Oracle Access Governance REST APIs

Update the Access Guardrail identified by id

put

/access-governance/access-controls/20250331/accessGuardrails/{accessGuardrailId}

Updates the Access Guardrail. Currently, when editing access guardrails via the UI, fields related to condition handling may need to be reapplied.

Request

Path Parameters

accessGuardrailId(required): string

Unique Access Guardrail identifier

Header Parameters

if-match: string

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the `if-match` parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource's current etag value.
opc-request-id: string

The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.

The information to be updated.

Root Schema : UpdateAccessGuardrailDetails

Type: object

The information to be updated.

Show Source

actionOnFailure: object ActionOnFailure

The information about remediation in case of condition failure.
description: string

Minimum Length: 0

Maximum Length: 4000

Description of the AccessGuardrail.
isDetectiveViolationCheckEnabled: boolean

Set to true for enabling detective violation check
name: string

Minimum Length: 0

Maximum Length: 255

AccessGuardrail Identifier
owners: array owners

List of owner entities.
rules: object RuleCollection

Collection of rule.
tags: array tags

Tags for the AccessGuardrail.

{
    "type":"object",
    "properties":{
        "name":{
            "type":"string",
            "description":"AccessGuardrail Identifier",
            "minLength":0,
            "maxLength":255
        },
        "description":{
            "type":"string",
            "description":"Description of the AccessGuardrail.",
            "minLength":0,
            "maxLength":4000
        },
        "isDetectiveViolationCheckEnabled":{
            "type":"boolean",
            "description":"Set to true for enabling detective violation check"
        },
        "tags":{
            "type":"array",
            "description":"Tags for the AccessGuardrail.",
            "items":{
                "type":"string"
            }
        },
        "rules":{
            "$ref":"#/definitions/RuleCollection"
        },
        "actionOnFailure":{
            "$ref":"#/definitions/ActionOnFailure"
        },
        "owners":{
            "type":"array",
            "description":"List of owner entities.",
            "items":{
                "$ref":"#/definitions/OwnerSummary"
            }
        }
    },
    "description":"The information to be updated."
}

Nested Schema : ActionOnFailure

Type: object

The information about remediation in case of condition failure.

Show Source

actionType(required): string

Allowed Values: [ "REVOKE_IMMEDIATELY", "REVOKE_LATER" ]

Action to be taken in case of access guardrail evaluation results in failure.
revokeLaterAfterNumberOfDays: integer

Minimum Value: 0

Maximum Value: 90

Revoke permission after number of days.
risk: string

Allowed Values: [ "HIGH", "LOW" ]

Risk associated with action on failure.
shouldUserManagerBeNotified(required): boolean

Should the user manager be notified in case of access guardrail evaluation results in failure.

{
    "type":"object",
    "required":[
        "actionType",
        "shouldUserManagerBeNotified"
    ],
    "properties":{
        "actionType":{
            "type":"string",
            "description":"Action to be taken in case of access guardrail evaluation results in failure.",
            "enum":[
                "REVOKE_IMMEDIATELY",
                "REVOKE_LATER"
            ],
            "x-obmcs-top-level-enum":"#/definitions/ActionType"
        },
        "risk":{
            "type":"string",
            "description":"Risk associated with action on failure.",
            "enum":[
                "HIGH",
                "LOW"
            ],
            "x-obmcs-top-level-enum":"#/definitions/Risk"
        },
        "revokeLaterAfterNumberOfDays":{
            "type":"integer",
            "description":"Revoke permission after number of days.",
            "minimum":0,
            "maximum":90
        },
        "shouldUserManagerBeNotified":{
            "type":"boolean",
            "description":"Should the user manager be notified in case of access guardrail evaluation results in failure."
        }
    },
    "description":"The information about remediation in case of condition failure."
}

Nested Schema : owners

Type: array

List of owner entities.

Show Source

Array of: object OwnerSummary

Owner entity object

{
    "type":"array",
    "description":"List of owner entities.",
    "items":{
        "$ref":"#/definitions/OwnerSummary"
    }
}

Nested Schema : RuleCollection

Type: object

Collection of rule.

Show Source

items(required): array items

List of rule.

