Event Data Publishing Reference Schemas and Sample Files
Defines schema and sample output code snippet of Oracle Access Governance components published to Oracle Cloud Infrastructure (OCI) Buckets and OCI Streams.
Header Schema and Sample Output Reference
There are headers related to event types, covering Day 0 and Day N export, and another event types, covering for publishing of data objects, which includes policies, identities, resources, and so on for create, update, and delete operations.
Day 0 Message Header Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"eventId": {
"type": "string"
},
"correlationId": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventTypeVersion": {
"type": "string"
},
"version": {
"type": "string"
},
"operation": {
"type": "string"
},
"messageType": {
"type": "string"
},
"eventType": {
"type": "string"
},
"opcRequestId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"serviceInstanceId": {
"type": "string"
}
},
"additionalProperties": false
}Day 0 Sample Header
{
"headers": {
"eventId": "752d5e14-a784-4d91-9cf4-57c0a72d7620",
"correlationId": "9a0041f5-f67f-4b06-8fbd-c9b64d1d5ee3",
"eventTime": "2024-09-05T16:57:59.922065942Z",
"eventTypeVersion": "1.0",
"version": "1.0",
"operation": "CREATE",
"messageType": "DAY0",
"eventType": "com.oracle.idm.agcs.data.enablement.DAY0",
"opcRequestId": "2cec8907-abcd-1234-be17-2dc91122/00ab2d02/2497,
"tenancyId": "ocid1.tenancy.oc1..aaaaaaaazp2vvzjsn6newkqrpkwndxpdoixtqfgyhnf4y24h7d5ny27h6f3q",
"serviceInstanceId": "ocid1.agcsgovernanceinstance.oc1.iad.amaaaaaaebkbezqawho7s4aseb4u43vrzy53yiv7ylgfjqk223wpjc7j4ubq"
}
}Day 0 Object Export Header Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"eventId": {
"type": "string"
},
"correlationId": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventTypeVersion": {
"type": "string"
},
"operation": {
"type": "string"
},
"messageType": {
"type": "string"
},
"status": {
"type": "string"
},
"eventType": {
"type": "string"
},
"opcRequestId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"serviceInstanceId": {
"type": "string"
}
},
"additionalProperties": false
}Sample Output: Day 0 Object Export Header
{
"headers": {
"eventId": "8787e121-abcd-1234",
"correlationId": "dc989b5c-abcd-1234",
"eventTime": "2024-08-27T21:44:15.274034651Z",
"eventType": "com.oracle.idm.agcs.data.enablement.policyStatement.created",
"eventTypeVersion": "1.0",
"operation": "CREATE",
"messageType": "TARGET_ACCESS_POLICY_STATEMENT",
"status": "IN_PROGRESS",
"opcRequestId": "2cec8907-abcd-1234-be17-2dc91122/00ab2d02/2497",
"tenancyId": "ocid1.tenancy.oc1..abcd1234",
"serviceInstanceId": "ocid1.dev.dev.1234"
}
}Day N Object Export Header Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"eventId": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventTypeVersion": {
"type": "string"
},
"operation": {
"type": "string"
},
"messageType": {
"type": "string"
},
"eventType": {
"type": "string"
},
"opcRequestId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"serviceInstanceId": {
"type": "string"
}
},
"additionalProperties": false
}Sample Output: Day 0 Object Export Header
{
"headers": {
"eventId": "b8bfe07f-1234",
"eventTime": "2024-05-18T23:19:56.360412Z",
"tenancyId": "ocid.tenancy.oc1.1234",
"serviceInstanceId": "ocid1.instance.oc1.1234",
"opcRequestId": "request-1234",
"eventType": "com.oracle.idm.agcs.cloudGroup.created",
"eventTypeVersion": "1.0",
"operation": "CREATE",
"messageType": "GROUP"
}
}Header Schema Attribute Definition
Here's the schema for Day 0 and Day N headers available in the output file.
Table - Header Schema Attribute Definition for Day 0
| Attributes | Description |
|---|---|
| correlationId | Unique identifier to correlate two or more events. For example, if a new resource is created and a new policy grants access to the resource, two events will be published and be identified with this identifier. |
| eventId | Unique identifier for each event published either to OCI Bucket or OCI Streams. It ensures that each event can be processed and traced distinctly. |
| eventTime | Timestamp when the event occurred with nanosecond
precision. This is required to consume data sequentially and
accurately.
