Create a Policy
post
/access-governance/access-controls/20250331/policies
Creates a new policy with the specified details.
Request
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Details for the new Policy
Root Schema : CreatePolicyDetails
Type:
objectModel required for creating a new Policy
Show Source
-
assignments:
array assignments
List of assignments associated with Policy.
-
customAttributes:
object customAttributes
Metadata associated with the Policy
-
description:
string
Description of the Policy.
-
displayName:
string
displayName of the Policy
-
insights:
string
Insights information of the policy
-
name:
string
A user-friendly name. Have to be unique, and it's changeable. Avoid entering confidential information.
-
owners:
array owners
List of owner entities
-
submittedBy(required):
string
User or entity who submitted or created the Policy.
-
tags:
array tags
List of tags attached to the Policy.
Nested Schema : assignments
Type:
arrayList of assignments associated with Policy.
Show Source
-
Array of:
object PolicyAssignment
PolicyAssignment Model.
Nested Schema : owners
Type:
arrayList of owner entities
Show Source
-
Array of:
object OwnerSummary
Owner entity object
Nested Schema : PolicyAssignment
Type:
objectPolicyAssignment Model.
Show Source
-
accessBundles:
array accessBundles
List of access bundles
-
assignmentId:
string
Assignment Id used for permission Association..
-
assignmentType:
string
Allowed Values:
[ "ACCESS_BUNDLE", "ROLE" ]Type of the assignment that is being requested. -
customAttributes:
object customAttributes
Metadata associated with the permission association
-
identityGroups:
array identityGroups
List of identity groups
-
identityType:
string
Type of the identity
-
roles:
array roles
List of roles
Nested Schema : accessBundles
Type:
arrayList of access bundles
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : customAttributes
Type:
objectMetadata associated with the permission association
Show Source
Nested Schema : identityGroups
Type:
arrayList of identity groups
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : roles
Type:
arrayList of roles
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : Info
Type:
objectGeneric information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
id of the entity.
-
name:
string
name of the entity.
Nested Schema : OwnerSummary
Type:
objectOwner entity object
Show Source
-
id(required):
string
Unique identifier that is immutable on creation
-
isPrimary(required):
boolean
Is this entity the primary owner?
-
name(required):
string
Name of the owner
Response
Supported Media Types
- application/json
200 Response
The newly created Policy
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Policy
Type:
objectPolicy model.
Show Source
-
assignments:
array assignments
List of assignments associated with Permission Association.
-
createdBy:
object IdInfo
Generic identifying information object.
-
customAttributes:
object customAttributes
Metadata associated with the permission association
-
description:
string
Description of the Permission Association.
-
displayName:
string
displayName of the Permission Association
-
id(required):
string
The Unique Oracle ID (OCID) that is immutable on creation.
-
name:
string
A user-friendly name. Have to be unique, and it's changeable. Avoid entering confidential information.
-
owners:
array owners
List of owner entities
-
ownershipCollectionId:
string
Ownership collection associate with the Identity Group
-
riskLevel:
integer
Risk Level of Policy. 0 stands for low and 1 for high risk.
-
status:
string
Allowed Values:
[ "ACTIVE", "DRAFT", "INACTIVE", "PENDING", "FAILED", "IN_PROGRESS", "SAVED", "SUCCESS", "TIMEOUT" ]Status of the Permission Association. -
tags:
array tags
List of tags attached to the Permission Association.
-
timeCreated:
string(date-time)
Time when the Permission Association Rule was created. An RFC3339 formatted datetime string
-
timeUpdated:
string(date-time)
Time when the Permission Association Rule was last updated. An RFC3339 formatted datetime string
-
updatedBy:
object IdInfo
Generic identifying information object.
Nested Schema : assignments
Type:
arrayList of assignments associated with Permission Association.
Show Source
-
Array of:
object PolicyAssignment
PolicyAssignment Model.
Nested Schema : IdInfo
Type:
objectGeneric identifying information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
Id of the entity.
-
name:
string
Name of the entity.
Nested Schema : customAttributes
Type:
objectMetadata associated with the permission association
Show Source
Nested Schema : owners
Type:
arrayList of owner entities
Show Source
-
Array of:
object OwnerSummary
Owner entity object
Nested Schema : PolicyAssignment
Type:
objectPolicyAssignment Model.
Show Source
-
accessBundles:
array accessBundles
List of access bundles
-
assignmentId:
string
Assignment Id used for permission Association..
-
assignmentType:
string
Allowed Values:
[ "ACCESS_BUNDLE", "ROLE" ]Type of the assignment that is being requested. -
customAttributes:
object customAttributes
Metadata associated with the permission association
-
identityGroups:
array identityGroups
List of identity groups
-
identityType:
string
Type of the identity
-
roles:
array roles
List of roles
Nested Schema : accessBundles
Type:
arrayList of access bundles
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : customAttributes
Type:
objectMetadata associated with the permission association
Show Source
Nested Schema : identityGroups
Type:
arrayList of identity groups
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : roles
Type:
arrayList of roles
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : Info
Type:
objectGeneric information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
id of the entity.
-
name:
string
name of the entity.
Nested Schema : OwnerSummary
Type:
objectOwner entity object
Show Source
-
id(required):
string
Unique identifier that is immutable on creation
-
isPrimary(required):
boolean
Is this entity the primary owner?
-
name(required):
string
Name of the owner
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
409 Response
Conflict
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to create a policy. Replace placeholder values with actual values before running the sample command.