{
    "type":"object",
    "required":[
        "items"
    ],
    "properties":{
        "items":{
            "type":"array",
            "description":"List of rule.",
            "items":{
                "$ref":"#/definitions/Rule"
            }
        }
    },
    "description":"Collection of rule."
}

Nested Schema : tags

Type: array

Tags for the AccessGuardrail.

Show Source

Array of: string

{
    "type":"array",
    "description":"Tags for the AccessGuardrail.",
    "items":{
        "type":"string"
    }
}

Nested Schema : OwnerSummary

Type: object

Owner entity object

Show Source

id(required): string

Unique identifier that is immutable on creation
isPrimary(required): boolean

Is this entity the primary owner?
name(required): string

Name of the owner

{
    "type":"object",
    "required":[
        "id",
        "isPrimary",
        "name"
    ],
    "properties":{
        "id":{
            "type":"string",
            "description":"Unique identifier that is immutable on creation"
        },
        "name":{
            "type":"string",
            "description":"Name of the owner"
        },
        "isPrimary":{
            "type":"boolean",
            "description":"Is this entity the primary owner?"
        }
    },
    "description":"Owner entity object"
}

Nested Schema : items

Type: array

List of rule.

Show Source

Array of: object Rule

The information about Rule.

{
    "type":"array",
    "description":"List of rule.",
    "items":{
        "$ref":"#/definitions/Rule"
    }
}

Nested Schema : Rule

Type: object

The information about Rule.

Show Source

conditions(required): object ConditionCollection

Collection of conditions.
id: string

AGCS Rule ID. Required when updating guardrail.
operator(required): string

Allowed Values: [ "AND", "OR" ]

Rule operator for the rule.
type(required): string

Allowed Values: [ "DEFAULT" ]

Type of rule used for parsing the rule.

{
    "type":"object",
    "required":[
        "conditions",
        "operator",
        "type"
    ],
    "properties":{
        "id":{
            "type":"string",
            "description":"AGCS Rule ID. Required when updating guardrail."
        },
        "type":{
            "type":"string",
            "description":"Type of rule used for parsing the rule.",
            "enum":[
                "DEFAULT"
            ]
        },
        "operator":{
            "type":"string",
            "description":"Rule operator for the rule.",
            "enum":[
                "AND",
                "OR"
            ],
            "x-obmcs-top-level-enum":"#/definitions/RuleOperator"
        },
        "conditions":{
            "$ref":"#/definitions/ConditionCollection"
        }
    },
    "description":"The information about Rule."
}

Nested Schema : ConditionCollection

Type: object

Collection of conditions.

Show Source

items(required): array items

List of condition.

{
    "type":"object",
    "required":[
        "items"
    ],
    "properties":{
        "items":{
            "type":"array",
            "description":"List of condition.",
            "items":{
                "$ref":"#/definitions/Condition"
            }
        }
    },
    "description":"Collection of conditions."
}

Nested Schema : items

Type: array

List of condition.

Show Source

Array of: object Condition

The information about Condition.

{
    "type":"array",
    "description":"List of condition.",
    "items":{
        "$ref":"#/definitions/Condition"
    }
}

Nested Schema : Condition

Type: object

The information about Condition.

Show Source

additionalAttributes: object additionalAttributes

Additional Properties Allowed: additionalProperties

Additional attributes for additional information related to the condition.
basicCondition(required): object BasicCondition

The information about condition.
childConditions: object BasicConditionCollection

Collection of conditions.
type(required): string

Allowed Values: [ "IDENTITY_ATTRIBUTE", "PERMISSION", "DOES_NOT_HAVE_PERMISSION" ]

The type for AG Resource.

{
    "type":"object",
    "required":[
        "basicCondition",
        "type"
    ],
    "properties":{
        "type":{
            "type":"string",
            "description":"The type for AG Resource.",
            "enum":[
                "IDENTITY_ATTRIBUTE",
                "PERMISSION",
                "DOES_NOT_HAVE_PERMISSION"
            ]
        },
        "basicCondition":{
            "$ref":"#/definitions/BasicCondition"
        },
        "childConditions":{
            "$ref":"#/definitions/BasicConditionCollection"
        },
        "additionalAttributes":{
            "type":"object",
            "description":"Additional attributes for additional information related to the condition.",
            "additionalProperties":{
                "type":"string"
            }
        }
    },
    "description":"The information about Condition."
}

Nested Schema : additionalAttributes

Type: object

Additional Properties Allowed

Show Source

string

{
    "type":"object",
    "description":"Additional attributes for additional information related to the condition.",
    "additionalProperties":{
        "type":"string"
    }
}

Additional attributes for additional information related to the condition.