Format:
|
| eventTypeversion | Schema version used for sending response for each event. If there are significant changes to schema, then version is updated. For more details, refer Semantic Versioning Guidelines. |
| messageType | Type of data component being published. For example, a few possible values: |
| operation | Basic operations associated with the data publishing event. It can be CREATE, UPDATE, DELETE. For some operations, such as policies, if you have to update a policy, events are published with a combination of Create and Delete operations than the update operation. |
| status | Event Publishing status. Possible values: START, IN PROGRESS, SUCCESS, FAILED. These are sent in the output files. However, on the Oracle Access Governance Console, you can see Success or Failure status. |
| eventType | Event value used by the service to track the event
operation. For example, if we add a new policy statement in a policy,
the value is
com.oracle.idm.agcs.data.enablement.policyStatement.created
|
| opcRequestId | Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. |
| tenancyId | Tenancy Oracle Cloud Identifier (OCID) where data is published by .Oracle Access Governance. |
| serviceInstanceId | Service Instance OCID of your Oracle Access Governance application. |
Audit History Schema and Sample Output File
Here's Audit History schema.
Audit Events Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"$defs": {
"AuditHeaders": {
"type": "object",
"additionalProperties": {
"type": "array",
"items": "string"
}
},
"AuditParameters": {
"type": "object",
"additionalProperties": {
"type": "array",
"items": "string"
}
},
"AuditIdentity": {
"type": "object",
"properties": {
"host": {
"type": "string"
},
"userAgent": {
"type": "string"
},
"principalId": {
"type": "string"
}
},
"additionalProperties": false
},
"AuditRequest": {
"type": "object",
"properties": {
"requestTime": {
"type": "integer",
"format": "date-time"
},
"id": {
"type": "string"
},
"path": {
"type": "string"
},
"action": {
"type": "string"
},
"parameters": {
"type": "object",
"existingJavaType": "Object"
},
"headers": {
"type": "object",
"existingJavaType": "Object"
},
"payload": {
"type": "object",
"existingJavaType": "Object"
}
},
"additionalProperties": false
},
"AuditResponse": {
"type": "object",
"properties": {
"responseTime": {
"type": "integer",
"format": "date-time"
},
"status": {
"type": "string"
},
"headers": {
"type": "object",
"existingJavaType": "Object"
},
"payload": {
"type": "object",
"existingJavaType": "Object"
}
},
"additionalProperties": false
},
"AuditStateChange": {
"type": "object",
"properties": {
"previous": {
"type": "object",
"existingJavaType": "Object"
},
"current": {
"type": "object",
"existingJavaType": "Object"
}
},
"additionalProperties": false
}
},
"type": "object",
"properties": {
"source": {
"type": "string"
},
"eventType": {
"type": "string"
},
"eventTypeVersion": {
"type": "string"
},
"contentType": {
"type": "string"
},
"region": {
"type": "string"
},
"availabilityDomain": {
"type": "string"
},
"identity": {
"$ref": "#/$defs/AuditIdentity"
},
"request": {
"$ref": "#/$defs/AuditRequest"
},
"response": {
"$ref": "#/$defs/AuditResponse"
},
"stateChange": {
"$ref": "#/$defs/AuditStateChange"
}
},
"additionalProperties": false,
"required": [
"eventType",
"source",
"identity"
]
}Sample Output Code Snippet
The data section of the JSONL contains details about an audit event related to creating an access bundle in Oracle Access Governance. The event type is com.example.idm.agcs.audit.permission-manager.createAccessBundle. In this example, the bundle named de-test was created with Active status, requiring no approval, and is managed by Ama Maclead.
