Update Role
put
/access-governance/access-controls/20250331/roles/{roleId}
Updates the details of an existing role with a given ID.
Request
Path Parameters
-
roleId(required): string
Unique Role identifier
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Details for the updated Role.
Root Schema : UpdateRoleDetails
Type:
objectThe information to be updated.
Show Source
-
accessBundles:
array accessBundles
List of Access Bundles
-
approvalWorkflowId:
string
ApprovalWorkflowId that is applicable to the Role
-
customAttributes:
object customAttributes
Metadata associated with the role
-
description:
string
Role description
-
displayName:
string
Display Name of the Role
-
externalId:
string
ExternalId of the Role
-
name(required):
string
Minimum Length:
1Maximum Length:255Role name -
owners:
array owners
List of owner entities
-
requestableBy:
string
Allowed Values:
[ "ANY", "NONE" ]Entities that can request the access bundle -
tags:
array tags
List of tags attached to the Role
Nested Schema : accessBundles
Type:
arrayList of Access Bundles
Show Source
-
Array of:
object Info
Generic information object.
Nested Schema : owners
Type:
arrayList of owner entities
Show Source
-
Array of:
object OwnerSummary
Owner entity object
Nested Schema : Info
Type:
objectGeneric information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
id of the entity.
-
name:
string
name of the entity.
Nested Schema : OwnerSummary
Type:
objectOwner entity object
Show Source
-
id(required):
string
Unique identifier that is immutable on creation
-
isPrimary(required):
boolean
Is this entity the primary owner?
-
name(required):
string
Name of the owner
Response
Supported Media Types
- application/json
200 Response
The updated Role
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Role
Type:
objectRole object.
Show Source
-
accessBundles:
array accessBundles
List of Access Bundles
-
approvalWorkflowId:
object IdInfo
Generic identifying information object.
-
createdBy:
object IdInfo
Generic identifying information object.
-
customAttributes:
object customAttributes
Metadata associated with the role
-
description:
string
Description of the Role
-
displayName:
string
Display Name of the Role
-
externalId:
string
ExternalId of the Role
-
id(required):
string
Unique identifier that is immutable on creation
-
name:
string
Name of the Role
-
owners:
array owners
List of owner entities
-
ownershipCollectionId:
string
Ownership collection associate with the Role
-
requestableBy:
object IdInfo
Generic identifying information object.
-
status:
string
Allowed Values:
[ "ACTIVE", "DRAFT", "INACTIVE", "PENDING", "FAILED", "IN_PROGRESS", "SAVED", "SUCCESS", "TIMEOUT" ]Status of the Role -
tags:
array tags
List of tags attached to the Role
-
timeCreated:
string(date-time)
Time when the Role was created. An RFC3339 formatted datetime string
-
timeUpdated:
string(date-time)
Time when the Role was last updated. An RFC3339 formatted datetime string
-
updatedBy:
object IdInfo
Generic identifying information object.
Nested Schema : accessBundles
Type:
arrayList of Access Bundles
Show Source
-
Array of:
object AccessBundle
Access Bundle object.
Nested Schema : IdInfo
Type:
objectGeneric identifying information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
Id of the entity.
-
name:
string
Name of the entity.
Nested Schema : owners
Type:
arrayList of owner entities
Show Source
-
Array of:
object OwnerSummary
Owner entity object
Nested Schema : AccessBundle
Type:
objectAccess Bundle object.
Show Source
-
accessGuardrails:
array accessGuardrails
List of access guardrail information attached to the Access Bundle.
-
accountProfileId:
string
Configured account profile id for the access bundle.
-
accountProfileName:
string
configured account profile name for the access bundle.
-
approvalWorkflowId:
object IdInfo
Generic identifying information object.
-
cloudAccountName:
string
Cloud Account name of OCI bundle i.e., OCI tenancy
-
compartmentFqn:
string
Compartment full name of OCI bundle
-
compartmentName:
string
Compartment name of OCI bundle
-
createdBy:
object IdInfo
Generic identifying information object.
-
customAttributes:
object customAttributes
Metadata associated with the access bundle
-
description:
string
Description of the Access Bundle
-
displayName:
string
Display Name of the Access Bundle
-
domainName:
string
Domain name of OCI bundle
-
externalId:
string
ExternalId of the Access Bundle
-
id(required):
string
Unique identifier that is immutable on creation
-
name:
string
Name of the Access Bundle
-
orchestratedSystem:
object IdInfo
Generic identifying information object.