Nested Schema : BasicCondition

Type: object

The information about condition.

Show Source

dataType: string

Allowed Values: [ "STRING", "NUMBER", "BOOLEAN", "DATE" ]

Data type for the condition identifier (lhs)
displayName(required): string

Minimum Length: 1

Maximum Length: 255

Access Guardrails Identifier
lhs(required): string

Minimum Length: 1

Maximum Length: 512

Left hand side of the condition.
operator(required): string

Allowed Values: [ "EQ", "NE", "GT", "LT", "GTE", "LTE", "BEFORE", "AFTER", "TILL", "FROM", "BETWEEN", "NOT_BETWEEN", "IN", "NOT_IN", "CONTAINS", "NOT_CONTAINS", "BEGINS_WITH", "NOT_BEGINS_WITH", "ENDS_WITH", "NOT_ENDS_WITH", "IS_NULL", "IS_NOT_NULL", "EQUAL_WITH_NULL" ]

The operator for a access guardrail.
rhs(required): array rhs

Right hand side of the condition.

{
    "type":"object",
    "required":[
        "displayName",
        "lhs",
        "operator",
        "rhs"
    ],
    "properties":{
        "displayName":{
            "type":"string",
            "description":"Access Guardrails Identifier",
            "minLength":1,
            "maxLength":255
        },
        "operator":{
            "type":"string",
            "description":"The operator for a access guardrail.",
            "enum":[
                "EQ",
                "NE",
                "GT",
                "LT",
                "GTE",
                "LTE",
                "BEFORE",
                "AFTER",
                "TILL",
                "FROM",
                "BETWEEN",
                "NOT_BETWEEN",
                "IN",
                "NOT_IN",
                "CONTAINS",
                "NOT_CONTAINS",
                "BEGINS_WITH",
                "NOT_BEGINS_WITH",
                "ENDS_WITH",
                "NOT_ENDS_WITH",
                "IS_NULL",
                "IS_NOT_NULL",
                "EQUAL_WITH_NULL"
            ],
            "x-obmcs-top-level-enum":"#/definitions/ConditionOperator"
        },
        "lhs":{
            "type":"string",
            "description":"Left hand side of the condition.",
            "minLength":1,
            "maxLength":512
        },
        "rhs":{
            "type":"array",
            "description":"Right hand side of the condition.",
            "items":{
                "type":"string"
            }
        },
        "dataType":{
            "type":"string",
            "description":"Data type for the condition identifier (lhs)",
            "enum":[
                "STRING",
                "NUMBER",
                "BOOLEAN",
                "DATE"
            ],
            "x-obmcs-top-level-enum":"#/definitions/DataType"
        }
    },
    "description":"The information about condition."
}

Nested Schema : BasicConditionCollection

Type: object

Collection of conditions.

Show Source

items(required): array items

List of condition.

{
    "type":"object",
    "required":[
        "items"
    ],
    "properties":{
        "items":{
            "type":"array",
            "description":"List of condition.",
            "items":{
                "$ref":"#/definitions/BasicCondition"
            }
        }
    },
    "description":"Collection of conditions."
}

Nested Schema : rhs

Type: array

Right hand side of the condition.

Show Source

Array of: string

{
    "type":"array",
    "description":"Right hand side of the condition.",
    "items":{
        "type":"string"
    }
}

Nested Schema : items

Type: array

List of condition.

Show Source

Array of: object BasicCondition

The information about condition.

{
    "type":"array",
    "description":"List of condition.",
    "items":{
        "$ref":"#/definitions/BasicCondition"
    }
}

Response

Supported Media Types

application/json

200 Response

The Access Guardrail was successfully updated.

Headers

etag: string

For optimistic concurrency control. See `if-match`.
opc-request-id: string

Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Root Schema : AccessGuardrail

Type: object

Description of AccessGuardrail.

