This chapter contains the following sections:
This chapter describes the web services used to get information from Oracle Identity Analytics regarding audit violations. In particular, the Identity Audit web service can be used to prevent and report Segregation of Duties (SoD) violations. A Segregation of Duties violation is a violation whereby a user account, a user attribute, or a role has been assigned two entitlements that should not be held in combination.
Using the Identity Audit Web Service, SoD violations can be reported. In addition, this web service can be used to implement a preventative SoD whereby a user requesting a role from a third-party system can first be verified against Oracle Identity Analytics for any SoD.
Each web service has two parts: request parameters and the response. Request parameters such as SodState are used to request the corresponding Audit SoD, which returns a list of exceptions as a response.
WSDL stands for Web Services Description Language. It is an XML format that describes web services as a set of endpoints operating on messages, and that contains information on how to access them. It specifies the location of each service and the operations (or methods) the service exposes.
Use the following to access the Identity Audit Web Service WSDL through a browser:
http://server-name:port-number/rbacx/ws/auditService?wsdl
where server-name is the IP address or alias of the server on which Oracle Identity Analytics is running, and port-number is the port number of the application server that is listening to Oracle Identity Analytics calls.
Example:
http://localhost:8081/rbacx/ws/auditService?wsdl
In the previous example, localhost is the server name, and 8081 is the port number of the application server.
This section describes the web services used to get information from Oracle Identity Analytics regarding audit violations.
This web service returns all open audit exceptions. An AuditExceptionVO[] array object containing the information on audit exceptions is returned.
AuditExceptionVO[] getAllOpenAuditExceptions() throws RbacxServiceException
| Data Type | Description |
|---|---|
AuditExceptionVO[] |
An array of AuditExceptionVO value objects is returned. |
This web service returns all audit exceptions based on the state of the exception. The request parameter is the integer value indicating the state of the exception. An array of AuditExceptionVO[] objects containing audit exception information is returned.
public AuditExceptionVO[] getAuditExceptions(int state) throws RbacxServiceException
| Name | Data Type | Description |
|---|---|---|
state |
int |
Integer value indicating the state of exception. |
| Data Type | Description |
|---|---|
AuditExceptionVO[] |
An array of AuditExceptionVO value objects is returned. |
This web service marks the audit exception as "risk accepted." The request parameters are exceptionID, comments, and expireDate, and a Boolean flag is returned indicating the result of the action.
public boolean mitigateException(Long exceptionId, String comments, Date expireDate) throws RbacxServiceException
| Name | Data Type | Description |
|---|---|---|
exceptionID |
Long |
The audit exception that needs to be temporarily marked as risk accepted. |
comments |
String |
Comments explaining why the exception is to be marked as risk accepted. |
expireDate |
dateTime |
The date that the mitigation action expires. |
| Data Type | Description |
|---|---|
Boolean |
True if the audit exception is successfully mitigated; false otherwise. |
This web service checks for audit exceptions when changes are made to the accounts and roles of a user. The request parameters are user, modifiedAccounts, and roleVOs.
An AuditExceptionVO[] array is returned with the information on audit exceptions for that user.
public AuditExceptionVO[] checkForAuditExceptions(UserVO user, AccountVO[] modifiedAccounts, RoleVO[] roleVOs) throws RbacxServiceException
| Name | Data Type | Description |
|---|---|---|
user |
UserVO |
User name for which the exception needs to be checked. |
modifiedAccounts |
AccountVO[] |
An array of modified AccountVO objects. |
roleVOs |
RoleVO[] |
An array of RoleVO objects. |
| Data Type | Description |
|---|---|
AuditExceptionVO[] |
An array of AuditException value objects is returned. |