diff --git a/dereferenced/deref-sailpoint-api.v3.yaml b/dereferenced/deref-sailpoint-api.v3.yaml index c0d8e9e..dec814c 100644 --- a/dereferenced/deref-sailpoint-api.v3.yaml +++ b/dereferenced/deref-sailpoint-api.v3.yaml @@ -74354,3761 +74354,6 @@ paths: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. - /sod-exceptions: - post: - security: - - oauth2: - - 'idn:sod-exception:write' - operationId: createSodException - tags: - - SOD Exception - summary: Create SOD exception - description: |- - This API creates a SOD exception. - - A token with API authority is required to call this API. - requestBody: - required: true - content: - application/json: - schema: - type: object - properties: - id: - type: string - nullable: true - description: Id of a SOD exception. - example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is created. - example: '2020-01-01T00:00:00.000Z' - modified: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is modified. - example: '2020-01-01T00:00:00.000Z' - sodPolicy: - example: 00fc6afc-af1d-43af-b350-8d632f4c56ca - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - identity: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - start: - type: string - format: date-time - description: The earliest date-time when this SOD exception is applicable. - example: '2020-01-01T00:00:00.000Z' - end: - type: string - format: date-time - description: The last date-time when this SOD exception is applicable. - example: '2020-01-02T00:00:00.000Z' - businessJustification: - type: string - description: The business justification for the exception. - example: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: - type: string - description: The mitigating control for the exception. - example: The manager will audit Bill's changes this week. - accessCriteria: - nullable: false - type: object - properties: - leftCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - rightCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - origin: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - examples: - Exception created: - summary: Exception - value: - id: null - created: null - modified: null - sodPolicy: - type: SOD_POLICY - id: 00fc6afc-af1d-43af-b350-8d632f4c56ca - identity: - type: IDENTITY - id: 2c9180867473c1bd01747e8a7d65179b - start: '2020-01-01T00:00:00.000Z' - end: '2020-01-02T00:00:00.000Z' - businessJustification: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: The manager will audit Bill's changes this week. - accessCriteria: - leftCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - rightCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a68 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a69 - origin: - type: ACCOUNT_ACTIVITY - id: 2c9180867372a2590173774358eb016d - responses: - '201': - description: SOD exception created - content: - application/json: - schema: - type: object - properties: - id: - type: string - nullable: true - description: Id of a SOD exception. - example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is created. - example: '2020-01-01T00:00:00.000Z' - modified: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is modified. - example: '2020-01-01T00:00:00.000Z' - sodPolicy: - example: 00fc6afc-af1d-43af-b350-8d632f4c56ca - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - identity: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - start: - type: string - format: date-time - description: The earliest date-time when this SOD exception is applicable. - example: '2020-01-01T00:00:00.000Z' - end: - type: string - format: date-time - description: The last date-time when this SOD exception is applicable. - example: '2020-01-02T00:00:00.000Z' - businessJustification: - type: string - description: The business justification for the exception. - example: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: - type: string - description: The mitigating control for the exception. - example: The manager will audit Bill's changes this week. - accessCriteria: - nullable: false - type: object - properties: - leftCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - rightCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - origin: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - examples: - SOD Exception: - summary: Exception - value: - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: '2020-01-01T00:00:00.000000Z' - modified: '2020-01-01T00:00:00.000000Z' - sodPolicy: - type: SOD_POLICY - id: 00fc6afc-af1d-43af-b350-8d632f4c56ca - identity: - type: IDENTITY - id: 2c9180867473c1bd01747e8a7d65179b - start: '2020-01-01T00:00:00.000Z' - end: '2020-01-02T00:00:00.000Z' - businessJustification: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: The manager will audit Bill's changes this week. - accessCriteria: - leftCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - rightCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a68 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a69 - origin: - type: ACCOUNT_ACTIVITY - id: 2c9180867372a2590173774358eb016d - '400': - description: Client Error - Returned if the request body is invalid. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - '401': - description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' - content: - application/json: - schema: - type: object - properties: - error: - description: A message describing the error - example: 'JWT validation failed: JWT is expired' - '403': - description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '403': - summary: An example of a 403 response object - value: - detailCode: 403 Forbidden - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server understood the request but refuses to authorize it. - '429': - description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. - content: - application/json: - schema: - type: object - properties: - message: - description: A message describing the error - example: ' Rate Limit Exceeded ' - '500': - description: Internal Server Error - Returned if there is an unexpected error. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '500': - summary: An example of a 500 response object - value: - detailCode: 500.0 Internal Fault - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: An internal fault occurred. - get: - security: - - oauth2: - - 'idn:sod-exception:read' - operationId: listSodExceptions - tags: - - SOD Exception - summary: List SOD exceptions - description: |- - This API returns a list of all SOD exceptions. - - A token with API authority is required to call this API. - parameters: - - in: query - name: limit - description: |- - Max number of results to return. - See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. - required: false - example: 250 - schema: - type: integer - format: int32 - minimum: 0 - maximum: 250 - default: 250 - - in: query - name: offset - description: |- - Offset into the full result set. Usually specified with *limit* to paginate through the results. - See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. - required: false - example: 0 - schema: - type: integer - format: int32 - minimum: 0 - default: 0 - - in: query - name: count - description: |- - If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. - - Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. - - See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. - required: false - example: true - schema: - type: boolean - default: false - - in: query - name: filters - schema: - type: string - description: |- - Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) - - Filtering is supported for the following fields and operators: - - **id**: *eq, - - in* **sodPolicy.id**: *eq, - - in* **identity.id**: *eq, - - in* - example: identity.id eq "bc693f07e7b645539626c25954c58554" - required: false - - in: query - name: sorters - schema: - type: string - format: comma-separated - description: |- - Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) - - Sorting is supported for the following fields: - - **sodPolicy.id, - - identity.id, - - start, - - end** - example: 'identity.id,-start' - required: false - responses: - '200': - description: List of all SOD Exceptions. - content: - application/json: - schema: - type: array - items: - type: object - properties: - id: - type: string - nullable: true - description: Id of a SOD exception. - example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is created. - example: '2020-01-01T00:00:00.000Z' - modified: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is modified. - example: '2020-01-01T00:00:00.000Z' - sodPolicy: - example: 00fc6afc-af1d-43af-b350-8d632f4c56ca - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - identity: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - start: - type: string - format: date-time - description: The earliest date-time when this SOD exception is applicable. - example: '2020-01-01T00:00:00.000Z' - end: - type: string - format: date-time - description: The last date-time when this SOD exception is applicable. - example: '2020-01-02T00:00:00.000Z' - businessJustification: - type: string - description: The business justification for the exception. - example: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: - type: string - description: The mitigating control for the exception. - example: The manager will audit Bill's changes this week. - accessCriteria: - nullable: false - type: object - properties: - leftCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - rightCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - origin: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - example: - - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: '2020-01-01T00:00:00.000000Z' - modified: '2020-01-01T00:00:00.000000Z' - sodPolicy: - type: SOD_POLICY - id: 00fc6afc-af1d-43af-b350-8d632f4c56ca - identity: - type: IDENTITY - id: 2c9180867473c1bd01747e8a7d65179b - start: '2020-01-01T00:00:00.000Z' - end: '2020-01-02T00:00:00.000Z' - businessJustification: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: The manager will audit Bill's changes this week. - accessCriteria: - leftCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - rightCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a68 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a69 - origin: - type: ACCOUNT_ACTIVITY - id: 2c9180867372a2590173774358eb016d - '400': - description: Client Error - Returned if the request body is invalid. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - '401': - description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' - content: - application/json: - schema: - type: object - properties: - error: - description: A message describing the error - example: 'JWT validation failed: JWT is expired' - '403': - description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '403': - summary: An example of a 403 response object - value: - detailCode: 403 Forbidden - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server understood the request but refuses to authorize it. - '429': - description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. - content: - application/json: - schema: - type: object - properties: - message: - description: A message describing the error - example: ' Rate Limit Exceeded ' - '500': - description: Internal Server Error - Returned if there is an unexpected error. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '500': - summary: An example of a 500 response object - value: - detailCode: 500.0 Internal Fault - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: An internal fault occurred. - '/sod-exceptions/{id}': - get: - security: - - oauth2: - - 'idn:sod-exception:read' - operationId: getSodExceptionById - tags: - - SOD Exception - summary: Get SOD exception by ID - description: This API returns the specified SOD exception. - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The ID of the object reference to retrieve. - example: ef38f94347e94562b5bb8424a56397d8 - responses: - '200': - description: SOD exception by ID. - content: - application/json: - schema: - type: object - properties: - id: - type: string - nullable: true - description: Id of a SOD exception. - example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is created. - example: '2020-01-01T00:00:00.000Z' - modified: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is modified. - example: '2020-01-01T00:00:00.000Z' - sodPolicy: - example: 00fc6afc-af1d-43af-b350-8d632f4c56ca - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - identity: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - start: - type: string - format: date-time - description: The earliest date-time when this SOD exception is applicable. - example: '2020-01-01T00:00:00.000Z' - end: - type: string - format: date-time - description: The last date-time when this SOD exception is applicable. - example: '2020-01-02T00:00:00.000Z' - businessJustification: - type: string - description: The business justification for the exception. - example: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: - type: string - description: The mitigating control for the exception. - example: The manager will audit Bill's changes this week. - accessCriteria: - nullable: false - type: object - properties: - leftCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - rightCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - origin: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - examples: - SOD Exception: - summary: Exception - value: - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: '2020-01-01T00:00:00.000000Z' - modified: '2020-01-01T00:00:00.000000Z' - sodPolicy: - type: SOD_POLICY - id: 00fc6afc-af1d-43af-b350-8d632f4c56ca - identity: - type: IDENTITY - id: 2c9180867473c1bd01747e8a7d65179b - start: '2020-01-01T00:00:00.000Z' - end: '2020-01-02T00:00:00.000Z' - businessJustification: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: The manager will audit Bill's changes this week. - accessCriteria: - leftCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - rightCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a68 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a69 - origin: - type: ACCOUNT_ACTIVITY - id: 2c9180867372a2590173774358eb016d - '400': - description: Client Error - Returned if the request body is invalid. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - '401': - description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' - content: - application/json: - schema: - type: object - properties: - error: - description: A message describing the error - example: 'JWT validation failed: JWT is expired' - '403': - description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '403': - summary: An example of a 403 response object - value: - detailCode: 403 Forbidden - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server understood the request but refuses to authorize it. - '404': - description: Not Found - returned if the request URL refers to a resource or object that does not exist - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '404': - summary: An example of a 404 response object - value: - detailCode: 404 Not found - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server did not find a current representation for the target resource. - '429': - description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. - content: - application/json: - schema: - type: object - properties: - message: - description: A message describing the error - example: ' Rate Limit Exceeded ' - '500': - description: Internal Server Error - Returned if there is an unexpected error. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '500': - summary: An example of a 500 response object - value: - detailCode: 500.0 Internal Fault - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: An internal fault occurred. - patch: - security: - - oauth2: - - 'idn:sod-exception:write' - operationId: patchExceptionById - tags: - - SOD Exception - summary: Update SOD exception - description: 'This API allows updating SOD exception fields other than ["id", "created", "origin"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The ID of the SOD exception to update. - example: ef38f94347e94562b5bb8424a56397d8 - requestBody: - required: true - description: | - A list of SOD policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. - - The following fields are patchable: - * policyId - * identityId - * start - * end - * businessJustification - * mitigatingControl - content: - application/json-patch+json: - schema: - type: array - items: - type: object - examples: - Update exception: - value: - - op: replace - path: /sodPolicy/id - value: c61499ae-6912-4fb5-b216-a97eb6781105 - - op: replace - path: /mitigatingControl - value: Modified mitigating control - - op: replace - path: /end - value: '2020-01-03T00:00:00.000Z' - responses: - '200': - description: 'Indicates the PATCH operation succeeded, and returns the SOD exception''s new representation.' - content: - application/json: - schema: - type: object - properties: - id: - type: string - nullable: true - description: Id of a SOD exception. - example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is created. - example: '2020-01-01T00:00:00.000Z' - modified: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is modified. - example: '2020-01-01T00:00:00.000Z' - sodPolicy: - example: 00fc6afc-af1d-43af-b350-8d632f4c56ca - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - identity: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - start: - type: string - format: date-time - description: The earliest date-time when this SOD exception is applicable. - example: '2020-01-01T00:00:00.000Z' - end: - type: string - format: date-time - description: The last date-time when this SOD exception is applicable. - example: '2020-01-02T00:00:00.000Z' - businessJustification: - type: string - description: The business justification for the exception. - example: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: - type: string - description: The mitigating control for the exception. - example: The manager will audit Bill's changes this week. - accessCriteria: - nullable: false - type: object - properties: - leftCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - rightCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - origin: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - examples: - SOD Exception: - summary: Exception - value: - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: '2020-01-01T00:00:00.000000Z' - modified: '2020-01-01T00:00:00.000000Z' - sodPolicy: - type: SOD_POLICY - id: 00fc6afc-af1d-43af-b350-8d632f4c56ca - identity: - type: IDENTITY - id: 2c9180867473c1bd01747e8a7d65179b - start: '2020-01-01T00:00:00.000Z' - end: '2020-01-02T00:00:00.000Z' - businessJustification: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: The manager will audit Bill's changes this week. - accessCriteria: - leftCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - rightCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a68 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a69 - origin: - type: ACCOUNT_ACTIVITY - id: 2c9180867372a2590173774358eb016d - '400': - description: Client Error - Returned if the request body is invalid. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - '401': - description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' - content: - application/json: - schema: - type: object - properties: - error: - description: A message describing the error - example: 'JWT validation failed: JWT is expired' - '403': - description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '403': - summary: An example of a 403 response object - value: - detailCode: 403 Forbidden - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server understood the request but refuses to authorize it. - '404': - description: Not Found - returned if the request URL refers to a resource or object that does not exist - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '404': - summary: An example of a 404 response object - value: - detailCode: 404 Not found - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server did not find a current representation for the target resource. - '429': - description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. - content: - application/json: - schema: - type: object - properties: - message: - description: A message describing the error - example: ' Rate Limit Exceeded ' - '500': - description: Internal Server Error - Returned if there is an unexpected error. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '500': - summary: An example of a 500 response object - value: - detailCode: 500.0 Internal Fault - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: An internal fault occurred. - delete: - security: - - oauth2: - - 'idn:sod-exception:write' - operationId: deleteSodExceptionById - tags: - - SOD Exception - summary: Delete SOD exception by ID - description: This API deletes the specified SOD exception. - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The ID of the SOD exception to delete. - example: ef38f94347e94562b5bb8424a56397d8 - responses: - '204': - description: No content. - '400': - description: Client Error - Returned if the request body is invalid. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - '401': - description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' - content: - application/json: - schema: - type: object - properties: - error: - description: A message describing the error - example: 'JWT validation failed: JWT is expired' - '403': - description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '403': - summary: An example of a 403 response object - value: - detailCode: 403 Forbidden - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server understood the request but refuses to authorize it. - '404': - description: Not Found - returned if the request URL refers to a resource or object that does not exist - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '404': - summary: An example of a 404 response object - value: - detailCode: 404 Not found - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server did not find a current representation for the target resource. - '429': - description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. - content: - application/json: - schema: - type: object - properties: - message: - description: A message describing the error - example: ' Rate Limit Exceeded ' - '500': - description: Internal Server Error - Returned if there is an unexpected error. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '500': - summary: An example of a 500 response object - value: - detailCode: 500.0 Internal Fault - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: An internal fault occurred. - /sod-exceptions/bulk-create: - post: - security: - - oauth2: - - 'idn:sod-exception:write' - operationId: createBulkSodExceptions - tags: - - SOD Exception - summary: Create SOD exceptions in bulk - description: This API creates SOD exceptions in bulk. - requestBody: - required: true - content: - application/json: - schema: - type: object - properties: - exceptions: - type: array - description: List of exceptions. - items: - type: object - properties: - id: - type: string - nullable: true - description: Id of a SOD exception. - example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - created: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is created. - example: '2020-01-01T00:00:00.000Z' - modified: - type: string - nullable: true - format: date-time - description: The time when this SOD exception is modified. - example: '2020-01-01T00:00:00.000Z' - sodPolicy: - example: 00fc6afc-af1d-43af-b350-8d632f4c56ca - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - identity: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - start: - type: string - format: date-time - description: The earliest date-time when this SOD exception is applicable. - example: '2020-01-01T00:00:00.000Z' - end: - type: string - format: date-time - description: The last date-time when this SOD exception is applicable. - example: '2020-01-02T00:00:00.000Z' - businessJustification: - type: string - description: The business justification for the exception. - example: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: - type: string - description: The mitigating control for the exception. - example: The manager will audit Bill's changes this week. - accessCriteria: - nullable: false - type: object - properties: - leftCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - rightCriteria: - type: object - properties: - criteriaList: - type: array - description: List of exception criteria. There is a min of 1 and max of 50 items in the list. - items: - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local' - existing: - type: boolean - description: Whether the subject identity already had that access or not - default: false - example: true - description: Access reference with addition of boolean existing flag to indicate whether the access was extant - description: The types of objects supported for SOD violations - properties: - type: - enum: - - ENTITLEMENT - example: ENTITLEMENT - description: The type of object that is referenced - example: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - existing: true - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - existing: false - origin: - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - examples: - Exception list: - summary: Exception List - value: - exceptions: - - id: null - created: null - modified: null - sodPolicy: - type: SOD_POLICY - id: 00fc6afc-af1d-43af-b350-8d632f4c56ca - identity: - type: IDENTITY - id: 2c9180867473c1bd01747e8a7d65179b - start: '2020-01-01T00:00:00.000Z' - end: '2020-01-02T00:00:00.000Z' - businessJustification: 'Bob (the accountant) is on vacation, Bill needs access to accounting data this week.' - mitigatingControl: The manager will audit Bill's changes this week. - accessCriteria: - leftCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a66 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a67 - rightCriteria: - criteriaList: - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a68 - - type: ENTITLEMENT - id: 2c9180866166b5b0016167c32ef31a69 - origin: - type: ACCOUNT_ACTIVITY - id: 2c9180867372a2590173774358eb016d - responses: - '202': - description: Bulk create SOD exception accepted - content: - application/json: - schema: - type: object - properties: - exceptionCount: - type: string - nullable: false - description: Count of the exceptions - example: '5' - examples: - SOD Exception: - summary: Accepted exception list - value: - exceptionCount: '5' - '400': - description: Client Error - Returned if the request body is invalid. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - '401': - description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' - content: - application/json: - schema: - type: object - properties: - error: - description: A message describing the error - example: 'JWT validation failed: JWT is expired' - '403': - description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '403': - summary: An example of a 403 response object - value: - detailCode: 403 Forbidden - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: The server understood the request but refuses to authorize it. - '429': - description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. - content: - application/json: - schema: - type: object - properties: - message: - description: A message describing the error - example: ' Rate Limit Exceeded ' - '500': - description: Internal Server Error - Returned if there is an unexpected error. - content: - application/json: - schema: - type: object - properties: - detailCode: - type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: - type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: - type: array - description: Generic localized reason for error - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - causes: - type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '500': - summary: An example of a 500 response object - value: - detailCode: 500.0 Internal Fault - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: An internal fault occurred. /sod-policies: post: security: