REST API for Access Policy Management in OIG 12.2.1.4.0

Return a specific Access Policy

get

/iam/governance/adminservice/api/v1/accesspolicies/{policyId}

Returns a specific Access Policy based on Access Policy Id

Request

Path Parameters

policyId: integer

The Access Policy Id

Response

Supported Media Types

application/json

200 Response

Access Policy

Root Schema : accessPolicy

Type: object

Access Policy details

Show Source

deniedApplications(optional): array deniedApplications

Details of Denied Application
description(optional): string

Description of the Access Policy
name(optional): string

Name of the Access Policy
owner(optional): object owner

Owner
priority(optional): string

Priority of the Access Policy
provisionedApplications(optional): array provisionedApplications

Details of Provisioned Application
retrofit(optional): boolean

{
    "description":"Access Policy details",
    "properties":{
        "name":{
            "type":"string",
            "description":"Name of the Access Policy"
        },
        "description":{
            "type":"string",
            "description":"Description of the Access Policy"
        },
        "priority":{
            "type":"string",
            "description":"Priority of the Access Policy"
        },
        "retrofit":{
            "type":"boolean"
        },
        "owner":{
            "$ref":"#/definitions/owner"
        },
        "provisionedApplications":{
            "type":"array",
            "items":{
                "$ref":"#/definitions/provisionedApplications"
            },
            "description":"Details of Provisioned Application"
        },
        "deniedApplications":{
            "type":"array",
            "items":{
                "$ref":"#/definitions/deniedApplications"
            },
            "description":"Details of Denied Application"
        }
    }
}

Nested Schema : deniedApplications

Type: array

Details of Denied Application

Show Source

Array of: object deniedApplications

{
    "type":"array",
    "items":{
        "$ref":"#/definitions/deniedApplications"
    },
    "description":"Details of Denied Application"
}

Nested Schema : owner

Type: object

Owner

Show Source

name(optional): string

Owner login id for example xelsysadm
type(optional): string

Allowed Values: [ "USER", "ROLE" ]

Type of Owner. Valid values are USER/ROLE

{
    "description":"Owner",
    "properties":{
        "name":{
            "type":"string",
            "description":"Owner login id for example xelsysadm"
        },
        "type":{
            "type":"string",
            "enum":[
                "USER",
                "ROLE"
            ],
            "description":"Type of Owner. Valid values are USER/ROLE"
        }
    }
}

Nested Schema : provisionedApplications

Type: array

Details of Provisioned Application

Show Source

Array of: object provisionedApplications

{
    "type":"array",
    "items":{
        "$ref":"#/definitions/provisionedApplications"
    },
    "description":"Details of Provisioned Application"
}

Nested Schema : deniedApplications

Type: object

Show Source

name(optional): string

Name of the Denied Application

{
    "properties":{
        "name":{
            "type":"string",
            "description":"Name of the Denied Application"
        }
    }
}

Nested Schema : provisionedApplications

Type: object

Show Source

childobjects(optional): array childobjects
constraint(optional): string

Allowed Values: [ "DISABLE", "REVOKE" ]

Constraint. Valid values are DISABLE/REVOKE
general(optional): object general

Additional Properties Allowed: additionalProperties

Parent form details
name(optional): string

Name of the Provisioned Application
neor(optional): boolean

Default Value: false

Keep Account Active if entitlement exists outside the role

{
    "properties":{
        "name":{
            "type":"string",
            "description":"Name of the Provisioned Application"
        },
        "constraint":{
            "type":"string",
            "enum":[
                "DISABLE",
                "REVOKE"
            ],
            "description":"Constraint. Valid values are DISABLE/REVOKE"
        },
        "neor":{
            "type":"boolean",
            "description":"Keep Account Active if entitlement exists outside the role",
            "default":false
        },
        "general":{
            "type":"object",
            "description":"Parent form details",
            "additionalProperties":{
                "type":"string"
            }
        },
        "childobjects":{
            "type":"array",
            "items":{
                "$ref":"#/definitions/childobject"
            }
        }
    }
}

Nested Schema : childobjects

Type: array

Show Source

Array of: object childobject

{
    "type":"array",
    "items":{
        "$ref":"#/definitions/childobject"
    }
}

Nested Schema : general

Type: object

Additional Properties Allowed

Show Source

string

{
    "type":"object",
    "description":"Parent form details",
    "additionalProperties":{
        "type":"string"
    }
}

Parent form details

Nested Schema : childobject

Type: object

Show Source

description(optional): string

Label of the child form.
records(optional): array records

Child form details

{
    "properties":{
        "description":{
            "type":"string",
            "description":"Label of the child form."
        },
        "records":{
            "type":"array",
            "description":"Child form details",
            "items":{
                "type":"object",
                "additionalProperties":{
                    "type":"string"
                }
            }
        }
    }
}

Nested Schema : records

Type: array

Child form details

Show Source

Array of: object items

Additional Properties Allowed: additionalProperties

{
    "type":"array",
    "description":"Child form details",
    "items":{
        "type":"object",
        "additionalProperties":{
            "type":"string"
        }
    }
}

Nested Schema : items

Type: object

Additional Properties Allowed

Show Source

string

{
    "type":"object",
    "additionalProperties":{
        "type":"string"
    }
}

400 Response

Bad Request

500 Response

Internal Server Error

Examples

The following example shows how to return a specific access policy by submitting a GET request on the REST resource using cURL. The information shown here is against a pseudo system and serves as a prototype.

curl -u username:password -H "X-Requested-By:<anyvalue>"  -X GET "http://myhost.pseudo.com:14000/iam/governance/adminservice/api/v1/accesspolicies/5"

Example of the Response Body

The following example shows the contents of the response body in JSON format:

{
    "links": [
        {
            "rel": "self",
            "href": "http://myhost.pseudo.com:14000/iam/governance/adminservice/api/v1/accesspolicies/1"
        }
    ],
    "id": "1",
    "name": "AP_1615537233845",
    "description": "AP_Desc_1615537233845",
    "priority": "1",
    "retrofit": true,
    "owner": {
        "type": "USER",
        "displayname": "System Administrator",
        "name": "XELSYSADM"
    },
    "provisionedApplications": [
        {
            "id": "2",
            "name": "VisionEmployeesDomain",
            "constraint": "REVOKE",
                          "neor":false,
            "general": {
                "Organization Name": "9~OU=employees,OU=Vision,DC=adlrg12c,DC=us,DC=pseudo,DC=com"
            },
            "childobjects": [
                {
                    "id": "10",
                    "description": "Assigned Groups Form",
                    "records": [
                        {
                            "Group Name": "9~CN=adentitlement1,OU=Vision,DC=adlrg12c,DC=us,DC=pseudo,DC=com"
                        }
                    ]
                }
            ]
        }
    ],
    "deniedApplications": []
}