Request Limited to Members of Organization
Configure Access Bundles/Roles in Oracle Access Governance to limit their availability in the self-service request flow to members of specific organizations.
Prerequisites: You must have the relevant Organization created in Oracle Access Governance.
List Organizations
Retrieve a list of available organizations in Oracle Access Governance.
Response
GET ${si}/access-governance/service-administration/${version}/organizations{
"items": [
{
"id": "caxx69xx-19db-xxc3-b9d6-1f40xx37d54d",
"displayName": "Database-Infra",
"name": "Database-Infra",
"description": "Manages core database infrastructure and provisioning",
"timeCreated": "2025-09-04T06:36:51.001Z",
"timeUpdated": "2025-09-04T06:36:51.001Z",
"organizationType": "AG_ORGANIZATION",
"createdBy": {
"id": "globalId.8dxxefbf-ab68-4fxx-ae89-7bcc0fxxe5be.18.a84836862e0958ba29e9002afd63a7fb",
"name": "Amel Maclead",
"displayName": "Amel Maclead"
},
"membershipRule": "all { location IN AUS;USA;India }",
"status": "ACTIVE",
"tags": ["org", "database", "infra"],
"primaryOwner": {
"id": "globalId.8dxxefbf-ab68-4fxx-ae89-7bcc0fxxe5be.18.a84836862e0958ba29e9002afd63a7fb",
"displayName": "Amel Maclead",
"isPrimary": true
},
"isOwner": false
},
{
"id": "03acxx38-faxx-454f-ba1f-59ba4bxx82f4",
"displayName": "Engineering-Core",
"name": "Engineering-Core",
"description": "Core engineering team managing backend services and APIs",
"timeCreated": "2025-07-21T10:32:48.765Z",
"timeUpdated": "2025-08-29T16:23:54.324Z",
"organizationType": "AG_ORGANIZATION",
"createdBy": {
"id": "globalId.8dxxefbf-ab68-4fxx-ae89-7bcc0fxxe5be.18.a84836862e0958ba29e9002afd63a7fb",
"name": "Amel Maclead",
"displayName": "Amel Maclead"
},
"membershipRule": "",
"status": "ACTIVE",
"tags": ["engineering", "backend"],
"primaryOwner": {
"id": "globalId.8dxxefbf-ab68-4fxx-ae89-7bcc0fxxe5be.18.a84836862e0958ba29e9002afd63a7fb",
"displayName": "Amel Maclead",
"isPrimary": true
},
"isOwner": false
}
]
}
Create an Access Bundle available to members of a specific organization
In this example, we will raise request for a Database User
Management (DBUM)-specific Access Bundle available only to a specific organization,
called
Database-Infra
Before creating an access bundle, use the
following endpoints to achieve this:
- List all Orchestrated Systems - [GET] {BasePath}/orchestratedSystem
- List all Permissions for an Orchestrated Systems - [GET] {BasePath}/orchestratedSystem/{id}/permissions
- Find Permission Attributes for an Orchestrated Systems - [POST] {BasePath}/orchestratedSystem/{id}/permissionAttributes
- List all Lookup values for a given Lookup Type - [GET] {BasePath}/orchestratedSystem/{id}/lookupAttributes?lookupType=<lookupType>
- List all Account Profiles for an Orchestrated Systems - [GET] {BasePath}/orchestratedSystem/{id}/accountProfiles
- List all Approval Workflows - [GET] {BasePath}/approvalWorkflows
Sample Request Payload
{
"name": "Database-Infra-Members-Only",
"displayName": "Database-Infra-Members-Only",
"description": "Privileges for core database infrastructure team only",
"tags": [
"Database",
"Infra"
],
"owners": [
{
"id": "globalId.8dxxefbf-abxx-4f09-ae89-7bcc0fxxe5be.18.a84836862e0958ba29e9002afd63a7fb",
"name": "Amel Maclead",
