Request analysis of Separation of Duties (async)
post
/access-governance/service-administration/20250331/orchestratedSystem/{orchestratedSystemId}/sod/analyze
Start analysis of Separation of Duties for an Orchestrated System. Request is asynchronous and returns a
requestId which can be used to check status.
Request
Path Parameters
-
orchestratedSystemId(required): string
The unique id for an Orchestrated System. Available values can be found using the ListOrchestratedSystems operation.
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Request details for performing Separation of Duties analysis.
Root Schema : SeparationOfDutiesAnalysisDetails
Type:
objectDetails for performing Separation of Duties analysis.
Show Source
-
accountData:
object AccountData
Information about the user account.
-
orchestratedSystemIdentityId:
string
The ID of the Identity on the Orchestrated System.
-
permissionAssignments(required):
array permissionAssignments
Permissions to be analyzed along with the account.
-
requestedBy(required):
string
The user who requested the analysis.
Nested Schema : AccountData
Type:
objectInformation about the user account.
Show Source
-
attributes(required):
array attributes
Account attributes.
Nested Schema : permissionAssignments
Type:
arrayPermissions to be analyzed along with the account.
Show Source
-
Array of:
object AccountPermission
Permission to be scanned.
Nested Schema : attributes
Type:
arrayAccount attributes.
Show Source
-
Array of:
object Attribute
Attribute of the account.
Nested Schema : Attribute
Type:
objectAttribute of the account.
Show Source
-
action:
string
Allowed Values:
[ "ADD", "UPDATE" ]Operation to be done on the attribute. -
additionalAttributes:
array additionalAttributes
Additional attributes.
-
attributes:
array attributes
Attributes.
-
displayName:
string
Display Name of the attribute.
-
name(required):
string
Name of the attribute.
-
value:
array value
Value of the attribute.
Nested Schema : additionalAttributes
Type:
arrayAdditional attributes.
Show Source
-
Array of:
object AdditionalAttribute
Additional Attribute.
Nested Schema : attributes
Type:
arrayAttributes.
Show Source
-
Array of:
object Attribute
Attribute of the account.
Nested Schema : AdditionalAttribute
Type:
objectAdditional Attribute.
Show Source
-
name(required):
string
Name of the attribute.
-
value(required):
array value
Value of the attribute.
Nested Schema : AccountPermission
Type:
objectPermission to be scanned.
Show Source
-
action(required):
string
Allowed Values:
[ "ADD", "UPDATE" ]Action on the permission. -
attributes(required):
array attributes
Account attributes.
-
id(required):
string
Permission ID.
Nested Schema : attributes
Type:
arrayAccount attributes.
Show Source
-
Array of:
object Attribute
Attribute of the account.
Response
Supported Media Types
- application/json
200 Response
Perform analysis request accepted for processing.
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : SeparationOfDutiesAnalysisResponseDetails
Type:
objectResponse of the perform analysis request.
Show Source
-
requestId(required):
string
Unique perform analysis request identifier.
-
status(required):
string
Request Status.
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
409 Response
Conflict
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
412 Response
Precondition failed
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to analyze separation of duties. This is applicable for an Oracle Fusion Cloud Applications orchestrated system and the Oracle Fusion Cloud Risk Management and Compliance (RMC) integration must be enabled.
Run the following APIs before running this API:
- GET
/access-governance/service-administration/${versionID}/orchestratedSystems/{orchestratedSystemId}/permissionsto fetch the permission - POST
/access-governance/service-administration/${versionID}/orchestratedSystems/{orchestratedSystemId}/permissionAttributes - GET /access-governance/identities/20250331/identities to fetch
identityTargetIdto be used asorchestratedSystemIdentityId
cURL Request Example
curl -i -X POST \
-H "Authorization:Bearer <your access token>" \
-H "Content-Type:application/json" \
-d \
'{
"orchestratedSystemIdentityId": "targetId.account.ICF.xxx-efc9-4a9a-bae9-26eefecaadf1.3b3f2e1a4f60938fc313659602ac4402",
"permissionAssignments": [
{
"id": "roles.ICF.306d8290-xxx-4a9a-bae9-26eefecaadf1.f8326a90ddb243bccb4761a01961d7be",
"action": "ADD",
"attributes": [
{
"name": "roles",
"value": [
"ADB4281383Fxx8CB16BF17AA4FDECAA"
],
"additionalAttributes": [
]
}
]
}
],
"requestedBy": "amel"
}' \
'${service-instance-url}/access-governance/service-administration/${versionID}/orchestratedSystems/${orchestratedSystemId}/sod/analyze'Example Request Payload
In your REST Client tool, submit the POST request
${service-instance-url}/access-governance/service-administration/${versionID}/orchestratedSystems/${orchestratedSystemId}/sod/analyze'{
"orchestratedSystemIdentityId": "targetId.account.ICF.xxx-efc9-4a9a-bae9-26eefecaadf1.3b3f2e1a4f60938fc313659602ac4402",
"permissionAssignments": [
{
"id": "roles.ICF.306d8290-xxx-4a9a-bae9-26eefecaadf1.f8326a90ddb243bccb4761a01961d7be",
"action": "ADD",
"attributes": [
{
"name": "roles",
"value": [
"ADB4281383Fxx88CB16BF17AA4FDECAA"
],
"additionalAttributes": [
]
}
]
}
],
"requestedBy": "amel"
}Example of the Response Code
You'll receive 200 OK response along with the following response body:
{
"requestId": "c87b487de125418ea73150bd62e5f2c7",
"status": "InProgress"
}Use the requestID to check the /access-governance/service-administration/20250331/orchestratedSystems/{orchestratedSystemId}/sod/status.