-
orchestratedSystemAttributes:
object OrchestratedSystemAttributeSummary
Account & permission attributes
-
orchestratedSystemType:
string
Orchestrated System type
-
owners:
array owners
List of owner entities
-
ownershipCollectionId:
string
Ownership collection associated with the Access Bundle
-
permissions:
array permissions
List of permissions
-
requestableBy:
object IdInfo
Generic identifying information object.
-
resourceType:
string
Resource Type of an OCI Access Bundle
-
status:
string
Allowed Values:
[ "ACTIVE", "DRAFT", "INACTIVE", "PENDING", "FAILED", "IN_PROGRESS", "SAVED", "SUCCESS", "TIMEOUT" ]Status of the Access Bundle -
tags:
array tags
List of tags attached to the Access Bundle
-
timeCreated:
string(date-time)
Time when the Access Bundle was created. An RFC3339 formatted datetime string
-
timeUpdated:
string(date-time)
Time when the Access Bundle was last updated. An RFC3339 formatted datetime string
-
updatedBy:
object IdInfo
Generic identifying information object.
Nested Schema : accessGuardrails
Type:
arrayList of access guardrail information attached to the Access Bundle.
Show Source
-
Array of:
object AccessGuardrailDetails
Access Guardrail object
Nested Schema : customAttributes
Type:
objectMetadata associated with the access bundle
Show Source
Nested Schema : OrchestratedSystemAttributeSummary
Type:
objectAccount & permission attributes
Show Source
-
accountAttributes:
array accountAttributes
List of Orchestrated System account attributes
-
permissionAttributes:
array permissionAttributes
List of Orchestrated System permission attributes
Nested Schema : owners
Type:
arrayList of owner entities
Show Source
-
Array of:
object OwnerSummary
Owner entity object
Nested Schema : permissions
Type:
arrayList of permissions
Show Source
-
Array of:
object PermissionSummary
Description of Permission.
Nested Schema : AccessGuardrailDetails
Type:
objectAccess Guardrail object
Show Source
-
id(required):
string
The access guardrail id
-
name(required):
string
The access guardrail name
Nested Schema : accountAttributes
Type:
arrayList of Orchestrated System account attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeDataSummary
Orchestrated System Attributes
Nested Schema : permissionAttributes
Type:
arrayList of Orchestrated System permission attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeDataSummary
Orchestrated System Attributes
Nested Schema : OrchestratedSystemAttributeDataSummary
Type:
objectOrchestrated System Attributes
Show Source
-
children:
array children
nested attributes
-
discriminator:
string
this field signify attribute field is password
-
isQuestion:
boolean
Indicates if this Orchestrated System Attribute will be presented as a question.
-
name:
string
Attribute name - Unique identifier
-
permissionType:
string
Permission Type
-
title:
string
Display Name for the attribute.
-
type:
string
Type of attribute
-
values:
array values
Attribute Values
Nested Schema : children
Type:
arraynested attributes
Show Source
-
Array of:
object NestedAttributesSummary
Nested set of Orchestrated System attributes
Nested Schema : NestedAttributesSummary
Type:
objectNested set of Orchestrated System attributes
Show Source
-
items:
array items
Orchestrated System attributes
Nested Schema : items
Type:
arrayOrchestrated System attributes
Show Source
-
Array of:
object OrchestratedSystemAttributeDataSummary
Orchestrated System Attributes
Nested Schema : OwnerSummary
Type:
objectOwner entity object
Show Source
-
id(required):
string
Unique identifier that is immutable on creation
-
isPrimary(required):
boolean
Is this entity the primary owner?
-
name(required):
string
Name of the owner
Nested Schema : PermissionSummary
Type:
objectDescription of Permission.
Show Source
-
description:
string
Description of the permission
-
id(required):
string
The Unique Oracle ID (OCID) that is immutable on creation
-
name:
string
Name of the permission
-
permissionType:
object PermissionTypeSummary
PermissionType Summary.
-
resource:
object ResourceSummary
Resource Summary.
-
timeCreated:
string(date-time)
Time when the permission was last created. An RFC3339 formatted datetime string
-
timeUpdated:
string(date-time)
Time when the permission was last updated. An RFC3339 formatted datetime string
-
type:
string
Type of the permission
Nested Schema : PermissionTypeSummary
Type:
objectPermissionType Summary.
Show Source
-
displayName:
string
Display Name of the PermissionType.
-
externalId:
string
External Id of the PermissionType
-
id:
string
The Unique Oracle ID (OCID) that is immutable on creation.
-
name:
string
name of the PermissionType.