Show Source

actionOnFailure: object ActionOnFailure

The information about remediation in case of condition failure.
createdBy: string

User name of the use who created the AccessGuardrail.
description: string

description of the AccessGuardrail.
id(required): string

The Unique Oracle ID (OCID) that is immutable on creation.
isDetectiveViolationCheckEnabled: boolean

Set to true for enabling detective violation check
lifecycleState(required): string

Allowed Values: [ "CREATING", "UPDATING", "ACTIVE", "INACTIVE", "DELETING", "DELETED", "FAILED" ]

The current state of the AccessGuardrail.
name: string

A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
owners: array owners

List of owner entities
ownershipCollectionId: string

Id of the ownership collection associated with the AccessGuardrail.
primaryOwnerDisplayName: string

DisplayName of the primary owner.
rules: object RuleCollection

Collection of rule.
tags: array tags

Tags for the AccessGuardrail.
timeCreated: string(date-time)

The time the the AccessGuardrail was created. An RFC3339 formatted datetime string
timeUpdated: string(date-time)

The time the the AccessGuardrail was updated. An RFC3339 formatted datetime string
updatedBy: string

User name of the use who updated the AccessGuardrail.

{
    "type":"object",
    "required":[
        "id",
        "lifecycleState"
    ],
    "properties":{
        "id":{
            "type":"string",
            "description":"The Unique Oracle ID (OCID) that is immutable on creation."
        },
        "name":{
            "type":"string",
            "description":"A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information."
        },
        "description":{
            "type":"string",
            "description":"description of the AccessGuardrail."
        },
        "timeCreated":{
            "type":"string",
            "format":"date-time",
            "description":"The time the the AccessGuardrail was created. An RFC3339 formatted datetime string"
        },
        "timeUpdated":{
            "type":"string",
            "format":"date-time",
            "description":"The time the the AccessGuardrail was updated. An RFC3339 formatted datetime string"
        },
        "lifecycleState":{
            "type":"string",
            "description":"The current state of the AccessGuardrail.",
            "enum":[
                "CREATING",
                "UPDATING",
                "ACTIVE",
                "INACTIVE",
                "DELETING",
                "DELETED",
                "FAILED"
            ],
            "x-obmcs-top-level-enum":"#/definitions/AccessGuardrailLifecycleState"
        },
        "isDetectiveViolationCheckEnabled":{
            "type":"boolean",
            "description":"Set to true for enabling detective violation check"
        },
        "tags":{
            "type":"array",
            "description":"Tags for the AccessGuardrail.",
            "items":{
                "type":"string"
            }
        },
        "rules":{
            "$ref":"#/definitions/RuleCollection"
        },
        "actionOnFailure":{
            "$ref":"#/definitions/ActionOnFailure"
        },
        "ownershipCollectionId":{
            "type":"string",
            "description":"Id of the ownership collection associated with the AccessGuardrail."
        },
        "primaryOwnerDisplayName":{
            "type":"string",
            "description":"DisplayName of the primary owner."
        },
        "owners":{
            "type":"array",
            "description":"List of owner entities",
            "items":{
                "$ref":"#/definitions/OwnerSummary"
            }
        },
        "createdBy":{
            "type":"string",
            "description":"User name of the use who created the AccessGuardrail."
        },
        "updatedBy":{
            "type":"string",
            "description":"User name of the use who updated the AccessGuardrail."
        }
    },
    "description":"Description of AccessGuardrail."
}

Nested Schema : ActionOnFailure

Type: object

The information about remediation in case of condition failure.

Show Source

actionType(required): string

Allowed Values: [ "REVOKE_IMMEDIATELY", "REVOKE_LATER" ]

Action to be taken in case of access guardrail evaluation results in failure.
revokeLaterAfterNumberOfDays: integer

Minimum Value: 0

Maximum Value: 90

Revoke permission after number of days.
risk: string

Allowed Values: [ "HIGH", "LOW" ]

Risk associated with action on failure.
shouldUserManagerBeNotified(required): boolean

Should the user manager be notified in case of access guardrail evaluation results in failure.

