Create an Access Request
post
/access-governance/access-controls/20250331/accessRequests
Creates a new access request for an identity with the specified details.
Request
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Details for the new Access Request
Root Schema : CreateAccessRequestDetails
Type:
objectThe information about new AccessRequest.
Show Source
-
accessBundles:
array accessBundles
list of Access bundle items.
-
accountProfileDetails:
array accountProfileDetails
List of account profiles associated to access request. Required only if the associated access bundle has Account Profile attached to it.
-
attributes:
object attributes
Additional Properties Allowed: additionalPropertiesAttributes of the corresponding model. Example: `{"foo-namespace": {"bar-key": "value"}}`
-
createdBy:
string
The user that created the request
-
identities:
array identities
list of identity ids
-
justification:
string
Justification for creating the access request
-
orchestratedSystemAttributes:
array orchestratedSystemAttributes
list of orchestratedSystemAttributes associated with targets
-
permissionRoles:
array permissionRoles
list of Permission roles items.
-
requestStatus:
string
Status of the access request
Nested Schema : accountProfileDetails
Type:
arrayList of account profiles associated to access request. Required only if the associated access bundle has Account Profile attached to it.
Show Source
-
Array of:
object AccountProfileInfo
Account Profile Configuration by Identity
Nested Schema : attributes
Type:
objectAdditional Properties Allowed
Show Source
Attributes of the corresponding model.
Example: `{"foo-namespace": {"bar-key": "value"}}`
Nested Schema : orchestratedSystemAttributes
Type:
arraylist of orchestratedSystemAttributes associated with targets
Show Source
-
Array of:
object OrchestratedSystemAttribute
Account & permission attributes
Nested Schema : AccountProfileInfo
Type:
objectAccount Profile Configuration by Identity
Show Source
-
accountAttributes:
array accountAttributes
Account Attribute Values
-
accountProfileId:
string
Account Profile Id
-
identityAccountAttributesDetails:
array identityAccountAttributesDetails
Account Attributes Info by Identity
-
identitySpecific:
boolean
Same configuration for all identities.
Nested Schema : accountAttributes
Type:
arrayAccount Attribute Values
Show Source
-
Array of:
object QuestionAttributeDataSummary
Question Attributes of account profile
Nested Schema : identityAccountAttributesDetails
Type:
arrayAccount Attributes Info by Identity
Show Source
-
Array of:
object IdentityAccountAttributesInfo
Account Profile Attributes
Nested Schema : QuestionAttributeDataSummary
Type:
objectQuestion Attributes of account profile
Show Source
-
children:
array children
nested attributes
-
isQuestion:
boolean
Boolean value for checking if this is attribute is a question for requester.
-
name:
string
Attribute name - Unique identifier
-
values:
array values
Attribute Values
Nested Schema : children
Type:
arraynested attributes
Show Source
-
Array of:
object NestedQuestionAttributeSummary
Nested set of question attributes
Nested Schema : NestedQuestionAttributeSummary
Type:
objectNested set of question attributes
Show Source
-
items:
array items
Question attributes
Nested Schema : items
Type:
arrayQuestion attributes
Show Source
-
Array of:
object QuestionAttributeDataSummary
Question Attributes of account profile
Nested Schema : IdentityAccountAttributesInfo
Type:
objectAccount Profile Attributes
Show Source
-
accountAttributes:
array accountAttributes
Account Attribute Values
-
identityId:
string
Global Identity Id
Nested Schema : accountAttributes
Type:
arrayAccount Attribute Values
Show Source
-
Array of:
object QuestionAttributeDataSummary
Question Attributes of account profile
Nested Schema : OrchestratedSystemAttribute
Type:
objectAccount & permission attributes
Show Source
-
accountAttributes:
array accountAttributes
List of Orchestrated System account attributes
-
orchestratedSystem:
object Info
Generic information object.
-
permissionAttributes:
array permissionAttributes
List of Orchestrated System permission attributes
Nested Schema : accountAttributes
Type:
arrayList of Orchestrated System account attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeData
Orchestrated System Attributes
Nested Schema : Info
Type:
objectGeneric information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
id of the entity.
-
name:
string
name of the entity.
Nested Schema : permissionAttributes
Type:
arrayList of Orchestrated System permission attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeData
Orchestrated System Attributes
Nested Schema : OrchestratedSystemAttributeData
Type:
objectOrchestrated System Attributes
Show Source
-
children:
array children
nested attributes
-
defaultValues:
array defaultValues
Attribute Value
-
discriminator:
string
this field signify attribute field is password
-
lookupType:
string
LookupID for the attribute
-
name:
string
Attribute name
-
permissionType:
string
Permission Type
-
title:
string
Display Name for the attribute.
-
type:
string
Type of attribute
Nested Schema : children
Type:
arraynested attributes
Show Source
-
Array of:
object NestedAttributes
Nested set of Orchestrated System attributes
Nested Schema : NestedAttributes
Type:
objectNested set of Orchestrated System attributes
Show Source
-
items:
array items
Orchestrated System attributes
Nested Schema : items
Type:
arrayOrchestrated System attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeData
Orchestrated System Attributes
Response
Supported Media Types
- application/json
200 Response
The newly created Access Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : AccessRequest
Type:
objectDescription of AccessRequest.
Show Source
-
accessBundles:
array accessBundles
list of Access bundle items.
-
approvalRequests:
array approvalRequests
List of approval requests created as part of the access request
-
attributes:
object attributes
Additional Properties Allowed: additionalPropertiesAttributes of the corresponding model. Example: `{"foo-namespace": {"bar-key": "value"}}`
-
createdBy:
string
The user that created the request
-
id(required):
string
The Unique Oracle ID (OCID) that is immutable on creation.
