Get the status of Separation of Duties Analysis requests
post
/access-governance/service-administration/20250331/orchestratedSystem/{orchestratedSystemId}/sod/status
Returns the current Separation of Duties Analysis status for input request IDs.
Request
Path Parameters
-
orchestratedSystemId(required): string
The unique id for an Orchestrated System. Available values can be found using the ListOrchestratedSystems operation.
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Separation of Duties Analysis Request IDs.
Root Schema : CheckSeparationOfDutiesStatus
Type:
objectSeparation of Duties Analysis Request IDs.
Show Source
-
requestIds(required):
array requestIds
List of request IDs.
Response
Supported Media Types
- application/json
200 Response
Separation of Duties status details are successfully fetched.
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : CheckSeparationOfDutiesStatusDetails
Type:
objectList of request statuses per Request ID.
Show Source
-
items(required):
array items
List of request statuses.
Nested Schema : items
Type:
arrayList of request statuses.
Show Source
-
Array of:
object CheckSeparationOfDutiesRequestStatus
Request status.
Nested Schema : CheckSeparationOfDutiesRequestStatus
Type:
objectRequest status.
Show Source
-
events(required):
array events
Separation of Duties Events.
-
requestedBy(required):
string
Who or what made the request.
-
requestId(required):
string
Unique identifier that is immutable on creation.
-
requestStatus(required):
string
Allowed Values:
[ "SUCCESS", "FAILED", "IN_PROGRESS" ]Request Status. -
timeRequestCompletion:
string(date-time)
Request Completion time.
-
timeRequested:
string(date-time)
Request time.
Nested Schema : events
Type:
arraySeparation of Duties Events.
Show Source
-
Array of:
object SeparationOfDutiesEvent
Separation Of Duties Event.
Nested Schema : SeparationOfDutiesEvent
Type:
objectSeparation Of Duties Event.
Show Source
-
createdBy(required):
string
Who or what created the event.
-
hasViolation(required):
boolean
Whether a violation was detected.
-
id(required):
string
Unique identifier that is immutable on creation.
-
provider(required):
string
Separation Of Duties provider.
-
requestPayload(required):
object RequestPayload
Represents the payload for a request.
-
status(required):
string
Allowed Values:
[ "SUCCESS", "FAILED", "IN_PROGRESS", "PENDING" ]Processing Status. -
timeCreated:
string(date-time)
Creation time of the event.
-
timeProcessingEnded:
string(date-time)
Separation Of Duties processing end time.
-
timeProcessingStarted:
string(date-time)
Separation Of Duties processing start time.
-
violationSummary(required):
array violationSummary
Separation Of Duties Violation Summary.
Nested Schema : RequestPayload
Type:
objectRepresents the payload for a request.
Show Source
-
accountData:
object AccountData
Information about the user account.
-
childAssignmentData:
array childAssignmentData
List of child assignment data.
-
requestData:
object SeparationOfDutiesAnalysisDetails
Details for performing Separation of Duties analysis.
-
userData:
object UserData
Data of the User associated to a Separation of Duties event.
Nested Schema : violationSummary
Type:
arraySeparation Of Duties Violation Summary.
Show Source
-
Array of:
object SeparationOfDutiesViolationSummary
A Separation of Duties violation.
Nested Schema : AccountData
Type:
objectInformation about the user account.
Show Source
-
attributes(required):
array attributes
Account attributes.
Nested Schema : childAssignmentData
Type:
arrayList of child assignment data.
Show Source
-
Array of:
object ChildAssignmentData
Entitlement attributes.
Nested Schema : SeparationOfDutiesAnalysisDetails
Type:
objectDetails for performing Separation of Duties analysis.
Show Source
-
accountData:
object AccountData
Information about the user account.
-
orchestratedSystemIdentityId:
string
The ID of the Identity on the Orchestrated System.
-
permissionAssignments(required):
array permissionAssignments
Permissions to be analyzed along with the account.
-
requestedBy(required):
string
The user who requested the analysis.
Nested Schema : UserData
Type:
objectData of the User associated to a Separation of Duties event.
Show Source
-
attributes(required):
array attributes
User attributes.
Nested Schema : attributes
Type:
arrayAccount attributes.
Show Source
-
Array of:
object Attribute
Attribute of the account.
Nested Schema : Attribute
Type:
objectAttribute of the account.
Show Source
-
action:
string
Allowed Values:
[ "ADD", "UPDATE" ]Operation to be done on the attribute. -
additionalAttributes:
array additionalAttributes
Additional attributes.
-
attributes:
array attributes
Attributes.
-
displayName:
string
Display Name of the attribute.
-
name(required):
string
Name of the attribute.
-
value:
array value
Value of the attribute.
Nested Schema : additionalAttributes
Type:
arrayAdditional attributes.
Show Source
-
Array of:
object AdditionalAttribute
Additional Attribute.
Nested Schema : attributes
Type:
arrayAttributes.
Show Source
-
Array of:
object Attribute
Attribute of the account.
Nested Schema : AdditionalAttribute
Type:
objectAdditional Attribute.
Show Source
-
name(required):
string
Name of the attribute.
-
value(required):
array value
Value of the attribute.
Nested Schema : ChildAssignmentData
Type:
objectEntitlement attributes.
Show Source
-
attributes(required):
array attributes
Entitlement attributes.
Nested Schema : attributes
Type:
arrayEntitlement attributes.
Show Source
-
Array of:
object Attribute
Attribute of the account.
Nested Schema : permissionAssignments
Type:
arrayPermissions to be analyzed along with the account.
Show Source
-
Array of:
object AccountPermission
Permission to be scanned.
