This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused.
A token with ORG_ADMIN or API authority is required to call this API.
Client Error - Returned if the request body is invalid.
ErrorResponseDto
401
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
ListAccessModelMetadataAttribute401Response
403
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
ErrorResponseDto
404
Not Found - returned if the request URL refers to a resource or object that does not exist
ErrorResponseDto
429
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
ListAccessModelMetadataAttribute429Response
500
Internal Server Error - Returned if there is an unexpected error.
ErrorResponseDto
HTTP request headers
Content-Type: application/json
Accept: application/json
Example
$IdentityWithNewAccess=@"{
"identityId" : "2c91808568c529c60168cca6f90c1313",
"accessRefs" : [ {
"type" : "ENTITLEMENT",
"id" : "2c918087682f9a86016839c050861ab1",
"name" : "CN=InformationAccess,OU=test,OU=test-service,DC=TestAD,DC=local"
}, {
"type" : "ENTITLEMENT",
"id" : "2c918087682f9a86016839c0509c1ab2",
"name" : "CN=InformationTechnology,OU=test,OU=test-service,DC=TestAD,DC=local"
} ]
}"@# Predict SOD violations for identity.try{$Result=ConvertFrom-JsonToIdentityWithNewAccess-Json$IdentityWithNewAccessStart-BetaPredictSodViolations-BetaIdentityWithNewAccess$Result# Below is a request that includes all optional parameters# Start-BetaPredictSodViolations -BetaIdentityWithNewAccess $IdentityWithNewAccess }catch{Write-Host$_.Exception.Response.StatusCode.value__"Exception occurred when calling Start-BetaPredictSodViolations"Write-Host$_.ErrorDetails}