Before creating a policy, you need to run the following APIs to fetch the required data:
- List Access Bundle - [GET] {BasePath}/accessBundles
- List Roles - [GET] {BasePath}/roles
- List Identities - [GET] {BasePath}/identities
cURL Request Example
curl -i -X POST \
-H "Authorization:Bearer <your-access-token>" \
-H "Content-Type:application/json" \
-d \
'{
"name": "Admin DBUM Policy",
"description": "Admin DBUM Policy",
"submittedBy": "globalId.125123c3-xxx-4d6a-b6d4-xxx.18.xxx",
"tags": [
"DBUM Performance"
],
"customAttributes": {},
"displayName": "Admin Database Policy",
"assignments": [
{
"assignmentId": "",
"assignmentType": "ACCESS_BUNDLE",
"identityType": "ALL",
"identityCollections": [
{
"id": "a4b3dd4b-xxx-4d77-858c-xxx",
"name": "Database Administrators"
},
{
"id": "fbc9774f-xxx-415d-8b81-xxx",
"name": "Database Performance Administrators"
}
],
"accessBundles": [
{
"id": "52fea7fb-xxx-4b1e-bc37-xxx",
"name": "SQL Tuning Access"
},
{
"id": "45ed5c4c-xxx-4e80-ba1c-xxx",
"name": "DBUM Standard SQL Tuning Access UA2"
},
{
"id": "xxx-xxx-xxx-xxx-xxx",
"name": "Oracle DBUM Performance Admin Access"
}
]
}
],
"owners": [
{
"id": "globalId.125123c3-xxx-4d6a-b6d4-xxx.18.xxx",
"name": "Amel Maclead",
"isPrimary": true
}
]
}' \
'<${service-instance-url}/access-governance/access-controls/20250331/policies/>'
Submit the POST request
${service-instance-url}/access-governance/access-controls/${version}/policies/Example Request Payload
{
"name": "Admin DBUM Policy",
"description": "Admin DBUM Policy",
"submittedBy": "globalId.125123c3-xxx-4d6a-b6d4-xxx.18.xxx",
"tags": [
"DBUM UA"
],
"customAttributes": {},
"displayName": "Admin Database Policy",
"assignments": [
{
"assignmentId": "",
"assignmentType": "ACCESS_BUNDLE",
"identityType": "ALL",
"identityCollections": [
{
"id": "a4b3dd4b-xxx-4d77-858c-xxx",
"name": "Database Administrators"
},
{
"id": "fbc9774f-xxx-415d-8b81-xxx",
"name": "Database Performance Administrators"
}
],
"accessBundles": [
{
"id": "52fea7fb-xxx-4b1e-bc37-xxx",
"name": "SQL Tuning Access"
},
{
"id": "45ed5c4c-xxx-4e80-ba1c-xxx",
"name": "DBUM Standard SQL Tuning Access UA2"
},
{
"id": "xxx-xxx-xxx-xxx-xxx",
"name": "Oracle DBUM Performance Admin Access"
}
]
}
],
"owners": [
{
"id": "globalId.125123c3-xxx-4d6a-b6d4-xxx.18.xxx",
"name": "Amel Maclead",
"isPrimary": true
}
]
}Example of the Response Code
It may take a few seconds to create a policy. Do not try to abort the request.
You'll receive 200 OK response along with the following response body:
{
"id": "2e451b51-xxx-4bbc-9894-xxx",
"name": "Admin DBUM Policy",
"description": "Admin DBUM Policy",
"status": "ACTIVE",
"timeCreated": "2025-05-07T15:44:50.209Z",
"timeUpdated": "2025-05-07T15:44:50.209Z",
"ownershipCollectionId": "03b05e0d-xxx-4f7e-a101-xxx",
"owners": [
{
"id": "globalId.125123c3-xxx-4d6a-b6d4-xxx.18.xxx",
"name": "Amel Maclead",
"isPrimary": true
}
],
"createdBy": {
"id": "globalId.125123c3-xxx-4d6a-b6d4-xxx.18.xxx",
"name": "Amel Maclead",
"displayName": "Amel Maclead"
},
"updatedBy": {
"id": "globalId.125123c3-xxx-4d6a-b6d4-xxx.18.xxx",
"name": "Amel Maclead",
"displayName": "Amel Maclead"
},
"tags": [
"DBUM UA"
],
"customAttributes": {},
"displayName": "Admin Database Policy",
"assignments": [
{
"assignmentId": "44b7d7a9-xxx-4a11-88f9-xxx",
"assignmentType": "ACCESS_BUNDLE",
"identityType": "HUMAN",
"identityCollections": [
{
"id": "fbc9774f-xxx-415d-8b81-xxx",
"name": "testICArun1",
"displayName": "testICArun1",
"owners": null
},
{
"id": "a4b3dd4b-xxx-4d77-858c-xxx",
"name": "Database Administrators"
},
{
"id": "xxx-xxx-xxx-xxx-xxx",
"name": "Database Performance Administrators"
}
],
"accessBundles": [
{
"id": "45ed5c4c-xxx-4e80-ba1c-xxx",
"name": "DBUM Standard SQL Tuning Access UA2",
"displayName": "DBUM Standard SQL Tuning Access UA2",
"owners": null
},
{
"id": "52fea7fb-xxx-4b1e-bc37-xxx",
"name": "SQL Tuning Access"
},
{
"id": "xxx-xxx-xxx-xxx-xxx",
"name": "Oracle DBUM Performance Admin Access"
}
],
"roles": [],
"customAttributes": null
}
],
"riskLevel": null
}