{
    "type":"object",
    "required":[
        "actionType",
        "shouldUserManagerBeNotified"
    ],
    "properties":{
        "actionType":{
            "type":"string",
            "description":"Action to be taken in case of access guardrail evaluation results in failure.",
            "enum":[
                "REVOKE_IMMEDIATELY",
                "REVOKE_LATER"
            ],
            "x-obmcs-top-level-enum":"#/definitions/ActionType"
        },
        "risk":{
            "type":"string",
            "description":"Risk associated with action on failure.",
            "enum":[
                "HIGH",
                "LOW"
            ],
            "x-obmcs-top-level-enum":"#/definitions/Risk"
        },
        "revokeLaterAfterNumberOfDays":{
            "type":"integer",
            "description":"Revoke permission after number of days.",
            "minimum":0,
            "maximum":90
        },
        "shouldUserManagerBeNotified":{
            "type":"boolean",
            "description":"Should the user manager be notified in case of access guardrail evaluation results in failure."
        }
    },
    "description":"The information about remediation in case of condition failure."
}

Nested Schema : owners

Type: array

List of owner entities

Show Source

Array of: object OwnerSummary

Owner entity object

{
    "type":"array",
    "description":"List of owner entities",
    "items":{
        "$ref":"#/definitions/OwnerSummary"
    }
}

Nested Schema : RuleCollection

Type: object

Collection of rule.

Show Source

items(required): array items

List of rule.

{
    "type":"object",
    "required":[
        "items"
    ],
    "properties":{
        "items":{
            "type":"array",
            "description":"List of rule.",
            "items":{
                "$ref":"#/definitions/Rule"
            }
        }
    },
    "description":"Collection of rule."
}

Nested Schema : tags

Type: array

Tags for the AccessGuardrail.

Show Source

Array of: string

{
    "type":"array",
    "description":"Tags for the AccessGuardrail.",
    "items":{
        "type":"string"
    }
}

Nested Schema : OwnerSummary

Type: object

Owner entity object

Show Source

id(required): string

Unique identifier that is immutable on creation
isPrimary(required): boolean

Is this entity the primary owner?
name(required): string

Name of the owner

{
    "type":"object",
    "required":[
        "id",
        "isPrimary",
        "name"
    ],
    "properties":{
        "id":{
            "type":"string",
            "description":"Unique identifier that is immutable on creation"
        },
        "name":{
            "type":"string",
            "description":"Name of the owner"
        },
        "isPrimary":{
            "type":"boolean",
            "description":"Is this entity the primary owner?"
        }
    },
    "description":"Owner entity object"
}

Nested Schema : items

Type: array

List of rule.

Show Source

Array of: object Rule

The information about Rule.

{
    "type":"array",
    "description":"List of rule.",
    "items":{
        "$ref":"#/definitions/Rule"
    }
}

Nested Schema : Rule

Type: object

The information about Rule.

Show Source

conditions(required): object ConditionCollection

Collection of conditions.
id: string

AGCS Rule ID. Required when updating guardrail.
operator(required): string

Allowed Values: [ "AND", "OR" ]

Rule operator for the rule.
type(required): string

Allowed Values: [ "DEFAULT" ]

Type of rule used for parsing the rule.

{
    "type":"object",
    "required":[
        "conditions",
        "operator",
        "type"
    ],
    "properties":{
        "id":{
            "type":"string",
            "description":"AGCS Rule ID. Required when updating guardrail."
        },
        "type":{
            "type":"string",
            "description":"Type of rule used for parsing the rule.",
            "enum":[
                "DEFAULT"
            ]
        },
        "operator":{
            "type":"string",
            "description":"Rule operator for the rule.",
            "enum":[
                "AND",
                "OR"
            ],
            "x-obmcs-top-level-enum":"#/definitions/RuleOperator"
        },
        "conditions":{
            "$ref":"#/definitions/ConditionCollection"
        }
    },
    "description":"The information about Rule."
}

Nested Schema : ConditionCollection

Type: object

Collection of conditions.

Show Source

items(required): array items

List of condition.

{
    "type":"object",
    "required":[
        "items"
    ],
    "properties":{
        "items":{
            "type":"array",
            "description":"List of condition.",
            "items":{
                "$ref":"#/definitions/Condition"
            }
        }
    },
    "description":"Collection of conditions."
}

Nested Schema : items

Type: array

List of condition.

Show Source

Array of: object Condition

The information about Condition.