"isPrimary": true
}
],
"requestableBy": "MEMBERS_OF_AN_ORG",
"approvalWorkflowId": "NO_APPROVAL_REQUIRED",
"orchestratedSystemId": "180axx7e-a20b-4exx-b7b1-412cxx11147b",
"accessBundleType": "PERMISSION_BUNDLE",
"items": [
{
"id": "privileges.ICF.180axx7e-a20b-4exx-b7b1-412cxx11147b.294exx72e5dca6ef73d4a0da0a64f868",
"name": "ADMINISTER ANY SQL TUNING SET"
}
],
"accountProfileId": "eadxx697-ad32-47ef-a69f-94dfxx2e80e74",
"accountProfileName": "Profile_DBInfra",
"orchestratedSystemAttributes": {
"accountAttributes": [],
"permissionAttributes": [
{
"name": "privileges.ICF.180axx7e-a20b-4exx-b7b1-412cxx11147b.294exx72e5dca6ef73d4a0da0a64f868",
"type": "RepeatableFieldSet",
"title": null,
"values": [
"ADMINISTER ANY SQL TUNING SET"
],
"children": [
{
"items": [
{
"name": "privilegeAdminOption",
"title": "Privilege admin option",
"values": [
"YES"
],
"children": [],
"lookupType": "withAdminOption",
"permissionType": null,
"discriminator": null
}
]
}
],
"discriminator": null,
"isQuestion": true
}
]
},
"customAttributes": {},
"autoApproveIfNoViolation": false,
"accessTimeLimitType": "NUMBER_OF_HOURS",
"accessTimeLimit": {
"hoursLimit": {
"accessLimitInHours": 24,
"notificationInHours": 1,
"extensionInHours": 6,
"extensionApprovalWorkflowId": {
"id": "Guid_03f0xxcc-129a-43dc-a8e9-76c8xxd07804",
"name": "Custom_WF_Amel Maclead",
"displayName": "Custom_WF_Amel Maclead"
}
}
},
"organizations": [
{
"id": "caxx69xx-19db-xxc3-b9d6-1f40xx37d54d",
"name": "Database-Infra",
"displayName": "Database-Infra",
"owners": [
{
"id": "globalId.8dxxefbf-abxx-4f09-ae89-7bcc0fxxe5be.18.a84836862e0958ba29e9002afd63a7fb",
"name": "Amel Maclead",
"isPrimary": true
}
]
}
]
}
Sample Response
You should receive a 200 response code.
{
"id": "08f5xxbe-52xx-4146-af78-8fb7xx8568bb8",
"name": "Database-Infra",
"displayName": "Database-Infra",
"description": "Manages core database infrastructure and provisioning",
"tags": [
"Database",
"Infra"
],
"timeCreated": "2025-09-23T10:15:00.674Z",
"timeUpdated": "2025-09-23T10:15:00.674Z",
"createdBy": {
"id": "88b9xx0ece344653953570480031e7d0",
"name": "Amel Maclead",
"displayName": "Amel Maclead"
},
"updatedBy": {
"id": "88b9xx0ece344653953570480031e7d0",
"name": "Amel Maclead",
"displayName": "Amel Maclead"
},
"requestableBy": {
"id": "MEMBERS_OF_AN_ORG",
"name": "Members of an organization",
"displayName": "Members of an organization"
},
"status": "ACTIVE",
"approvalWorkflowId": {
"id": "NO_APPROVAL_REQUIRED",
"name": "No Approval Required",
"displayName": "No Approval Required"
},
"orchestratedSystem": {
"id": "180axx7e-a20b-4exx-b7b1-412cxx11147b",
"name": "DBUM OnBoard QA",
"displayName": "DBUM OnBoard QA"
},
"orchestratedSystemType": "ICF",
"ownershipCollectionId": "acbcxx8d-3618-47a4-b532-2ce0xx7c414d",
"owners": [
{
"id": "globalId.8dxxefbf-abxx-4f09-ae89-7bcc0fxxe5be.18.a84836862e0958ba29e9002afd63a7fb",
"name": "Amel Maclead",
"isPrimary": true
}
],
"externalId": "ocid1.agcsgovernanceinstance.oc1.iad.amaaaaaaebkbezqaznsrawruaovcypaj6rjwu4exfxdnlaypvizugt6ii5pq",
"cloudAccountName": null,
"domainName": null,
"resourceType": null,
"compartmentName": null,
"compartmentFqn": null,
"orchestratedSystemAttributes": {
"accountAttributes": [
{
"name": "authenticationType",
"title": "Authentication type",
