This endpoint simulates provisioning a set of access items, and then checks against a set of policies to determine if granting the access items would cause creation of new policy violations.

POST {{baseUrl}}/CheckedPolicyViolations?attributes=<string>&authnPassword=<string>&authnUsername=<string>&excludedAttributes=<string>&lookupByName=<boolean>

This submits a set of access items to request and a set of policies to check after the access provisioning is simulated in order to determine if policy violations would be created by provisioning the access items.

It receives a payload that includes:

An identity: Used as the recipient for the access items on the simulation.

A provisioning plan: To specify the changes to be simulatedly provisioned in the provided identity

A list of policies: to check after the simulation of provisioning plan was applied to the identity in order to determine if the access granted in the simulation causes new policy violations.

Optionally you can pass a list of attributes, as query params, to be included or excluded from the response, this setting is applicable only to top level attributes as defined in the schema urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation.

Valid values:
- policies
- identity
- plan
- violations
- leftBundles
- rightBundles

Request Params

Request Body

{"identity"=>"<string>", "plan"=>{"value"=>{"accounts"=>[{"op"=>"<string>", "instance"=>"<string>", "application"=>"<string>", "attributes"=>[{"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}, {"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}]}, {"op"=>"<string>", "instance"=>"<string>", "application"=>"<string>", "attributes"=>[{"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}, {"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}]}]}}, "type"=>"<string>", "policies"=>["<string>", "<string>"]}

HEADERS

RESPONSES

status: Created

{"identity":"cillum veniam adipisicin","meta":{"resourceType":"CheckedPolicyViolation"},"violations":[{"entitlements":["a2a","a2b","benefits"],"policyName":"SOD Policy","policyType":"SOD","description":"Security design should not be combined with administrative permissions.","constraintName":" IT SOD-117","leftBundles":["Security Architect - IT"],"rightBundles":["Unix Administrator - IT"]},{"entitlements":["a2a","a2b","benefits"],"policyName":"SOD Policy","policyType":"SOD","description":"Security design should not be combined with administrative permissions.","constraintName":" IT SOD-117","leftBundles":["Security Architect - IT"],"rightBundles":["Unix Administrator - IT"]}],"schemas":["urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation","urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation"],"policies":["SOD Policy","Entitlement Policy","RandomPolicyNotExisting"],"plan":{"value":{"accounts":[{"op":"Modify","instance":"null","application":"Active_Directory","attributes":[{"op":"Add","name":"groupmbr","value":"UnixAdministration"},{"op":"Add","name":"groupmbr","value":"UnixAdministration"}]},{"op":"Modify","instance":"null","application":"Active_Directory","attributes":[{"op":"Add","name":"groupmbr","value":"UnixAdministration"},{"op":"Add","name":"groupmbr","value":"UnixAdministration"}]}]},"type":"application/sailpoint.object.ProvisioningPlan+json"}}