Nested Schema : AccountPermission
Type:
objectPermission to be scanned.
Show Source
-
action(required):
string
Allowed Values:
[ "ADD", "UPDATE" ]Action on the permission. -
attributes(required):
array attributes
Account attributes.
-
id(required):
string
Permission ID.
Nested Schema : attributes
Type:
arrayAccount attributes.
Show Source
-
Array of:
object Attribute
Attribute of the account.
Nested Schema : attributes
Type:
arrayUser attributes.
Show Source
-
Array of:
object Attribute
Attribute of the account.
Nested Schema : SeparationOfDutiesViolationSummary
Type:
objectA Separation of Duties violation.
Show Source
-
controlName:
string
Control name.
-
existingRoles:
array existingRoles
Roles already granted to an identity.
-
requestedRoles:
array requestedRoles
Roles requested for an identity.
Nested Schema : existingRoles
Type:
arrayRoles already granted to an identity.
Show Source
-
Array of:
object RoleInfo
Identifying information for a role.
Nested Schema : requestedRoles
Type:
arrayRoles requested for an identity.
Show Source
-
Array of:
object RoleInfo
Identifying information for a role.
Nested Schema : RoleInfo
Type:
objectIdentifying information for a role.
Show Source
-
accessPoints:
array accessPoints
Access points of the role.
-
displayName:
string
The display name of the role.
-
id:
string
The id of the role.
-
name:
string
The name of the role.
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
409 Response
Conflict
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
412 Response
Precondition failed
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to fetch status of separation of duties using the request ID. This is applicable for an Oracle Fusion Cloud Applications orchestrated system and the Oracle Fusion Cloud Risk Management and Compliance (RMC) integration must be enabled.
Run the following APIs before running this API: POST /access-governance/service-administration/20250331/orchestratedSystems/{orchestratedSystemId}/sod/analyze to retrieve request ID.
cURL Request Example
curl -i -X POST \
-H "Authorization:Bearer <your access token>" \
-H "Content-Type:application/json" \
-d \
'{
"requestIds": [
"c87b487de125418eaxx150bd62e5f2c7"
]
}' \
'${service-instance-url}/access-governance/service-administration/${versionID}/orchestratedSystems/${orchestratedSystemId}/sod/statusExample Request Payload
In your REST Client tool, submit the POST request
${service-instance-url}/access-governance/service-administration/${versionID}/orchestratedSystems/${orchestratedSystemId}/sod/status{
"requestIds": [
"c87b487de125418ea73150bd62e5f2c7"
]
}Example of the Response Code
You'll receive 200 OK response along with the following response body:
{
"items": [
{
"requestId": "c87xx87de125xx8ea7315xxd62e5fxx7",
"requestStatus": "SUCCESS",
"timeRequested": "2025-06-16T18:49:15.000Z",
"timeRequestCompletion": "2025-06-16T18:51:21.525Z",
"requestedBy": "Amel Maclead",
"events": [
{
"id": "56cxxd86c802xx01b7a33xx6ffb07xx4",
"status": "SUCCESS",
"createdBy": "Amel Maclead",
"timeCreated": "2025-06-16T18:49:15.000Z",
"timeProcessingStarted": "2025-06-16T18:49:18.303Z",
"timeProcessingEnded": "2025-06-16T18:51:21.525Z",
"requestPayload": {
"requestData": {
"orchestratedSystemIdentityId": "targetId.account.ICF.306xx8290-efc9xx9a-bae9xxeefecaadf1.3b3xx2e1a4f60xxfc313xx9602acxx02",
"accountData": null,
"permissionAssignments": [
{
"id": "roles.ICF.306xx8290-efc9xx9a-bae9xxeefecaadf1.f832xx90ddb243xxb476xxa01961dxxe",
"action": "ADD",
"attributes": [
{
"name": "roles",
"displayName": null,
"value": [
"ADB42xx383FB48xxCB16Bxx7AA4FDExxA"
],
"action": null,
"additionalAttributes": null,
"attributes": null
}
]
}
],
"requestedBy": "Amel Maclead"
},
"userData": {
"attributes": [
{
"name": "displayName",
"displayName": "displayName",
"value": [
"abuser10 abuser10"
],
"action": null,
"additionalAttributes": null,
"attributes": null
},
{
"name": "userName",
"displayName": "userName",
"value": [
"abuser10@idmconnector.onmicrosoft.com"
],
"action": null,
"additionalAttributes": null,
"attributes": null
}
]
},
"accountData": {
"attributes": [
{
"name": "name",
"displayName": "User login",
"value": [
"abuser10@idmconnector.onmicrosoft.com"
],
"action": null,
"additionalAttributes": null,
"attributes": null
}
]
},
"childAssignmentData": [
{
"attributes": [
{
"name": "Name",
"displayName": "Name",
"value": [
"ORA_ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB"
],
"action": null,
"additionalAttributes": null,
"attributes": [
{
"name": "roles",
"displayName": "Roles",
"value": [
"ADB42xx383FB48xxCB16Bxx7AA4FDExxA"
],
"action": null,
"additionalAttributes": null,
"attributes": null
}
]
}
]
}
]
},
"hasViolation": true,
"provider": "FA_RMCS",
"violationSummary": [
{
"controlName": "10103: Sensitive Joint Venture Stakeholder Privileges",
"existingRoles": [],
"requestedRoles": [
{
"id": "roles.ICF.306xx8290-efc9xx9a-bae9xxeefecaadf1.f832xx90ddb243xxb476xxa01961dxxe",
"name": "ORA_ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB",
"displayName": "Application Implementation Consultant",
"accessPoints": [
"Manage Joint Venture Definition"
]
}
]
}
]
}
]
}
]
}