Revoke a granted permission
post
/access-governance/access-controls/20250331/permissions/{permissionId}/actions/revoke
Revokes a granted permission for a given global identity.
Grant type must be DIRECT or REQUEST.
For Access Bundles, permissionType should be ACCESS_BUNDLE.
For Permissions & Roles, permissionType should be PERMISSION.
Request is asynchronous.
Request
Path Parameters
-
permissionId(required): string
A permission identifier.
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Details for revoking the permission.
Root Schema : RevokePermissionDetails
Type:
objectPermission revocation details.
Show Source
-
globalId(required):
string
The global identity of the user for which to revoke the granted permission.
-
permissionType(required):
string
Allowed Values:
[ "PERMISSION", "ACCESS_BUNDLE", "ROLE" ]The permission type to revoke.
Response
Supported Media Types
- application/json
200 Response
Revocation in progress.
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : RevokePermissionStatus
Type:
objectPermission revocation summary.
Show Source
-
globalId(required):
string
The global identity of the user.
-
status(required):
string
The status of the request.
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how you can revoke a permission using permission ID.
Before revoking a permission, you may want to run
- Access Request Details - [GET] {BasePath}/approvals/{accessRequestId} to fetch identity IDs and permission IDs.
In this example, we are revoking the requested Access Bundle. So, enter the Access Bundle ID as the Permission ID.
cURL Request Example
curl -i -X POST \
-H "Authorization:Bearer <your-access-token>" \
-H "Content-Type:application/json" \
-d \
'{
"globalId": "globalId.ICF.xxxxx-744e-4689-b04b-94f198920763.xxx",
"permissionType": "ACCESS_BUNDLE"
}' \
'<${service-instance-url}/access-controls/${version}/permissions/${permissionId}/actions/revoke>'
Submit the POST request
${service-instance-url}/access-governance/access-controls/${version}/permissions/${permissionId}/actions/revokeExample Request Payload
{
"globalId": "globalId.ICF.xxxxx-744e-4689-b04b-94f198920763.xxx",
"permissionType": "ACCESS_BUNDLE"
}Example of the Response Code
You'll receive 200 OK response along with the following response body:
{
"globalId": "globalId.ICF.xxxxx-744e-4689-b04b-94f198920763.xxx",
"status": "Revoke in Progress"
}