diff --git a/src/routes/api-client/BetaSpec.json b/src/routes/api-client/BetaSpec.json index 408ecb3..5669d19 100644 --- a/src/routes/api-client/BetaSpec.json +++ b/src/routes/api-client/BetaSpec.json @@ -177232,19 +177232,16 @@ "properties": { "id": { "type": "string", - "readOnly": true, "description": "Unique ID of this transform", "example": "2cd78adghjkja34jh2b1hkjhasuecd" }, "name": { "type": "string", - "readOnly": true, "description": "Unique name of this transform", "example": "Timestamp To Date" }, "type": { "type": "string", - "readOnly": true, "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", "example": "concat" }, @@ -177623,19 +177620,16 @@ "properties": { "id": { "type": "string", - "readOnly": true, "description": "Unique ID of this transform", "example": "2cd78adghjkja34jh2b1hkjhasuecd" }, "name": { "type": "string", - "readOnly": true, "description": "Unique name of this transform", "example": "Timestamp To Date" }, "type": { "type": "string", - "readOnly": true, "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", "example": "concat" }, @@ -177684,19 +177678,16 @@ "properties": { "id": { "type": "string", - "readOnly": true, "description": "Unique ID of this transform", "example": "2cd78adghjkja34jh2b1hkjhasuecd" }, "name": { "type": "string", - "readOnly": true, "description": "Unique name of this transform", "example": "Timestamp To Date" }, "type": { "type": "string", - "readOnly": true, "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", "example": "concat" }, @@ -178067,19 +178058,16 @@ "properties": { "id": { "type": "string", - "readOnly": true, "description": "Unique ID of this transform", "example": "2cd78adghjkja34jh2b1hkjhasuecd" }, "name": { "type": "string", - "readOnly": true, "description": "Unique name of this transform", "example": "Timestamp To Date" }, "type": { "type": "string", - "readOnly": true, "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", "example": "concat" }, @@ -178542,19 +178530,16 @@ "properties": { "id": { "type": "string", - "readOnly": true, "description": "Unique ID of this transform", "example": "2cd78adghjkja34jh2b1hkjhasuecd" }, "name": { "type": "string", - "readOnly": true, "description": "Unique name of this transform", "example": "Timestamp To Date" }, "type": { "type": "string", - "readOnly": true, "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", "example": "concat" }, @@ -178603,19 +178588,16 @@ "properties": { "id": { "type": "string", - "readOnly": true, "description": "Unique ID of this transform", "example": "2cd78adghjkja34jh2b1hkjhasuecd" }, "name": { "type": "string", - "readOnly": true, "description": "Unique name of this transform", "example": "Timestamp To Date" }, "type": { "type": "string", - "readOnly": true, "description": "The transform type (see [Transformations in IdentityNow Using Seaspray](https://community.sailpoint.com/docs/DOC-4629)).", "example": "concat" }, diff --git a/src/routes/api-client/V3Spec.json b/src/routes/api-client/V3Spec.json index f22d443..29daff1 100644 --- a/src/routes/api-client/V3Spec.json +++ b/src/routes/api-client/V3Spec.json @@ -95880,6 +95880,4187 @@ } } }, + "/sod-exceptions": { + "post": { + "security": [ + { + "oauth2": [ + "idn:sod-exception:write" + ] + } + ], + "operationId": "createSodException", + "tags": [ + "SOD Exception" + ], + "summary": "Create SOD exception", + "description": "This API creates a SOD exception.\n\nA token with API authority is required to call this API.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "nullable": true, + "description": "Id of a SOD exception.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is created.", + "example": "2020-01-01T00:00:00.000Z" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is modified.", + "example": "2020-01-01T00:00:00.000Z" + }, + "sodPolicy": { + "example": "00fc6afc-af1d-43af-b350-8d632f4c56ca", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "identity": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "start": { + "type": "string", + "format": "date-time", + "description": "The earliest date-time when this SOD exception is applicable.", + "example": "2020-01-01T00:00:00.000Z" + }, + "end": { + "type": "string", + "format": "date-time", + "description": "The last date-time when this SOD exception is applicable.", + "example": "2020-01-02T00:00:00.000Z" + }, + "businessJustification": { + "type": "string", + "description": "The business justification for the exception.", + "example": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week." + }, + "mitigatingControl": { + "type": "string", + "description": "The mitigating control for the exception.", + "example": "The manager will audit Bill's changes this week." + }, + "accessCriteria": { + "nullable": false, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + } + } + }, + "origin": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "examples": { + "Exception created": { + "summary": "Exception", + "value": { + "id": null, + "created": null, + "modified": null, + "sodPolicy": { + "type": "SOD_POLICY", + "id": "00fc6afc-af1d-43af-b350-8d632f4c56ca" + }, + "identity": { + "type": "IDENTITY", + "id": "2c9180867473c1bd01747e8a7d65179b" + }, + "start": "2020-01-01T00:00:00.000Z", + "end": "2020-01-02T00:00:00.000Z", + "businessJustification": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week.", + "mitigatingControl": "The manager will audit Bill's changes this week.", + "accessCriteria": { + "leftCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + }, + "origin": { + "type": "ACCOUNT_ACTIVITY", + "id": "2c9180867372a2590173774358eb016d" + } + } + } + } + } + } + }, + "responses": { + "201": { + "description": "SOD exception created", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "nullable": true, + "description": "Id of a SOD exception.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is created.", + "example": "2020-01-01T00:00:00.000Z" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is modified.", + "example": "2020-01-01T00:00:00.000Z" + }, + "sodPolicy": { + "example": "00fc6afc-af1d-43af-b350-8d632f4c56ca", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "identity": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "start": { + "type": "string", + "format": "date-time", + "description": "The earliest date-time when this SOD exception is applicable.", + "example": "2020-01-01T00:00:00.000Z" + }, + "end": { + "type": "string", + "format": "date-time", + "description": "The last date-time when this SOD exception is applicable.", + "example": "2020-01-02T00:00:00.000Z" + }, + "businessJustification": { + "type": "string", + "description": "The business justification for the exception.", + "example": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week." + }, + "mitigatingControl": { + "type": "string", + "description": "The mitigating control for the exception.", + "example": "The manager will audit Bill's changes this week." + }, + "accessCriteria": { + "nullable": false, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + } + } + }, + "origin": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "examples": { + "SOD Exception": { + "summary": "Exception", + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "sodPolicy": { + "type": "SOD_POLICY", + "id": "00fc6afc-af1d-43af-b350-8d632f4c56ca" + }, + "identity": { + "type": "IDENTITY", + "id": "2c9180867473c1bd01747e8a7d65179b" + }, + "start": "2020-01-01T00:00:00.000Z", + "end": "2020-01-02T00:00:00.000Z", + "businessJustification": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week.", + "mitigatingControl": "The manager will audit Bill's changes this week.", + "accessCriteria": { + "leftCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + }, + "origin": { + "type": "ACCOUNT_ACTIVITY", + "id": "2c9180867372a2590173774358eb016d" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-exception:read" + ] + } + ], + "operationId": "listSodExceptions", + "tags": [ + "SOD Exception" + ], + "summary": "List SOD exceptions", + "description": "This API returns a list of all SOD exceptions.\n\nA token with API authority is required to call this API.", + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 250, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 250, + "default": 250 + } + }, + { + "in": "query", + "name": "offset", + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": 0, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "default": 0 + } + }, + { + "in": "query", + "name": "count", + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "required": false, + "example": true, + "schema": { + "type": "boolean", + "default": false + } + }, + { + "in": "query", + "name": "filters", + "schema": { + "type": "string" + }, + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, \n\nin* **sodPolicy.id**: *eq, \n\nin* **identity.id**: *eq, \n\nin*", + "example": "identity.id eq \"bc693f07e7b645539626c25954c58554\"", + "required": false + }, + { + "in": "query", + "name": "sorters", + "schema": { + "type": "string", + "format": "comma-separated" + }, + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields:\n\n**sodPolicy.id, \n\nidentity.id, \n\nstart, \n\nend**", + "example": "identity.id,-start", + "required": false + } + ], + "responses": { + "200": { + "description": "List of all SOD Exceptions.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "object", + "properties": { + "id": { + "type": "string", + "nullable": true, + "description": "Id of a SOD exception.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is created.", + "example": "2020-01-01T00:00:00.000Z" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is modified.", + "example": "2020-01-01T00:00:00.000Z" + }, + "sodPolicy": { + "example": "00fc6afc-af1d-43af-b350-8d632f4c56ca", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "identity": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "start": { + "type": "string", + "format": "date-time", + "description": "The earliest date-time when this SOD exception is applicable.", + "example": "2020-01-01T00:00:00.000Z" + }, + "end": { + "type": "string", + "format": "date-time", + "description": "The last date-time when this SOD exception is applicable.", + "example": "2020-01-02T00:00:00.000Z" + }, + "businessJustification": { + "type": "string", + "description": "The business justification for the exception.", + "example": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week." + }, + "mitigatingControl": { + "type": "string", + "description": "The mitigating control for the exception.", + "example": "The manager will audit Bill's changes this week." + }, + "accessCriteria": { + "nullable": false, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + } + } + }, + "origin": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + } + }, + "example": [ + { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "sodPolicy": { + "type": "SOD_POLICY", + "id": "00fc6afc-af1d-43af-b350-8d632f4c56ca" + }, + "identity": { + "type": "IDENTITY", + "id": "2c9180867473c1bd01747e8a7d65179b" + }, + "start": "2020-01-01T00:00:00.000Z", + "end": "2020-01-02T00:00:00.000Z", + "businessJustification": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week.", + "mitigatingControl": "The manager will audit Bill's changes this week.", + "accessCriteria": { + "leftCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + }, + "origin": { + "type": "ACCOUNT_ACTIVITY", + "id": "2c9180867372a2590173774358eb016d" + } + } + ] + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, + "/sod-exceptions/{id}": { + "get": { + "security": [ + { + "oauth2": [ + "idn:sod-exception:read" + ] + } + ], + "operationId": "getSodExceptionById", + "tags": [ + "SOD Exception" + ], + "summary": "Get SOD exception by ID", + "description": "This API returns the specified SOD exception.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the object reference to retrieve.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "200": { + "description": "SOD exception by ID.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "nullable": true, + "description": "Id of a SOD exception.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is created.", + "example": "2020-01-01T00:00:00.000Z" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is modified.", + "example": "2020-01-01T00:00:00.000Z" + }, + "sodPolicy": { + "example": "00fc6afc-af1d-43af-b350-8d632f4c56ca", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "identity": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "start": { + "type": "string", + "format": "date-time", + "description": "The earliest date-time when this SOD exception is applicable.", + "example": "2020-01-01T00:00:00.000Z" + }, + "end": { + "type": "string", + "format": "date-time", + "description": "The last date-time when this SOD exception is applicable.", + "example": "2020-01-02T00:00:00.000Z" + }, + "businessJustification": { + "type": "string", + "description": "The business justification for the exception.", + "example": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week." + }, + "mitigatingControl": { + "type": "string", + "description": "The mitigating control for the exception.", + "example": "The manager will audit Bill's changes this week." + }, + "accessCriteria": { + "nullable": false, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + } + } + }, + "origin": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "examples": { + "SOD Exception": { + "summary": "Exception", + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "sodPolicy": { + "type": "SOD_POLICY", + "id": "00fc6afc-af1d-43af-b350-8d632f4c56ca" + }, + "identity": { + "type": "IDENTITY", + "id": "2c9180867473c1bd01747e8a7d65179b" + }, + "start": "2020-01-01T00:00:00.000Z", + "end": "2020-01-02T00:00:00.000Z", + "businessJustification": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week.", + "mitigatingControl": "The manager will audit Bill's changes this week.", + "accessCriteria": { + "leftCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + }, + "origin": { + "type": "ACCOUNT_ACTIVITY", + "id": "2c9180867372a2590173774358eb016d" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "patch": { + "security": [ + { + "oauth2": [ + "idn:sod-exception:write" + ] + } + ], + "operationId": "patchExceptionById", + "tags": [ + "SOD Exception" + ], + "summary": "Update SOD exception", + "description": "This API allows updating SOD exception fields other than [\"id\", \"created\", \"origin\"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD exception to update.