{
    "type":"array",
    "description":"List of condition.",
    "items":{
        "$ref":"#/definitions/Condition"
    }
}

Nested Schema : Condition

Type: object

The information about Condition.

Show Source

additionalAttributes: object additionalAttributes

Additional Properties Allowed: additionalProperties

Additional attributes for additional information related to the condition.
basicCondition(required): object BasicCondition

The information about condition.
childConditions: object BasicConditionCollection

Collection of conditions.
type(required): string

Allowed Values: [ "IDENTITY_ATTRIBUTE", "PERMISSION", "DOES_NOT_HAVE_PERMISSION" ]

The type for AG Resource.

{
    "type":"object",
    "required":[
        "basicCondition",
        "type"
    ],
    "properties":{
        "type":{
            "type":"string",
            "description":"The type for AG Resource.",
            "enum":[
                "IDENTITY_ATTRIBUTE",
                "PERMISSION",
                "DOES_NOT_HAVE_PERMISSION"
            ]
        },
        "basicCondition":{
            "$ref":"#/definitions/BasicCondition"
        },
        "childConditions":{
            "$ref":"#/definitions/BasicConditionCollection"
        },
        "additionalAttributes":{
            "type":"object",
            "description":"Additional attributes for additional information related to the condition.",
            "additionalProperties":{
                "type":"string"
            }
        }
    },
    "description":"The information about Condition."
}

Nested Schema : additionalAttributes

Type: object

Additional Properties Allowed

Show Source

string

{
    "type":"object",
    "description":"Additional attributes for additional information related to the condition.",
    "additionalProperties":{
        "type":"string"
    }
}

Additional attributes for additional information related to the condition.

Nested Schema : BasicCondition

Type: object

The information about condition.

Show Source

dataType: string

Allowed Values: [ "STRING", "NUMBER", "BOOLEAN", "DATE" ]

Data type for the condition identifier (lhs)
displayName(required): string

Minimum Length: 1

Maximum Length: 255

Access Guardrails Identifier
lhs(required): string

Minimum Length: 1

Maximum Length: 512

Left hand side of the condition.
operator(required): string

Allowed Values: [ "EQ", "NE", "GT", "LT", "GTE", "LTE", "BEFORE", "AFTER", "TILL", "FROM", "BETWEEN", "NOT_BETWEEN", "IN", "NOT_IN", "CONTAINS", "NOT_CONTAINS", "BEGINS_WITH", "NOT_BEGINS_WITH", "ENDS_WITH", "NOT_ENDS_WITH", "IS_NULL", "IS_NOT_NULL", "EQUAL_WITH_NULL" ]

The operator for a access guardrail.
rhs(required): array rhs

Right hand side of the condition.

{
    "type":"object",
    "required":[
        "displayName",
        "lhs",
        "operator",
        "rhs"
    ],
    "properties":{
        "displayName":{
            "type":"string",
            "description":"Access Guardrails Identifier",
            "minLength":1,
            "maxLength":255
        },
        "operator":{
            "type":"string",
            "description":"The operator for a access guardrail.",
            "enum":[
                "EQ",
                "NE",
                "GT",
                "LT",
                "GTE",
                "LTE",
                "BEFORE",
                "AFTER",
                "TILL",
                "FROM",
                "BETWEEN",
                "NOT_BETWEEN",
                "IN",
                "NOT_IN",
                "CONTAINS",
                "NOT_CONTAINS",
                "BEGINS_WITH",
                "NOT_BEGINS_WITH",
                "ENDS_WITH",
                "NOT_ENDS_WITH",
                "IS_NULL",
                "IS_NOT_NULL",
                "EQUAL_WITH_NULL"
            ],
            "x-obmcs-top-level-enum":"#/definitions/ConditionOperator"
        },
        "lhs":{
            "type":"string",
            "description":"Left hand side of the condition.",
            "minLength":1,
            "maxLength":512
        },
        "rhs":{
            "type":"array",
            "description":"Right hand side of the condition.",
            "items":{
                "type":"string"
            }
        },
        "dataType":{
            "type":"string",
            "description":"Data type for the condition identifier (lhs)",
            "enum":[
                "STRING",
                "NUMBER",
                "BOOLEAN",
                "DATE"
            ],
            "x-obmcs-top-level-enum":"#/definitions/DataType"
        }
    },
    "description":"The information about condition."
}

Nested Schema : BasicConditionCollection

Type: object

Collection of conditions.