{
"headers": {
"eventType": "com.example.idm.agcs.data.enablement.auditEvents",
"operation": "CREATE",
"messageType": "AUDIT_EVENTS",
"eventTime": "2025-03-11T15:54:27.324101844Z",
"tenancyId": "ocid1.tenancy.oc1..aaaaaaaahvjxelu7yccuhj3wrq5uqiybu7f5tfxvwteiwaupnlkj4woz6ybq",
"serviceInstanceId": "ocid1.notreviewedplaceholder.dev.dev.amaaaaaapzw5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq",
"opcRequestId": "c58addc8-21f8-44b7-bc52-622be741/a478894e-f008-47fb-839a-d56ca9bf/1CBBC187BDBAC903BE9719055AF7A296",
"eventTypeVersion": "1.0",
"eventId": "ebb9f39d-28c9-49ff-8313-b9d69a5ef73b"
},
"data": "{\"source\":\"permission-manager\",\"eventType\":\"com.example.idm.agcs.audit.permission-manager.createAccessBundle\",\"eventTypeVersion\":\"20230331\",\"contentType\":\"application/json\",\"region\":\"IAD\",\"availabilityDomain\":\"IAD_AD_1\",\"identity\":{\"host\":\"sept12-test-1-idatelmkmn63.campaign.access-governance.oci.oc-test.com\",\"userAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0\",\"principalId\":\"globalId.sept12-test-1-agent.18.w5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq\"},\"request\":{\"requestTime\":1741708466446,\"id\":\"c58addc8-21f8-44b7-bc52-622be741/xxxxxx-f008-47fb-839a-d56ca9bf\",\"path\":\"/pm/20230331/accessBundles\",\"action\":\"POST\",\"parameters\":{},\"headers\":{\"X-RESOURCE-ACCOUNT-GUID\":[\"idcs-cloudservices-us-phoenix-idcs-1\"],\"Origin\":[\"https://sept12-test-1-idatelmkmn63.campaign.access-governance.oci.oc-test.com\"],\"idcs_authn_strength\":[\"2\"],\"X-REQ-POLICY\":[\"mypolicy\"],\"User-Agent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0\"],\"X-RESOURCE-IDENTITY-SERVICE-GUID\":[\"idcs-824f604a4d4b48b8918cde1416682c66\"],\"Sec-Fetch-Dest\":[\"empty\"],\"Accept-Encoding\":[\"gzip, deflate, br, zstd\"],\"DNT\":[\"1\"],\"idcs_user_tenant_name\":[\"idcs-824f604a4d4b48b8918cde1416682c66\"],\"Sec-Fetch-Mode\":[\"cors\"],\"remote_user\":[\"AMACLEAD@TESTMAIL.COM\"],\"idcs_cloudgate_id\":[\"ag-idcs-app_APPID\"],\"X-RESOURCE-IDENTITY-DOMAIN-NAME\":[\"idcs-824f604a4d4b48b8918cde1416682c66\"],\"idcs_user_csr\":[\"false\"],\"X-RESOURCE-SERVICE-INSTANCE-IDENTITY-POLICYNAME\":[\"mypolicy\"],\"Cookie\":[\"*****\"],\"X-RESOURCE-LISTENER-PATH-PREFIX\":[\"/pm\"],\"Accept\":[\"*/*\"],\"Priority\":[\"u\\u003d0\"],\"X-USERID\":[\"e4b4b893e2f8448ab76bf5ba85dad344\"],\"idcs_user_id\":[\"e4b4b893e2f8448ab76bf5ba85dad344\"],\"Accept-Language\":[\"en-US,en;q\\u003d0.5\"],\"x-user-identity-domain-name\":[\"idcs-824f604a4d4b48b8918cde1416682c66\"],\"X-RESOURCE-LOGICAL-SERVICE-GUID\":[\"0747931e-0c54-4cb2-9ba5-7a2daf70ba20\"],\"opc-request-id\":[\"c58addc8-21f8-44b7-bc52-622be741/a478894e-f008-47fb-839a-d56ca9bf\"],\"X-USERNAME\":[\"Pre1 Ama Middle1 Maclead Suf1\"],\"X-RESOURCE-SERVICE-PERMANENT-HOST\":[\"sept12-test-1-idatelmkmn63.campaign.access-governance.oci.oc-test.com\"],\"idcs_user_assertion\":[\"*****\"],\"X-RESOURCE-SERVICE-INSTANCE-IDENTITY-APPNAME\":[\"AG-sept12-test-1_APPID\"],\"idcs_authn_method\":[\"oauth\"],\"X-RESOURCE-SERVICE-INSTANCE-POLICY-APPNAME\":[\"AG-sept12-test-1_APPID\"],\"x-user-identity-service-guid\":[\"idcs-824f604a4d4b48b8918cde1416682c66\"],\"idcs_user_display_name\":[\"Ama Maclead\"],\"WL-Proxy-SSL\":[\"true\"],\"X-POLICY-IDENTITY-SERVICE-GUID\":[\"idcs-824f604a4d4b48b8918cde1416682c66\"],\"X-RESOURCE-SUB-ACCOUNT-NAMES\":[\"idcs-cloudservices-us-phoenix-idcs-1\"],\"is_ssl\":[\"ssl\"],\"Sec-GPC\":[\"1\"],\"idcs_service_url\":[\"https://idcs-824f604a4d4b48b8918cde1416682c66.identity.oraclecloud.com:443\"],\"Content-Length\":[\"4415\"],\"idcs_session_id\":[\"6190bce48bdd4a8b8ad233e06e21e980:9cf06f\"],\"Content-Type\":[\"application/json\"],\"X-USERGROUPS\":[\"Auditor-Group,NewGrpCreate,QAGrp