Get a list of Identity Collections
get
/access-governance/access-controls/20250331/identityCollections
Returns a list of Identity Collections.
Request
Query Parameters
-
identityId: string
The ID of the resource that the permissions are attached to.
-
isManagedAtTargetOrchestratedSystem: boolean
If true will return ICs managed at orchestratedSystemDefault Value:
false -
keywordContains: string
Keyword to filter on. Only one keyword may be provided. Default is empty string.
-
limit: integer
Minimum Value:
1Maximum Value:1000The maximum number of items to return.Default Value:10 -
page: string
Minimum Length:
1A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. -
sortBy: string
The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending.Default Value:
timeCreatedAllowed Values:[ "timeCreated", "displayName" ] -
sortOrder: string
The sort order to use, either 'ASC' or 'DESC'.Allowed Values:
[ "ASC", "DESC" ] -
status: string
A filter to be used for finding entities with the given status.Default Value:
ALLAllowed Values:[ "ALL", "ACTIVE", "DRAFT", "INACTIVE" ] -
userId: string
Minimum Length:
1Maximum Length:255Identifier of the user who is performing the operation
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Response
Supported Media Types
- application/json
200 Response
A page of Permission Group objects.
Headers
-
opc-next-page: string
For pagination of a list of items. When paging through a list, if this header appears in the response, then a partial list might have been returned. Include this value as the `page` parameter for the subsequent GET request to get the next batch of items.
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : IdentityCollection
Type:
objectIdentityCollection contains summarized information about Identity Collections.
Show Source
-
items(required):
array items
List containing summarized information about Identity Collections.
Nested Schema : items
Type:
arrayList containing summarized information about Identity Collections.
Show Source
-
Array of:
object IdentityCollectionSummary
Summarized Identity Collection model.
Nested Schema : IdentityCollectionSummary
Type:
objectSummarized Identity Collection model.
Show Source
-
createdBy:
object IdInfo
Generic identifying information object.
-
customAttributes:
object customAttributes
Metadata associated with the access bundle.
-
description:
string
Description of the Identity Collection.
-
displayName:
string
Display Name of the Identity Collection.
-
id(required):
string
Unique identifier that is immutable on creation.
-
identityGroupType:
string
Type of the Identity Collection.
-
isManagedAtOrchestratedSystem:
boolean
Boolean value checking if IC is shared with Orchestrated System.
-
isOwner:
boolean
Boolean value checking if logged-in user is owner of this resource or not.
-
membershipRule:
string
Membership Rule for the Identity Collection, for ex. "all { department EQ AG Department , addresses.country EQ India }".
-
name:
string
Name of the Identity Collection.
-
orchestratedSystemMetadataAttributes:
array orchestratedSystemMetadataAttributes
List of Orchestrated System configuration, required only when isManagedAtOrchestratedSystem is true.
-
primaryOwner:
object PrimaryOwner
Details of a primary Owner.
-
status:
string
Allowed Values:
[ "ACTIVE", "DRAFT", "INACTIVE", "PENDING", "FAILED", "IN_PROGRESS", "SAVED", "SUCCESS", "TIMEOUT" ]Status of the Identity Collection. -
tags:
array tags
List of tags attached to the Identity Collection.
-
timeCreated:
string(date-time)
Time when the Identity Collection was created. An RFC3339 formatted datetime string
-
timeUpdated:
string(date-time)
Time when the Identity Collection was last updated. An RFC3339 formatted datetime string
Nested Schema : IdInfo
Type:
objectGeneric identifying information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
Id of the entity.
-
name:
string
Name of the entity.
Nested Schema : customAttributes
Type:
objectMetadata associated with the access bundle.
Show Source
Nested Schema : orchestratedSystemMetadataAttributes
Type:
arrayList of Orchestrated System configuration, required only when isManagedAtOrchestratedSystem is true.
Show Source
-
Array of:
object OrchestratedSystemMetadataAttributes
Orchestrated System Metadata Attributes model.
Nested Schema : PrimaryOwner
Type:
objectDetails of a primary Owner.
Show Source
-
displayName:
string
Display name of the primary Owner.
-
value:
string
Id of the primary Owner.
Nested Schema : OrchestratedSystemMetadataAttributes
Type:
objectOrchestrated System Metadata Attributes model.
Show Source
-
attributes:
object OrchestratedSystemAttributes
The information about Orchestrated System attributes metadata
-
id(required):
string
id of target.
-
label:
string
label of target.
Nested Schema : OrchestratedSystemAttributes
Type:
objectThe information about Orchestrated System attributes metadata
Show Source
-
items(required):
array items
collection of account & permission attributes
Nested Schema : items
Type:
arraycollection of account & permission attributes
Show Source
-
Array of:
object OrchestratedSystemAttribute
Account & permission attributes
Nested Schema : OrchestratedSystemAttribute
Type:
objectAccount & permission attributes
Show Source
-
accountAttributes:
array accountAttributes
List of Orchestrated System account attributes
-
orchestratedSystem:
object Info
Generic information object.