Show Source

items(required): array items

List of condition.

{
    "type":"object",
    "required":[
        "items"
    ],
    "properties":{
        "items":{
            "type":"array",
            "description":"List of condition.",
            "items":{
                "$ref":"#/definitions/BasicCondition"
            }
        }
    },
    "description":"Collection of conditions."
}

Nested Schema : rhs

Type: array

Right hand side of the condition.

Show Source

Array of: string

{
    "type":"array",
    "description":"Right hand side of the condition.",
    "items":{
        "type":"string"
    }
}

Nested Schema : items

Type: array

List of condition.

Show Source

Array of: object BasicCondition

The information about condition.

{
    "type":"array",
    "description":"List of condition.",
    "items":{
        "$ref":"#/definitions/BasicCondition"
    }
}

400 Response

Bad Request

Headers

opc-request-id: string

Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Root Schema : Error

Type: object

Error Information.

Show Source

code(required): string

A short error code that defines the error, meant for programmatic parsing.
message(required): string

A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

401 Response

Unauthorized

Headers

opc-request-id: string

Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Root Schema : Error

Type: object

Error Information.

Show Source

code(required): string

A short error code that defines the error, meant for programmatic parsing.
message(required): string

A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

404 Response

Not Found

Headers

opc-request-id: string

Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Root Schema : Error

Type: object

Error Information.

Show Source

code(required): string

A short error code that defines the error, meant for programmatic parsing.
message(required): string

A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

412 Response

Precondition failed

Headers

opc-request-id: string

Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Root Schema : Error

Type: object

Error Information.

Show Source

code(required): string

A short error code that defines the error, meant for programmatic parsing.
message(required): string

A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

429 Response

Too Many Requests

Headers

opc-request-id: string

Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Root Schema : Error

Type: object

Error Information.

Show Source

code(required): string

A short error code that defines the error, meant for programmatic parsing.
message(required): string

A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

500 Response

Internal Server Error

Headers

opc-request-id: string

Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Root Schema : Error

Type: object

Error Information.

Show Source

code(required): string

A short error code that defines the error, meant for programmatic parsing.
message(required): string

A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

Default Response

Unknown Error

Headers

opc-request-id: string

Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Root Schema : Error

Type: object

Error Information.

Show Source

code(required): string

A short error code that defines the error, meant for programmatic parsing.
message(required): string

A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

Examples

The following example shows how to update a access guardrail by submitting a PUT request. In this example, as an extension to create example, we will add another condition.

Note:

Generate Access Token using grant_type = password.

cURL Example

curl -i -L -X PUT \
   -H "Authorization:Bearer <your-access-token>" \
   -H "Content-Type:application/json" \
   -d \
'{
  "name": "employee-organization-guardrail",
  "description": "Enforces access control based on employee type and organization",
  "isDetectiveViolationCheckEnabled": true,
  "tags": ["identity-attribute"],
  "rules": {
    "items": [
      {
        "id": "rule-xxx-1",
        "type": "DEFAULT",
        "operator": "AND",
        "conditions": {
          "items": [
            {
              "type": "IDENTITY_ATTRIBUTE",
              "basicCondition": {
                "displayName": "Employee type",
                "operator": "EQ",
                "lhs": "userType",
                "rhs": ["Employee"],
                "rhsUiDetails": [],
                "dataType": "STRING"
              },
              "childConditions": {
                "items": []
              },
              "additionalAttributes": null
            },
            {
              "type": "IDENTITY_ATTRIBUTE",
              "basicCondition": {
                "displayName": "Source organization",
                "operator": "IN",
                "lhs": "organization.displayName",
                "rhs": [
                  "Org A",
                  "Org B",
                  "Org C",
                  "Org D",
                  "Org E",
                  "Org F"
                ],
                "rhsUiDetails": [],
                "dataType": "STRING"
              },
              "childConditions": {
                "items": []
              },
              "additionalAttributes": null
            }
          ]
        }
      }
    ]
  },
  "actionOnFailure": {
    "actionType": "REVOKE_LATER",
    "risk": "LOW",
    "revokeLaterAfterNumberOfDays": 10,
    "shouldUserManagerBeNotified": false
  },
  "owners": [
    {
      "id": "ocid1.tenancy.oc1..xxxxxxownerid",
      "name": "John Doe",
      "isPrimary": true
    }
  ]
}' \
 '<${service-instance-url}/access-governance/access-controls/20250331/accessGuardrails/${accessGuardrailsID}>'