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "requestBody": { + "required": true, + "description": "A list of SOD policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nThe following fields are patchable:\n* policyId\n* identityId\n* start\n* end\n* businessJustification\n* mitigatingControl\n", + "content": { + "application/json-patch+json": { + "schema": { + "type": "array", + "items": { + "type": "object" + } + }, + "examples": { + "Update exception": { + "value": [ + { + "op": "replace", + "path": "/sodPolicy/id", + "value": "c61499ae-6912-4fb5-b216-a97eb6781105" + }, + { + "op": "replace", + "path": "/mitigatingControl", + "value": "Modified mitigating control" + }, + { + "op": "replace", + "path": "/end", + "value": "2020-01-03T00:00:00.000Z" + } + ] + } + } + } + } + }, + "responses": { + "200": { + "description": "Indicates the PATCH operation succeeded, and returns the SOD exception's new representation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string", + "nullable": true, + "description": "Id of a SOD exception.", + "example": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde" + }, + "created": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is created.", + "example": "2020-01-01T00:00:00.000Z" + }, + "modified": { + "type": "string", + "nullable": true, + "format": "date-time", + "description": "The time when this SOD exception is modified.", + "example": "2020-01-01T00:00:00.000Z" + }, + "sodPolicy": { + "example": "00fc6afc-af1d-43af-b350-8d632f4c56ca", + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "identity": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + }, + "start": { + "type": "string", + "format": "date-time", + "description": "The earliest date-time when this SOD exception is applicable.", + "example": "2020-01-01T00:00:00.000Z" + }, + "end": { + "type": "string", + "format": "date-time", + "description": "The last date-time when this SOD exception is applicable.", + "example": "2020-01-02T00:00:00.000Z" + }, + "businessJustification": { + "type": "string", + "description": "The business justification for the exception.", + "example": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week." + }, + "mitigatingControl": { + "type": "string", + "description": "The mitigating control for the exception.", + "example": "The manager will audit Bill's changes this week." + }, + "accessCriteria": { + "nullable": false, + "type": "object", + "properties": { + "leftCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + }, + "rightCriteria": { + "type": "object", + "properties": { + "criteriaList": { + "type": "array", + "description": "List of exception criteria. There is a min of 1 and max of 50 items in the list.", + "items": { + "allOf": [ + { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local" + }, + "existing": { + "type": "boolean", + "description": "Whether the subject identity already had that access or not", + "default": false, + "example": true + } + }, + "description": "Access reference with addition of boolean existing flag to indicate whether the access was extant" + } + ], + "description": "The types of objects supported for SOD violations", + "properties": { + "type": { + "enum": [ + "ENTITLEMENT" + ], + "example": "ENTITLEMENT", + "description": "The type of object that is referenced" + } + } + }, + "example": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66", + "existing": true + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67", + "existing": false + } + ] + } + } + } + } + }, + "origin": { + "type": "object", + "properties": { + "type": { + "description": "DTO type", + "type": "string", + "enum": [ + "ACCOUNT_CORRELATION_CONFIG", + "ACCESS_PROFILE", + "ACCESS_REQUEST_APPROVAL", + "ACCOUNT", + "APPLICATION", + "CAMPAIGN", + "CAMPAIGN_FILTER", + "CERTIFICATION", + "CLUSTER", + "CONNECTOR_SCHEMA", + "ENTITLEMENT", + "GOVERNANCE_GROUP", + "IDENTITY", + "IDENTITY_PROFILE", + "IDENTITY_REQUEST", + "LIFECYCLE_STATE", + "PASSWORD_POLICY", + "ROLE", + "RULE", + "SOD_POLICY", + "SOURCE", + "TAG_CATEGORY", + "TASK_RESULT", + "REPORT_RESULT", + "SOD_VIOLATION", + "ACCOUNT_ACTIVITY" + ], + "example": "IDENTITY" + }, + "id": { + "type": "string", + "description": "ID of the object to which this reference applies", + "example": "2c91808568c529c60168cca6f90c1313" + }, + "name": { + "type": "string", + "description": "Human-readable display name of the object