccessGuardrail. -
name:
string
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
-
owners:
array owners
List of owner entities
-
ownershipCollectionId:
string
Id of the ownership collection associated with the AccessGuardrail.
-
primaryOwnerDisplayName:
string
DisplayName of the primary owner.
-
rules:
object RuleCollection
Collection of rule.
-
tags:
array tags
Tags for the AccessGuardrail.
-
timeCreated:
string(date-time)
The time the the AccessGuardrail was created. An RFC3339 formatted datetime string
-
timeUpdated:
string(date-time)
The time the the AccessGuardrail was updated. An RFC3339 formatted datetime string
-
updatedBy:
string
User name of the use who updated the AccessGuardrail.
Nested Schema : ActionOnFailure
Type:
objectThe information about remediation in case of condition failure.
Show Source
-
actionType(required):
string
Allowed Values:
[ "REVOKE_IMMEDIATELY", "REVOKE_LATER" ]Action to be taken in case of access guardrail evaluation results in failure. -
revokeLaterAfterNumberOfDays:
integer
Minimum Value:
0Maximum Value:90Revoke permission after number of days. -
risk:
string
Allowed Values:
[ "HIGH", "LOW" ]Risk associated with action on failure. -
shouldUserManagerBeNotified(required):
boolean
Should the user manager be notified in case of access guardrail evaluation results in failure.
Nested Schema : owners
Type:
arrayList of owner entities
Show Source
-
Array of:
object OwnerSummary
Owner entity object
Nested Schema : RuleCollection
Type:
objectCollection of rule.
Show Source
-
items(required):
array items
List of rule.
Nested Schema : OwnerSummary
Type:
objectOwner entity object
Show Source
-
id(required):
string
Unique identifier that is immutable on creation
-
isPrimary(required):
boolean
Is this entity the primary owner?
-
name(required):
string
Name of the owner
Nested Schema : items
Type:
arrayList of rule.
Show Source
-
Array of:
object Rule
The information about Rule.
Nested Schema : Rule
Type:
objectThe information about Rule.
Show Source
-
conditions(required):
object ConditionCollection
Collection of conditions.
-
id:
string
AGCS Rule ID
-
operator(required):
string
Allowed Values:
[ "AND", "OR" ]Rule operator for the rule. -
type(required):
string
Allowed Values:
[ "DEFAULT" ]Type of rule used for parsing the rule.
Nested Schema : ConditionCollection
Type:
objectCollection of conditions.
Show Source
-
items(required):
array items
List of condition.
Nested Schema : items
Type:
arrayList of condition.
Show Source
-
Array of:
object Condition
The information about Condition.
Nested Schema : Condition
Type:
objectThe information about Condition.
Show Source
-
additionalAttributes:
object additionalAttributes
Additional Properties Allowed: additionalPropertiesAdditional attributes for additional information related to the condition.
-
basicCondition(required):
object BasicCondition
The information about Condition.
-
childConditions:
object BasicConditionCollection
Collection of conditions.
-
type(required):
string
Allowed Values:
[ "IDENTITY_ATTRIBUTE", "PERMISSION", "DOES_NOT_HAVE_PERMISSION" ]The type for AG Resource.
Nested Schema : additionalAttributes
Type:
objectAdditional Properties Allowed
Show Source
Additional attributes for additional information related to the condition.
Nested Schema : BasicCondition
Type:
objectThe information about Condition.
Show Source
-
dataType:
string
Allowed Values:
[ "STRING", "NUMBER", "BOOLEAN", "DATE" ]Data type for the condition Identifier -
displayName(required):
string
Minimum Length:
1Maximum Length:255Access Guardrails Identifier -
lhs(required):
string
Minimum Length:
1Maximum Length:512Left hand side of the condition. -
operator(required):
string
Allowed Values:
[ "EQ", "NE", "GT", "LT", "GTE", "LTE", "BEFORE", "AFTER", "TILL", "FROM", "BETWEEN", "NOT_BETWEEN", "IN", "NOT_IN", "CONTAINS", "NOT_CONTAINS", "BEGINS_WITH", "NOT_BEGINS_WITH", "ENDS_WITH", "NOT_ENDS_WITH", "IS_NULL", "IS_NOT_NULL", "EQUAL_WITH_NULL" ]The operator for a access guardrail. -
rhs(required):
array rhs
Right hand side of the condition.
-
rhsUiDetails:
array rhsUiDetails
Right hand side details of the condition.
Nested Schema : BasicConditionCollection
Type:
objectCollection of conditions.
Show Source
-
items(required):
array items
List of condition.
Nested Schema : rhsUiDetails
Type:
arrayRight hand side details of the condition.
Show Source
-
Array of:
object UiDetail
Ui detail for rendering values on UI
Nested Schema : UiDetail
Type:
objectUi detail for rendering values on UI
Show Source
-
name(required):
string
Name of value
-
value(required):
string
Value
Nested Schema : items
Type:
arrayList of condition.
Show Source
-
Array of:
object BasicCondition
The information about Condition.
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to retrieve a details for a specific Access Guardrail. Replace placeholder values with actual values before running the sample command.
cURL Example - Without Query Parameters
curl -i -X GET \
-H "Authorization:Bearer <your access token>" \
'${service-instance-url}/access-governance/access-controls/${version}/accessGuardrails/${accessGuardrailsID}'Example of the Response Body
The following example shows the contents of the response body in JSON format:
{
"id" : "01ffca11-xxxx-4d8f-bd89-b04xxxxxb0b",
"name" : "ITS_Ownership_AccessGuardrail",
"description" : "ITS_Ownership_AccessGuardrail",
"timeCreated" : "2025-03-25T06:31:58.548Z",
"timeUpdated" : "2025-03-25T06:31:58.548Z",
"lifecycleState" : "ACTIVE",
"isDetectiveViolationCheckEnabled" : false,
"tags" : [ ],
"rules" : {
"items" : [ {
"id" : "87e3286f-2273-4860-xxxx-4da56e2cdba6",
"type" : "DEFAULT",
"operator" : "OR",
"conditions" : {
"items" : [ {
"type" : "IDENTITY_ATTRIBUTE",
"basicCondition" : {
"displayName" : "Status",
"operator" : "EQ",
"lhs" : "status",
"rhs" : [ "Active" ],
"rhsUiDetails" : [ ],
"dataType" : "STRING"
},
"childConditions" : {
"items" : [ ]
},
"additionalAttributes" : null
} ]
}
} ]
},
"actionOnFailure" : {
"actionType" : "REVOKE_IMMEDIATELY",
"risk" : "HIGH",
"revokeLaterAfterNumberOfDays" : 0,
"shouldUserManagerBeNotified" : false
},
"ownershipCollectionId" : "cb40e8bd-2a1f-4ef5-9202-1a6cxxxxa0",
"primaryOwnerDisplayName" : "Amel Maclead",
"owners" : [ {
"id" : "globalId.125123c3-eedc-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b20142xxxxxx3ceb16a",
"name" : "Amel Maclead",
"isPrimary" : true
} ],
"createdBy" : "Amel Maclead",
"updatedBy" : "Amel Maclead"
}