"values": ["GLOBAL"],
"type": "String",
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": false
},
{
"name": "defaultTablespace",
"title": "Default tablespace",
"values": [],
"type": "String",
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": true
},
{
"name": "defaultTablespaceQuotaInMB",
"title": "Default tablespace quota (in MB)",
"values": [],
"type": "Long",
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": false
},
{
"name": "temporaryTablespace",
"title": "Temporary tablespace",
"values": [],
"type": "String",
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": false
},
{
"name": "profileName",
"title": "Profile name",
"values": [],
"type": "String",
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": false
},
{
"name": "password",
"title": "Password",
"values": [],
"type": "GuardedString",
"permissionType": null,
"children": [],
"discriminator": "AccountPassword",
"isQuestion": false
},
{
"name": "AccountStartDate",
"title": "AccountStartDate",
"values": [],
"type": "String",
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": false
},
{
"name": "IsAdminUser",
"title": "Is Admin User",
"values": ["false"],
"type": "Boolean",
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": false
}
],
"permissionAttributes": [
{
"name": "privileges.ICF.180axx7e-a20b-4exx-b7b1-412cxx11147b.294exx72e5dca6ef73d4a0da0a64f868",
"title": null,
"values": ["ADMINISTER ANY SQL TUNING SET"],
"type": "RepeatableFieldSet",
"permissionType": null,
"children": [
{
"items": [
{
"name": "privilegeAdminOption",
"title": "Privilege admin option",
"values": ["YES"],
"type": null,
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": null
}
]
}
],
"discriminator": null,
"isQuestion": true
}
]
},
"accountProfileId": "eadxx697-ad32-47ef-a69f-94dfxx2e80e74",
"accountProfileName": "Profile_DBInfra",
"customAttributes": {},
"accessGuardrail": null,
"permissions": [
{
"id": "privileges.ICF.180axx7e-a20b-4exx-b7b1-412cxx11147b.294exx72e5dca6ef73d4a0da0a64f868",
"name": "ADMINISTER ANY SQL TUNING SET",
"description": null,
"type": "ENTITLEMENTS",
"timeCreated": "2025-02-12T11:48:10.664Z",
"timeUpdated": null,
"resource": {
"id": "resource.ICF.180axx7e-a20b-4exx-b7b1-412cxx11147b.a67fxx7fa84d31a660536b16dbb0b3f2",
"name": "DBUM OnBoard QA",
"displayName": "DBUM OnBoard QA",
"type": "DBUM",
"customAttributes": null
},
"permissionType": {
"id": "etype.ICF.180axx7e-a20b-4exx-b7b1-412cxx11147b.8a73xx8106df1a9a00e0e533bc0f2fb0",
"name": "icf.connector.entitlement.type.privileges",
"displayName": "Privilege",
"externalId": "privileges"
}
}
],
"autoApproveIfNoViolation": false,
"accessTimeLimitType": "NUMBER_OF_HOURS",
"accessTimeLimit": {
"daysLimit": null,
"hoursLimit": {
"accessLimitInHours": 24,
"notificationInHours": 1,
"extensionInHours": 6,
"extensionApprovalWorkflowId": {
"id": "Guid_03f0xxcc-129a-43dc-a8e9-76c8xxd07804",
"name": "Custom_WF_Amel Maclead",
"displayName": "Custom_WF_Amel Maclead"
}
}
},
"organizations": [
{
"id": "caxx69xx-19db-xxc3-b9d6-1f40xx37d54d",
"name": "Database-Infra",
"displayName": "Database-Infra"
}
]
}Tip:
List the access bundles with query parameterrequestableBy=MEMBERS_OF_AN_ORG to retrieve all the Access Bundles available to members of an organization.