GA1,00jc,FlatFileMgr,joe-data,Administrators,AGCS_groot_001,ag_policy_user_test_group,AccessGovPPGrp5324_1,Auto_OCIGroup,AGCSGroup6658,API_NS_GROUP46,Nandha-test,EWBGroup1,agcs_cross,AGFFGrp5342,AdvancedGovernance,TestCreate2,TestPolicyagcs,QAGrp GA2,OCIMembGroup,TestAug29Nandhatest,Create1,hamburger,agcs_email_group,DataFeed_writer_access_group,Admin,Badge_Access,vasil-test-user,AGCS_Users,Test45Nandha,agcs_agent_users,AG_User\"],\"Referer\":[\"https://sept12-test-1-idatelmkmn63.campaign.access-governance.oci.oc-test.com/ui/access-bundle/create/\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"Host\":[\"sept12-test-1-idatelmkmn63.campaign.access-governance.oci.oc-test.com\"],\"X-RESOURCE-WEBTIER-POLICY-DISABLED\":[\"false\"],\"X-RESOURCE-SERVICE-INSTANCE-GUID\":[\"ocid1.notreviewedplaceholder.dev.dev.amaaaaaapzw5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq\"],\"idcs_remote_user\":[\"AMACLEAD@TESTMAIL.COM\"],\"X-RESOURCE-SERVICE-TYPE\":[\"AccessGovernance\"],\"idcs_remote_user_mappingattr\":[\"userName\"]}},\"response\":{\"responseTime\":1741708466994,\"status\":\"200\",\"headers\":{\"Content-Type\":[\"application/json\"]},\"payload\":{\"permissions\":[{\"id\":\"groups.ICF.e933985f-fd7c-487f-86f4-9743c5c7f4ed.2b512719820c9a2004c592558020f4f3\",\"name\":\"2222222\",\"type\":\"ENTITLEMENTS\",\"timeCreatedOn\":1.737460861402E12,\"resource\":{\"id\":\"resource.ICF.e933985f-fd7c-487f-86f4-9743c5c7f4ed.1313a1286b70dddd47d43ceb507d9f84\",\"name\":\"AD_FULL_DN_QA\",\"displayName\":\"AD_FULL_DN_QA\",\"type\":\"AD\"},\"entitlementType\":{\"id\":\"etype.ICF.e933985f-fd7c-487f-86f4-9743c5c7f4ed.4b32eb973e48ea15527a4fc67f17574e\",\"name\":\"icf.connector.entitlement.type.groups\",\"displayName\":\"Group\",\"externalId\":\"groups\"}}],\"id\":\"de8a3a17-fc25-492f-838d-bb323c4b22f4\",\"name\":\"de-test\",\"description\":\"\",\"requestableBy\":{\"id\":\"ANY\",\"name\":\"Anyone\",\"displayName\":\"Anyone\"},\"status\":\"Active\",\"approvalWorkflowId\":{\"id\":\"NO_APPROVAL_REQUIRED\",\"name\":\"No Approval Required\",\"displayName\":\"No Approval Required\"},\"target\":{\"id\":\"e933985f-fd7c-487f-86f4-9743c5c7f4ed\",\"name\":\"AD_FULL_DN_QA\",\"displayName\":\"AD_FULL_DN_QA\"},\"targetType\":\"ICF\",\"timeCreatedOn\":1.741708466865E12,\"timeUpdatedOn\":1.741708466865E12,\"ownershipCollectionId\":\"5da53d00-4cde-4309-a284-11c492aba2e0\",\"owners\":[{\"id\":\"globalId.sept12-test-1-agent.18.w5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq\",\"name\":\"Ama Maclead\",\"isPrimary\":true}],\"createdBy\":{\"id\":\"globalId.sept12-test-1-agent.18.w5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq\",\"name\":\"Ama Maclead\",\"displayName\":\"Ama Maclead\"},\"updatedBy\":{\"id\":\"globalId.sept12-test-1-agent.18.w5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq\",\"name\":\"Ama Maclead\",\"displayName\":\"Ama Maclead\"},\"customAttributes\":{},\"targetAttributes\":{\"accountAttributes\":[{\"name\":\"password\",\"title\":\"Password\",\"values\":[],\"type\":\"GuardedString\",\"children\":[],\"discriminator\":\"AccountPassword\",\"isQuestion\":false},{\"name\":\"organizationName\",\"title\":\"Organization\",\"values\":[\"OU\\u003dABC,DC\\u003dadlrg12c,DC\\u003dus,DC\\u003doracle,DC\\u003dcom\"],\"type\":\"String\",\"children\":[],\"isQuestion\":false},{\"name\":\"passwordNeverExpires\",\"title\":\"Password