Nested Schema : ResourceSummary
Type:
objectResource Summary.
Show Source
-
customAttributes:
object customAttributes
Metadata associated with the resource
-
displayName:
string
Display Name of the Resource.
-
id(required):
string
The Unique Oracle ID (OCID) that is immutable on creation.
-
name:
string
name of the Resource.
-
type:
string
Type of the Resource
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
412 Response
Precondition failed
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to update a role by submitting a PUT request. In this example, as an extension to create example, we will add another access bundle permission set for the database admin
Note:
Generate Access Token usinggrant_type = password.
cURL Example - Without Query Parameters
curl -i -L -X PUT \
-H "Authorization:Bearer <your-access-token>" \
-H "Content-Type:application/json" \
-d \
'{
"name": "Database Administrator Role",
"description": "Responsible for managing database access and ensuring optimized SQL performance.",
"requestableBy": "ANY",
"approvalWorkflowId": "NO_APPROVAL_REQUIRED",
"tags": [
"Database Role"
],
"accessBundles": [
{
"id": "b943f987-xxxx-4bac-bca0-6a09ded5dcad",
"name": "DBUM Standard SQL Tuning Access UA 8",
"displayName": "DBUM Standard SQL Tuning Access UA 8",
"owners": [
{
"id": "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name": "Bill Clark",
"isPrimary": true
}
]
},
{
"id": "9f6a9e49-xxxx-4211-b702-cd47072346a2",
"name": "ALTER ANY TABLE",
"displayName": "Database Privilege - ALTER ANY TABLE",
"owners": [
{
"id": "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name": "Bill Clark",
"isPrimary": true
}
]
}
],
"customAttributes": null,
"displayName": "Database Administrator Role",
"owners": [
{
"id": "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name": "Bill Clark",
"isPrimary": true
}
]
}' \
'<${service-instance-url}/access-governance/access-controls/20250331/roles/${roleID}>'Example Request Payload
{
"name": "Database Administrator Role",
"description": "Responsible for managing database access and ensuring optimized SQL performance.",
"requestableBy": "ANY",
"approvalWorkflowId": "NO_APPROVAL_REQUIRED",
"tags": [
"Database Role"
],
"accessBundles": [
{
"id": "b943f987-xxxx-4bac-bca0-6a09ded5dcad",
"name": "DBUM Standard SQL Tuning Access UA 8",
"displayName": "DBUM Standard SQL Tuning Access UA 8",
"owners": [
{
"id": "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name": "Bill Clark",
"isPrimary": true
}
]
},
{
"id": "9f6a9e49-xxxx-4211-b702-cd47072346a2",
"name": "ALTER ANY TABLE",
"displayName": "Database Privilege - ALTER ANY TABLE",
"owners": [
{
"id": "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name": "Bill Clark",
"isPrimary": true
}
]
}
],
"customAttributes": null,
"displayName": "Database Administrator Role",
"owners": [
{
"id": "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name": "Bill Clark",
"isPrimary": true
}
]
}
Example of the Response Body
The following example shows the contents of the response body in JSON format, including the details of an identity who updated the role:
{
"id": "7642ff7d-xxxx-45c4-88d4-db7d2e79e85f",
"name": "Database Administrator Role",
"description": "Responsible for managing database access and ensuring optimized SQL performance.",
"requestableBy": {
"id": "ANY",
"name": "Anyone",
"displayName": "Anyone"
},
"status": "ACTIVE",
"approvalWorkflowId": {
"id": "NO_APPROVAL_REQUIRED",
"name": "No Approval Required",
"displayName": "No Approval Required"
},
"tags": [
"Database Role"
],
"accessBundles": [
{
"id": "b943f987-xxxx-4bac-bca0-6a09ded5dcad",
"name": "DBUM Standard SQL Tuning Access UA 8",
"displayName": "DBUM Standard SQL Tuning Access UA 8",
"owners": [
{
"id": "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name": "Bill Clark",
"isPrimary": true
}
],
"createdBy" : {
"id" : "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name" : "Amel Maclead",
"displayName" : "Amel Maclead"
},
"updatedBy" : {
"id" : "globalId.125123c3-xxxx-4d6a-b6d4-6c0f6537bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"name" : "Amel Maclead",
"displayName" : "Amel Maclead"
},
"customAttributes" : null,
"externalId" : "cid1.agcsgovernanceinstance.dev.dev.xxxxxxxxpzw5rdia4pv5rudpgmf5enb2yzcloj2pbd5ogxaructfrhgbuq7a",
"displayName" : "Database Admin Role"
}