This endpoint simulates provisioning a set of access items, and then checks against a set of policies to determine if granting the access items would cause creation of new policy violations.
POST {{baseUrl}}/CheckedPolicyViolations?attributes=<string>&authnPassword=<string>&authnUsername=<string>&excludedAttributes=<string>&lookupByName=<boolean>
This submits a set of access items to request and a set of policies to check after the access provisioning is simulated in order to determine if policy violations would be created by provisioning the access items.
It receives a payload that includes:
An identity: Used as the recipient for the access items on the simulation.
A provisioning plan: To specify the changes to be simulatedly provisioned in the provided identity
A list of policies: to check after the simulation of provisioning plan was applied to the identity in order to determine if the access granted in the simulation causes new policy violations.
Optionally you can pass a list of attributes, as query params, to be included or excluded from the response, this setting is applicable only to top level attributes as defined in the schema urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation.
Valid values:
- policies
- identity
- plan
- violations
- leftBundles
- rightBundles
Request Params
Key | Datatype | Required | Description |
---|---|---|---|
attributes | string | A list of attributes to indicate what top level attributes to include in the response | |
authnPassword | string | Password for authentication | |
authnUsername | string | Username for authentication | |
excludedAttributes | string | A list of attributes to indicate what top level attributes to exclude from the response | |
lookupByName | string | This is not required in this endpoint, the returned object is a new PolicyViolation and not one returned from the persistence layer. This is inherited from the BaseSCIMResource and is used to override the default id based lookup, and use a name based lookup instead, if for any reason the artifact id is not present. |
Request Body
{"identity"=>"<string>", "plan"=>{"value"=>{"accounts"=>[{"op"=>"<string>", "instance"=>"<string>", "application"=>"<string>", "attributes"=>[{"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}, {"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}]}, {"op"=>"<string>", "instance"=>"<string>", "application"=>"<string>", "attributes"=>[{"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}, {"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}]}]}}, "type"=>"<string>", "policies"=>["<string>", "<string>"]}
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: Created
{"identity":"cillum veniam adipisicin","meta":{"resourceType":"CheckedPolicyViolation"},"violations":[{"entitlements":["a2a","a2b","benefits"],"policyName":"SOD Policy","policyType":"SOD","description":"Security design should not be combined with administrative permissions.","constraintName":" IT SOD-117","leftBundles":["Security Architect - IT"],"rightBundles":["Unix Administrator - IT"]},{"entitlements":["a2a","a2b","benefits"],"policyName":"SOD Policy","policyType":"SOD","description":"Security design should not be combined with administrative permissions.","constraintName":" IT SOD-117","leftBundles":["Security Architect - IT"],"rightBundles":["Unix Administrator - IT"]}],"schemas":["urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation","urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation"],"policies":["SOD Policy","Entitlement Policy","RandomPolicyNotExisting"],"plan":{"value":{"accounts":[{"op":"Modify","instance":"null","application":"Active_Directory","attributes":[{"op":"Add","name":"groupmbr","value":"UnixAdministration"},{"op":"Add","name":"groupmbr","value":"UnixAdministration"}]},{"op":"Modify","instance":"null","application":"Active_Directory","attributes":[{"op":"Add","name":"groupmbr","value":"UnixAdministration"},{"op":"Add","name":"groupmbr","value":"UnixAdministration"}]}]},"type":"application/sailpoint.object.ProvisioningPlan+json"}}