never expires\",\"values\":[\"false\"],\"type\":\"Boolean\",\"children\":[],\"isQuestion\":false},{\"name\":\"userMustChangePasswordAtNextLogon\",\"title\":\"User must change password at next logon\",\"values\":[\"false\"],\"type\":\"Boolean\",\"children\":[],\"isQuestion\":false},{\"name\":\"passwordNotRequired\",\"title\":\"Do not require a password\",\"values\":[\"false\"],\"type\":\"Boolean\",\"children\":[],\"isQuestion\":false},{\"name\":\"accountExpirationDate\",\"title\":\"Account expiration date\",\"values\":[],\"type\":\"String\",\"children\":[],\"isQuestion\":false},{\"name\":\"company\",\"title\":\"Company\",\"values\":[],\"type\":\"String\",\"children\":[],\"isQuestion\":true},{\"name\":\"manager\",\"title\":\"Manager\",\"values\":[],\"type\":\"String\",\"children\":[],\"isQuestion\":false},{\"name\":\"office\",\"title\":\"Office\",\"values\":[],\"type\":\"String\",\"children\":[],\"isQuestion\":true}],\"entitlementAttributes\":[{\"name\":\"groups.ICF.e933985f-fd7c-487f-86f4-9743c5c7f4ed.2b512719820c9a2004c592558020f4f3\",\"title\":\"2222222\",\"values\":[\"CN\\u003d2222222,OU\\u003dstaging_adgroup,OU\\u003dagcs-itsuite,DC\\u003dadlrg12c,DC\\u003dus,DC\\u003doracle,DC\\u003dcom\"],\"type\":\"RepeatableFieldSet\",\"entitlementType\":\"groups\",\"children\":[]}]},\"externalId\":\"ocid1.notreviewedplaceholder.dev.dev.amaaaaaapzw5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq\",\"isAgManaged\":true,\"displayName\":\"de-test\",\"isAccountProfileExists\":true,\"accountProfileId\":\"462ac465-c0a3-48d4-bb60-3c7b5cae0882\",\"accountProfileName\":\"AD_Profile_Jan21\",\"accessGuardrails\":[],\"createdByRef\":{\"value\":\"globalId.sept12-test-1-agent.18.w5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq\",\"displayName\":\"Ama Maclead\",\"resourceType\":\"AccessBundle\"},\"updatedByRef\":{\"value\":\"globalId.sept12-test-1-agent.18.w5rdiaifkgmp5r4e3e6u2vsmpomz2hwywo7maxrwy6zjr2wamq\",\"displayName\":\"Ama Maclead\",\"resourceType\":\"AccessBundle\"}}},\"stateChange\":{}}"
}Audit History Schema Attribute Definition
Here's the attribute definition for an Audit History output file, containing creation of access bundle event.
Table - Audit History Data Schema Attribute Definition
| Attributes | Description |
|---|---|
| data | Contains detailed request, response, identity, and event-related details. |
| source | Name of the Oracle Access Governance service that generated the event. For example, access bundle originate from source permission-manager.
|
| request | Details of the API request, if the event was triggered by an API request. |
| response | Details of the API response to the request if the event was triggered by an API request. |
| identity | The client identifiers and Oracle Access Governance global identity associated with the API request that triggered the event. |
| eventType | A unique identifier for the type of event that was generated. |
| eventTypeVersion | REST API version of the service that generated the event . |
| contentType |
The format of the data sent in the event |
| availabilityDomain | The OCI availability domain from which the event was generated. |
| stateChange | Details of changes in state of Oracle Access Governance resource. |
Access Bundle Schema and Sample Output File
Here's Access Bundle schema for creation, modification, and deletion.
