Request analysis of Separation of Duties (async)

post

/access-governance/service-administration/20250331/orchestratedSystem/{orchestratedSystemId}/sod/analyze

Start analysis of Separation of Duties for an Orchestrated System. Request is asynchronous and returns a requestId which can be used to check status.

Request

Path Parameters
Header Parameters
  • The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Body ()
Request details for performing Separation of Duties analysis.
Root Schema : SeparationOfDutiesAnalysisDetails
Type: object
Details for performing Separation of Duties analysis.
Show Source
Nested Schema : AccountData
Type: object
Information about the user account.
Show Source
Nested Schema : permissionAssignments
Type: array
Permissions to be analyzed along with the account.
Show Source
Nested Schema : attributes
Type: array
Account attributes.
Show Source
Nested Schema : Attribute
Type: object
Attribute of the account.
Show Source
Nested Schema : additionalAttributes
Type: array
Additional attributes.
Show Source
Nested Schema : attributes
Type: array
Attributes.
Show Source
Nested Schema : value
Type: array
Value of the attribute.
Show Source
Nested Schema : AdditionalAttribute
Type: object
Additional Attribute.
Show Source
Nested Schema : value
Type: array
Value of the attribute.
Show Source
Nested Schema : AccountPermission
Type: object
Permission to be scanned.
Show Source
Nested Schema : attributes
Type: array
Account attributes.
Show Source
Back to Top

Response

Supported Media Types

200 Response

Perform analysis request accepted for processing.
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : SeparationOfDutiesAnalysisResponseDetails
Type: object
Response of the perform analysis request.
Show Source

400 Response

Bad Request
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
Error Information.
Show Source

401 Response

Unauthorized
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
Error Information.
Show Source

404 Response

Not Found
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
Error Information.
Show Source

409 Response

Conflict
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
Error Information.
Show Source

412 Response

Precondition failed
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
Error Information.
Show Source

429 Response

Too Many Requests
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
Error Information.
Show Source

500 Response

Internal Server Error
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
Error Information.
Show Source

Default Response

Unknown Error
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
Error Information.
Show Source
Back to Top

Examples

The following example shows how to analyze separation of duties. This is applicable for an Oracle Fusion Cloud Applications orchestrated system and the Oracle Fusion Cloud Risk Management and Compliance (RMC) integration must be enabled.

Run the following APIs before running this API:
  • GET /access-governance/service-administration/${versionID}/orchestratedSystems/{orchestratedSystemId}/permissions to fetch the permission
  • POST /access-governance/service-administration/${versionID}/orchestratedSystems/{orchestratedSystemId}/permissionAttributes
  • GET /access-governance/identities/20250331/identities to fetch identityTargetId to be used as orchestratedSystemIdentityId

cURL Request Example

curl -i -X POST \
   -H "Authorization:Bearer <your access token>" \
   -H "Content-Type:application/json" \
   -d \
'{
    "orchestratedSystemIdentityId": "targetId.account.ICF.xxx-efc9-4a9a-bae9-26eefecaadf1.3b3f2e1a4f60938fc313659602ac4402",
    "permissionAssignments": [
        {
            "id": "roles.ICF.306d8290-xxx-4a9a-bae9-26eefecaadf1.f8326a90ddb243bccb4761a01961d7be",
            "action": "ADD",
            "attributes": [
                {
                    "name": "roles",
                    "value": [
                        "ADB4281383Fxx8CB16BF17AA4FDECAA"
                        ],
                    "additionalAttributes": [
                    ]
                }
            ]
        }
    ],
    "requestedBy": "amel"
}' \
 '${service-instance-url}/access-governance/service-administration/${versionID}/orchestratedSystems/${orchestratedSystemId}/sod/analyze'

Example Request Payload

In your REST Client tool, submit the POST request
${service-instance-url}/access-governance/service-administration/${versionID}/orchestratedSystems/${orchestratedSystemId}/sod/analyze'
{
    "orchestratedSystemIdentityId": "targetId.account.ICF.xxx-efc9-4a9a-bae9-26eefecaadf1.3b3f2e1a4f60938fc313659602ac4402",
    "permissionAssignments": [
        {
            "id": "roles.ICF.306d8290-xxx-4a9a-bae9-26eefecaadf1.f8326a90ddb243bccb4761a01961d7be",
            "action": "ADD",
            "attributes": [
                {
                    "name": "roles",
                    "value": [
                        "ADB4281383Fxx88CB16BF17AA4FDECAA"
                        ],
                    "additionalAttributes": [
                    ]
                }
            ]
        }
    ],
    "requestedBy": "amel"
}

Example of the Response Code

You'll receive 200 OK response along with the following response body:

{
    "requestId": "c87b487de125418ea73150bd62e5f2c7",
    "status": "InProgress"
}

Use the requestID to check the /access-governance/service-administration/20250331/orchestratedSystems/{orchestratedSystemId}/sod/status.

Back to Top