to which this reference applies", + "example": "William Wilson" + } + } + } + } + }, + "examples": { + "SOD Exception": { + "summary": "Exception", + "value": { + "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", + "created": "2020-01-01T00:00:00.000000Z", + "modified": "2020-01-01T00:00:00.000000Z", + "sodPolicy": { + "type": "SOD_POLICY", + "id": "00fc6afc-af1d-43af-b350-8d632f4c56ca" + }, + "identity": { + "type": "IDENTITY", + "id": "2c9180867473c1bd01747e8a7d65179b" + }, + "start": "2020-01-01T00:00:00.000Z", + "end": "2020-01-02T00:00:00.000Z", + "businessJustification": "Bob (the accountant) is on vacation, Bill needs access to accounting data this week.", + "mitigatingControl": "The manager will audit Bill's changes this week.", + "accessCriteria": { + "leftCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a66" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a67" + } + ] + }, + "rightCriteria": { + "criteriaList": [ + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a68" + }, + { + "type": "ENTITLEMENT", + "id": "2c9180866166b5b0016167c32ef31a69" + } + ] + } + }, + "origin": { + "type": "ACCOUNT_ACTIVITY", + "id": "2c9180867372a2590173774358eb016d" + } + } + } + } + } + } + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + }, + "delete": { + "security": [ + { + "oauth2": [ + "idn:sod-exception:write" + ] + } + ], + "operationId": "deleteSodExceptionById", + "tags": [ + "SOD Exception" + ], + "summary": "Delete SOD exception by ID", + "description": "This API deletes the specified SOD exception.", + "parameters": [ + { + "in": "path", + "name": "id", + "schema": { + "type": "string" + }, + "required": true, + "description": "The ID of the SOD exception to delete.", + "example": "ef38f94347e94562b5bb8424a56397d8" + } + ], + "responses": { + "204": { + "description": "No content." + }, + "400": { + "description": "Client Error - Returned if the request body is invalid.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "error": { + "description": "A message describing the error", + "example": "JWT validation failed: JWT is expired" + } + } + } + } + } + }, + "403": { + "description": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "403": { + "summary": "An example of a 403 response object", + "value": { + "detailCode": "403 Forbidden", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server understood the request but refuses to authorize it." + } + ] + } + } + } + } + } + }, + "404": { + "description": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "404": { + "summary": "An example of a 404 response object", + "value": { + "detailCode": "404 Not found", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "The server did not find a current representation for the target resource." + } + ] + } + } + } + } + } + }, + "429": { + "description": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "message": { + "description": "A message describing the error", + "example": " Rate Limit Exceeded " + } + } + } + } + } + }, + "500": { + "description": "Internal Server Error - Returned if there is an unexpected error.", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "detailCode": { + "type": "string", + "description": "Fine-grained error code providing more detail of the error.", + "example": "400.1 Bad Request Content" + }, + "trackingId": { + "type": "string", + "description": "Unique tracking id for the error.", + "example": "e7eab60924f64aa284175b9fa3309599" + }, + "messages": { + "type": "array", + "description": "Generic localized reason for error", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + }, + "causes": { + "type": "array", + "description": "Plain-text descriptive reasons to provide additional detail to the text provided in the messages field", + "items": { + "type": "object", + "properties": { + "locale": { + "type": "string", + "description": "The locale for the message text, a BCP 47 language tag.", + "example": "en-US" + }, + "localeOrigin": { + "type": "string", + "enum": [ + "DEFAULT", + "REQUEST" + ], + "description": "An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.", + "example": "DEFAULT" + }, + "text": { + "type": "string", + "description": "Actual text of the error message in the indicated locale.", + "example": "The request was syntactically correct but its content is semantically invalid." + } + } + } + } + } + }, + "examples": { + "500": { + "summary": "An example of a 500 response object", + "value": { + "detailCode": "500.0 Internal Fault", + "trackingId": "b21b1f7ce4da4d639f2c62a57171b427", + "messages": [ + { + "locale": "en-US", + "localeOrigin": "DEFAULT", + "text": "An internal fault occurred." + } + ] + } + } + } + } + } + } + } + } + }, "/sod-policies": { "post": { "security": [