This endpoint simulates provisioning a set of access items, and then checks against a set of policies to determine if granting the access items would cause creation of new policy violations.

POST {{baseUrl}}/CheckedPolicyViolations?attributes=<string>&authnPassword=<string>&authnUsername=<string>&excludedAttributes=<string>&lookupByName=<boolean>

This submits a set of access items to request and a set of policies to check after the access provisioning is simulated in order to determine if policy violations would be created by provisioning the access items.

It receives a payload that includes:

An identity: Used as the recipient for the access items on the simulation.

A provisioning plan: To specify the changes to be simulatedly provisioned in the provided identity

A list of policies: to check after the simulation of provisioning plan was applied to the identity in order to determine if the access granted in the simulation causes new policy violations.

Optionally you can pass a list of attributes, as query params, to be included or excluded from the response, this setting is applicable only to top level attributes as defined in the schema urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation.

Valid values:
- policies
- identity
- plan
- violations
- leftBundles
- rightBundles

Request Params

KeyDatatypeRequiredDescription
attributesstringA list of attributes to indicate what top level attributes to include in the response
authnPasswordstringPassword for authentication
authnUsernamestringUsername for authentication
excludedAttributesstringA list of attributes to indicate what top level attributes to exclude from the response
lookupByNamestringThis is not required in this endpoint, the returned object is a new PolicyViolation and not one returned from the persistence layer. This is inherited from the BaseSCIMResource and is used to override the default id based lookup, and use a name based lookup instead, if for any reason the artifact id is not present.

Request Body

{"identity"=>"<string>", "plan"=>{"value"=>{"accounts"=>[{"op"=>"<string>", "instance"=>"<string>", "application"=>"<string>", "attributes"=>[{"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}, {"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}]}, {"op"=>"<string>", "instance"=>"<string>", "application"=>"<string>", "attributes"=>[{"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}, {"op"=>"<string>", "name"=>"<string>", "value"=>"<string>"}]}]}}, "type"=>"<string>", "policies"=>["<string>", "<string>"]}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: Created

{&quot;identity&quot;:&quot;cillum veniam adipisicin&quot;,&quot;meta&quot;:{&quot;resourceType&quot;:&quot;CheckedPolicyViolation&quot;},&quot;violations&quot;:[{&quot;entitlements&quot;:[&quot;a2a&quot;,&quot;a2b&quot;,&quot;benefits&quot;],&quot;policyName&quot;:&quot;SOD Policy&quot;,&quot;policyType&quot;:&quot;SOD&quot;,&quot;description&quot;:&quot;Security design should not be combined with administrative permissions.&quot;,&quot;constraintName&quot;:&quot; IT SOD-117&quot;,&quot;leftBundles&quot;:[&quot;Security Architect - IT&quot;],&quot;rightBundles&quot;:[&quot;Unix Administrator - IT&quot;]},{&quot;entitlements&quot;:[&quot;a2a&quot;,&quot;a2b&quot;,&quot;benefits&quot;],&quot;policyName&quot;:&quot;SOD Policy&quot;,&quot;policyType&quot;:&quot;SOD&quot;,&quot;description&quot;:&quot;Security design should not be combined with administrative permissions.&quot;,&quot;constraintName&quot;:&quot; IT SOD-117&quot;,&quot;leftBundles&quot;:[&quot;Security Architect - IT&quot;],&quot;rightBundles&quot;:[&quot;Unix Administrator - IT&quot;]}],&quot;schemas&quot;:[&quot;urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation&quot;,&quot;urn:ietf:params:scim:schemas:sailpoint:1.0:CheckedPolicyViolation&quot;],&quot;policies&quot;:[&quot;SOD Policy&quot;,&quot;Entitlement Policy&quot;,&quot;RandomPolicyNotExisting&quot;],&quot;plan&quot;:{&quot;value&quot;:{&quot;accounts&quot;:[{&quot;op&quot;:&quot;Modify&quot;,&quot;instance&quot;:&quot;null&quot;,&quot;application&quot;:&quot;Active_Directory&quot;,&quot;attributes&quot;:[{&quot;op&quot;:&quot;Add&quot;,&quot;name&quot;:&quot;groupmbr&quot;,&quot;value&quot;:&quot;UnixAdministration&quot;},{&quot;op&quot;:&quot;Add&quot;,&quot;name&quot;:&quot;groupmbr&quot;,&quot;value&quot;:&quot;UnixAdministration&quot;}]},{&quot;op&quot;:&quot;Modify&quot;,&quot;instance&quot;:&quot;null&quot;,&quot;application&quot;:&quot;Active_Directory&quot;,&quot;attributes&quot;:[{&quot;op&quot;:&quot;Add&quot;,&quot;name&quot;:&quot;groupmbr&quot;,&quot;value&quot;:&quot;UnixAdministration&quot;},{&quot;op&quot;:&quot;Add&quot;,&quot;name&quot;:&quot;groupmbr&quot;,&quot;value&quot;:&quot;UnixAdministration&quot;}]}]},&quot;type&quot;:&quot;application/sailpoint.object.ProvisioningPlan+json&quot;}}