-
identities:
array identities
list of identities
-
justification:
string
Justification for creating or updating the access request
-
permissionRoles:
array permissionRoles
list of Permission roles items.
-
requestStatus:
string
Status of the access request
-
timeCreated:
string(date-time)
The time the the AccessRequest was created. An RFC3339 formatted datetime string
-
timeUpdated:
string(date-time)
The time the the AccessRequest was last updated. An RFC3339 formatted datetime string
Nested Schema : accessBundles
Type:
arraylist of Access bundle items.
Show Source
-
Array of:
object AccessBundleInfo
Generic information object.
Nested Schema : approvalRequests
Type:
arrayList of approval requests created as part of the access request
Show Source
-
Array of:
object ApprovalRequest
Details of an Approval Request.
Nested Schema : attributes
Type:
objectAdditional Properties Allowed
Show Source
Attributes of the corresponding model.
Example: `{"foo-namespace": {"bar-key": "value"}}`
Nested Schema : identities
Type:
arraylist of identities
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : permissionRoles
Type:
arraylist of Permission roles items.
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : AccessBundleInfo
Type:
objectGeneric information object.
Show Source
-
accountProfileId:
string
account profile id
-
displayName:
string
display name of the entity
-
id:
string
id of the entity.
-
name:
string
name of the entity.
Nested Schema : ApprovalRequest
Type:
objectDetails of an Approval Request.
Show Source
-
assignmentDescription:
string
Description of the assignment that is being requested.
-
assignmentName:
string
Name of the assignment that is being requested.
-
assignmentType:
string
Allowed Values:
[ "ACCESS_BUNDLE", "ROLE" ]Type of the assignment that is being requested. -
beneficiary:
string
Identifier of the beneficiary.
-
beneficiaryEmail:
string
email of the beneficiary.
-
failedDueToAccessGuardrailViolations:
boolean
Boolean flag set to true if request failed due to Access Guardrail violations.
-
id(required):
string
process instance id.
-
requestor:
string
Identifier of the requestor.
-
requestType:
string
Allowed Values:
[ "WORKFLOW", "NO_WORKFLOW" ]Type the request - workflow or no workflow. -
status:
string
Allowed Values:
[ "PENDING_APPROVALS", "INFO_REQUESTED", "APPROVED", "REJECTED", "DELETED", "FAILED", "CANCELLED", "PENDING_SOD", "PROVISIONED", "PROVISIONING_IN_PROGRESS", "PROVISIONING_FAILED" ]The status of the approval process instance. -
timeUpdated:
string(date-time)
The last update date of the request.
Nested Schema : Info
Type:
objectGeneric information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
id of the entity.
-
name:
string
name of the entity.
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
409 Response
Conflict
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to create a new access request. In a single access request, you can request multiple access bundles for multiple identities.
You must have Access Bundle ID, Identities ID, Account Profile ID and details, along with Account Attributes details. In this example, we will use the same question value for all identities.
Replace placeholder values with actual values before running the sample command.
cURL Request Example
curl -i -X POST \
-H "Authorization:Bearer <your access token>" \
-H "Content-Type:application/json" \
-d \
'{
"justification": "Sample Request Access",
"createdBy": "globalId.125xxx3c3-eedc-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b2xxxxxaa046b3ceb16a",
"accessBundles": ["6adcbc8d-1816-44a7-af70-78c40bf850fb"],
"identities": ["globalId.OCI.bd49ff2a-5c47-4242-8975-9ba235fbb0ec.9fxxxxxxx69c2af598b63d4"],
"accountProfileDetails": [
{
"accountProfileId": "84321700-1a93-4cf2-9226-3f4xxxxx68",
"identitySpecific": false,
"accountAttributes": [
{
"name": "defaultTablespaceQuotaInMB",
"values": [
"100"
],
"children": [],
"isQuestion": true
}
]
}
]
}' \
'${service-instance-url}/access-governance/access-controls/20250331/accessRequests'Example Request Payload
{
"justification": "Sample Request Access",
"createdBy": "globalId.125123c3-eedc-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b20xxxxxxaa046b3ceb16a",
"accessBundles": [
"6adcbc8d-1816-44a7-af70-7xxxxxf850fb"
],
"identities": [
"globalId.OCI.bd49ff2a-5c47-4242-8975-9ba235fbb0ec.9f6exxxxx4960469c2af598b63d4"
],
"accountProfileDetails": [
{
"accountProfileId": "8432xx700-1a93-4cf2-9226-3fxxxxxxxx768",
"identitySpecific": false,
"accountAttributes": [
{
"name": "defaultTablespaceQuotaInMB",
"values": [
"100"
],
"children": [],
"isQuestion": true
}
]
}
]
}Example of the Response Code
You'll receive 200 OK response along with the following response body:
{
"id": "0ff9207f-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"justification": "Sample justification",
"requestStatus": "PENDING_APPROVALS",
"timeCreated": "2025-04-11T08:10:51.357Z",
"timeUpdated": "2025-04-11T08:10:51.357Z",
"createdBy": "globalId.125123c3-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"permissionRoles": [],
"accessBundles": [
{
"id": "6adcbc8d-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"name": "Example payload",
"displayName": "Example payload",
"accountProfileId": "84321700-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
],
"identities": [
{
"id": "globalId.OCI.bd49ff2a-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"name": "Bill.Clark@example.com",
"displayName": "Bill Clark",
"owners": null
}
],
"attributes": {
"orchestratedSystemAttributes": null
},
"approvalRequests": null
}