Create an Access Request
Create a self-service access request for one or more identities part of an organization.
Sample POST Command using REST Client
Include the following
Headers:
| Authorization | Bearer <your access token> |
| Content-Type | application/json |
${si}/access-governance/access-controls/${version}/accessRequestsSample Request Payload
{
"justification": "Database-Infra Access Request for Members Only",
"createdBy": "globalId.1251xxc3-eexx-4d6a-b6d4-6c0fxx37bad2.18.02e36bbb4b201421b44aa046b3ceb16a",
"accessBundles": [
"08f5xxbe-5261-4146-af78-8fb7xx8568bb8"
],
"identities": [
"globalId.ICF.4564xx83-1e06-417a-888a-864exxb1f4db.e12axx250df05186a3d0dff3bf7cf770",
"globalId.ICF.4564xx83-1e06-417a-888a-864exxb1f4db.7467xx8f03826ddc8a670280e0e7d6e8"
],
"accountProfileDetails": [
{
"accountProfileId": "8432xx00-1a93-4cf2-9226-3f4cxxfd9768",
"identitySpecific": false,
"accountAttributes": [
{
"name": "defaultTablespaceQuotaInMB",
"values": [
"100"
],
"children": [],
"isQuestion": true
},
{
"name": "defaultTablespace",
"values": [
"DBINFRA_CATALOG_INDEX_TAB"
],
"isQuestion": false
}
]
}
],
"accessLimitDataDetails": [
{
"accessBundleId": "08f5xxbe-5261-4146-af78-8fb7xx8568bb8",
"isIdentitySpecific": false,
"accessLimitDataInfo": {
"accessLimitType": "NUMBER_OF_HOURS",
"accessLimitData": {
"daysConfig": null,
"hoursConfig": {
"expirationInHours": 24,
"notificationInHours": 24,
"extensionInHours": 8,
"extensionApprovalWorkflowId": {
"id": "Guid_03f0xxcc-129a-43dc-a8e9-76c8xxd07804",
"name": "Custom_WF_Amel Maclead",
"displayName": "Custom_WF_Amel Maclead"
}
},
"dateTimeConfig": null
}
}
}
]
}
Sample Response Body
You should receive a 200 response code, with a following response body:
{
"id": "094cxx9f-d2c5-44xx-88ab-20e2xx57c0a7",
"justification": "Database-Infra Access Request for Members Only",
"requestStatus": "IN_PROGRESS",
"timeCreated": "2025-09-23T10:53:40.769Z",
"timeUpdated": "2025-09-23T10:53:40.769Z",
"createdBy": "clientId.External App for Local Dev.88b9xx0ece344653953570480031e7d0",
"permissionRoles": [],
"accessBundles": [
{
"id": "08f5xxbe-5261-4146-af78-8fb7xx8568bb8",
"name": "Database-Infra",
"displayName": "Database-Infra",
"accountProfileId": "eadxx697-ad32-47ef-a69f-94dfxx2e80e74"
}
],
"identities": [
{
"id": "globalId.ICF.4564xx83-1e06-417a-888a-864exxb1f4db.e12axx250df05186a3d0dff3bf7cf770",
"name": "Joseph Thomas",
"displayName": "Joseph Thomas",
"owners": null
},
{
"id": "globalId.ICF.4564xx83-1e06-417a-888a-864exxb1f4db.7467xx8f03826ddc8a670280e0e7d6e8",
"name": "Zita Pauer",
"displayName": "Zita Pauer",
"owners": null
}
],
"attributes": {
"orchestratedSystemAttributes": null
},
"approvalRequests": null
}
Get Details of an Access Request
You can verify or check the status of the access request that you just created by running the following endpoint:GET ${si}/access-governance/access-controls/${versionId}/accessRequests/${accessRequestId}