Example Request Payload

{
  "name": "employee-organization-guardrail",
  "description": "Enforces access control based on employee type and organization",
  "isDetectiveViolationCheckEnabled": true,
  "tags": ["identity-attribute"],
  "rules": {
    "items": [
      {
        "id": "rule-xxx-1",
        "type": "DEFAULT",
        "operator": "AND",
        "conditions": {
          "items": [
            {
              "type": "IDENTITY_ATTRIBUTE",
              "basicCondition": {
                "displayName": "Employee type",
                "operator": "EQ",
                "lhs": "userType",
                "rhs": ["Employee"],
                "rhsUiDetails": [],
                "dataType": "STRING"
              },
              "childConditions": {
                "items": []
              },
              "additionalAttributes": null
            },
            {
              "type": "IDENTITY_ATTRIBUTE",
              "basicCondition": {
                "displayName": "Source organization",
                "operator": "IN",
                "lhs": "organization.displayName",
                "rhs": [
                  "Org A",
                  "Org B",
                  "Org C",
                  "Org D",
                  "Org E",
                  "Org F"
                ],
                "rhsUiDetails": [],
                "dataType": "STRING"
              },
              "childConditions": {
                "items": []
              },
              "additionalAttributes": null
            }
          ]
        }
      }
    ]
  },
  "actionOnFailure": {
    "actionType": "REVOKE_LATER",
    "risk": "LOW",
    "revokeLaterAfterNumberOfDays": 10,
    "shouldUserManagerBeNotified": false
  },
  "owners": [
    {
      "id": "ocid1.tenancy.oc1..xxxxxxownerid",
      "name": "John Doe",
      "isPrimary": true
    }
  ]
}

Example of the Response Body

The following example shows the contents of the response body in JSON format:

{
  "id": "ocid1.tenancy.oc1..xxxxxxguardrailid",
  "name": "employee-organization-guardrail",
  "description": "Enforces access control based on employee type and organization",
  "timeCreated": "2026-04-24T14:30:44.785Z",
  "timeUpdated": "2026-04-27T05:32:47.645Z",
  "lifecycleState": "ACTIVE",
  "isDetectiveViolationCheckEnabled": true,
  "tags": [
    "identity-attribute"
  ],
  "rules": {
    "items": [
      {
        "id": "rule-xxx-1",
        "type": "DEFAULT",
        "operator": "AND",
        "conditions": {
          "items": [
            {
              "type": "IDENTITY_ATTRIBUTE",
              "basicCondition": {
                "displayName": "Employee type",
                "operator": "EQ",
                "lhs": "userType",
                "rhs": [
                  "Employee"
                ],
                "rhsUiDetails": [],
                "dataType": "STRING"
              },
              "childConditions": {
                "items": []
              },
              "additionalAttributes": null
            },
            {
              "type": "IDENTITY_ATTRIBUTE",
              "basicCondition": {
                "displayName": "Source organization",
                "operator": "IN",
                "lhs": "organization.displayName",
                "rhs": [
                  "Org A",
                  "Org B",
                  "Org C",
                  "Org D",
                  "Org E",
                  "Org F"
                ],
                "rhsUiDetails": [],
                "dataType": "STRING"
              },
              "childConditions": {
                "items": []
              },
              "additionalAttributes": null
            }
          ]
        }
      }
    ]
  },
  "actionOnFailure": {
    "actionType": "REVOKE_LATER",
    "risk": "LOW",
    "revokeLaterAfterNumberOfDays": 10,
    "shouldUserManagerBeNotified": false
  },
  "ownershipCollectionId": "ocid1.tenancy.oc1..xxxxxxcollectionid",
  "primaryOwnerDisplayName": "John Doe",
  "owners": null,
  "createdBy": "John Doe",
  "updatedBy": "John Doe"
}