-
permissionAttributes:
array permissionAttributes
List of Orchestrated System permission attributes
Nested Schema : accountAttributes
Type:
arrayList of Orchestrated System account attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeData
Orchestrated System Attributes
Nested Schema : Info
Type:
objectGeneric information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
id of the entity.
-
name:
string
name of the entity.
Nested Schema : permissionAttributes
Type:
arrayList of Orchestrated System permission attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeData
Orchestrated System Attributes
Nested Schema : OrchestratedSystemAttributeData
Type:
objectOrchestrated System Attributes
Show Source
-
children:
array children
nested attributes
-
defaultValues:
array defaultValues
Attribute Value
-
discriminator:
string
this field signify attribute field is password
-
lookupType:
string
LookupID for the attribute
-
name:
string
Attribute name
-
permissionType:
string
Permission Type
-
title:
string
Display Name for the attribute.
-
type:
string
Type of attribute
Nested Schema : children
Type:
arraynested attributes
Show Source
-
Array of:
object NestedAttributes
Nested set of Orchestrated System attributes
Nested Schema : NestedAttributes
Type:
objectNested set of Orchestrated System attributes
Show Source
-
items:
array items
Orchestrated System attributes
Nested Schema : items
Type:
arrayOrchestrated System attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeData
Orchestrated System Attributes
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to retrieve a list of Identity Collections by submitting a GET request. All the Identity collections ingested within Oracle Access Governance will be retrieved, including OCI IAM Groups.
cURL Example - Without Query Parameters
curl -i -X GET \
-H "Authorization:Bearer <your access token>" \
'https://<host>/access-governance/access-controls/${version}/identityCollections'Example of the Response Body
The following example shows the contents of the response body in JSON format, including a list of all available identity collections:
{
"items": [
{
"id": "073cxxxx-e34c-4fca-a265-be54xxxxxx",
"displayName": "Finance Team Group",
"name": "Finance_Team_Default",
"description": null,
"timeCreated": "2025-01-09T13:01:04.779Z",
"timeUpdated": "2025-06-12T13:59:11.846Z",
"identityGroupType": "OCI_GROUP",
"createdBy": {
"id": "AG_System",
"name": "AG System",
"displayName": "AG System User"
},
"membershipRule": "",
"status": "ACTIVE",
"tags": null,
"customAttributes": {
"compartmentFQN": "FinanceDept",
"ocid": "ocid1.group.oc1..aaaaaxxxxxxsemfralbqwnrxxxxxjcdi3e3nwuqumu67jkxp3ihjuoplkynf6q",
"domainOCID": "ocid1.domain.oc1..aaaaaxxxxxxliko3pohhmxxxxxbbc6exukbcvqgsgdxn36e6pcunmzktgka",
"cloudAccountName": "FinanceDept",
"domainId": "resource.OCI.1245xxxx-b600-48eb-a9b1-xxxxxxx",
"compartmentId": "resource.OCI.1245xxxx-b600-48eb-a9b1-xxxxxxx",
"compartmentOCID": "ocid1.tenancy.oc1..aaaaaxxxxxxromjm2vmdz4o4xxxxxx",
"idcsId": "95cxxxxxf27a54126b1bxxxxxxc52f89",
"compartmentName": "FinanceDept",
"domainName": "Default",
"isReviewable": true
},
"isManagedAtOrchestratedSystem": false,
"orchestratedSystemMetadataAttributes": [],
"primaryOwner": {
"value": "john.doe@example.com",
"displayName": "John Doe"
},
"isOwner": null
},
{
"id": "78d0xxxx-6127-4361-aaad-xxxxxxc1a5",
"displayName": "HR Team Group",
"name": "HR_Team_Alpha",
"description": null,
"timeCreated": "2024-07-04T05:32:56.775Z",
"timeUpdated": "2025-06-12T13:59:11.284Z",
"identityGroupType": "OCI_GROUP",
"createdBy": {
"id": "AG_System",
"name": "AG System",
"displayName": "AG System User"
},
"membershipRule": "",
"status": "ACTIVE",
"tags": null,
"customAttributes": {
"compartmentFQN": "HRDept",
"ocid": "ocid1.group.oc1..aaaaaxxxxxx6yqql4ernxxxxxogvbrgad465gwlguuong2jrzr3j6gpq",
"domainOCID": "ocid1.domain.oc1..aaaaaxxxxxxqnxpkpo44xxxxxpf3axtwoeav42jt7npr6xixb45moa",
"cloudAccountName": "HRDept",
"domainId": "resource.OCI.f101xxxx-7c18-42de-a146-xxxxxx",
"compartmentId": "resource.OCI.f101xxxx-7c18-42de-a146-xxxxxx",
"compartmentOCID": "ocid1.tenancy.oc1..aaaaaxxxxxxjsn6newxxxxxwnf4y24h7d5ny27h6f3q",
"idcsId": "e47xxxxxcaa383411483axxxxxxfe4a",
"compartmentName": "HRDept",
"domainName": "Alpha",
"isReviewable": true
},
"isManagedAtOrchestratedSystem": false,
"orchestratedSystemMetadataAttributes": [],
"primaryOwner": {
"value": "emma.smith@example.com",
"displayName": "Emma Smith"
},
"isOwner": null
}
]
}