Access Bundle Create/Update Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"displayName": {
"type": "string"
},
"referenceRequestId": {
"type": "string"
},
"requestableBy": {
"type": "string"
},
"status": {
"type": "string"
},
"approvalWorkflow": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/approvalWorkflow.json"
},
"accessGuardrailIds": {
"type": "array",
"items": {
"type": "string"
}
},
"targetId": {
"type": "string"
},
"tags": {
"type": "string"
},
"classifications": {
"type": "string"
},
"accessBundleType": {
"type": "string"
},
"permissionIds": {
"type": "array",
"items": {
"type": "string"
}
},
"createdBy": {
"type": "string"
},
"createdByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"createdOn": {
"type": "integer"
},
"updatedBy": {
"type": "string"
},
"updatedByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"updatedOn": {
"type": "integer"
},
"agManaged": {
"type": "boolean"
},
"managedByIds": {
"type": "array",
"items": {
"type": "string"
}
},
"owner": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"ownerShipCollectionId": {
"type": "string"
},
"ownerUIDs": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"id"
]
}
}Access Bundle Delete Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
}Sample Output Code Snippet
{
"headers": {
"eventId": "3d69xx10-0183-4abe-a813-2469b02de0xx",
"correlationId": "838exx73d-3fc2-42fd-9469-e52fb3b76xx",
"eventTime": "2025-02-12T17:11:15.816211Z",
"eventType": "com.oracle.idm.agcs.data.enablement.accessBundle.created",
"eventTypeVersion": "1.0",
"operation": "CREATE",
"messageType": "ACCESS_BUNDLE",
"status": "IN_PROGRESS",
"opcRequestId": "oci-BAE8B2xx9941CDD-202502121711/51051CFFE76EFAE84DAE1B3C22ABCF61/BCB684CC00A2F596FC28902A234FBAFE",
"tenancyId": "ocid1.tenancy.oc1..axxxxxxxvhjxelu7yccuhj3wrq5uqiybu7f5tfxvwteiwaupnlkj4woz6ybq",
"serviceInstanceId": "ocid1.notreviewedplaceholder.dev.dev.amaxxxxxxzw5rdiarmplc2m2fwyd4z3h7gbxkwkasgeu64a7n6kx5ulgsbaa"
},
"id": "68cbxxxx-7c1f-4e29-b1c0-8b3cc9d311xx",
"externalId": "ocid1.notreviewedplaceholder.dev.dev.amaxxxxxxzw5rdiarmplc2m2fwyd4z3h7gbxkwkasgeu64a7n6kx5ulgsbaa",
"name": "AG_System_Shared_groups.ICF.VisionDirectory.e3bxxc25839ed26ce3083fd65d966e29",
"description": "AG_System_Shared_MS_8740_MT_xx",
"displayName": "AG_System_Shared_MS_8740_MT_xx",
"requestableBy": "ANY",
"status": "ACTIVE",
"approvalWorkflow": {
"id": "NO_APPROVAL_REQUIRED"
},
"targetId": "1ce4xx23-fc60-4dc4-9926-16ec93a4e6xx",
"accessBundleType": "ACCESS_BUNDLE",
"permissions": [
"groups.ICF.VisionDirectory.e3bxxc25839ed26ce3083fd65d966e29"
],
"createdBy": "AG_System_Shared",
"createdOn": 1702546950027,
"updatedBy": "AG_System_Shared",
"updatedOn": 1702546950027,
"agManaged": false
}Access Bundle Schema Attribute Definition
Here's the attribute definition for an Access Bundle output file.
Table - Access Bundle Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for each access bundle. |
| externalId | External system identifier for the system. |
| name | Name of the Access Bundle. |
| description | Description of Access Bundle. |
| displayName | Display name of the access bundle. |
| requestableBy | The identity type that may request the Access Bundle. For example, ANY or NONE.
|
| status |
Status of the Access Bundle. For example, |
| approvalWorkflow | The id of the approval workflow that is applicable to the Access Bundle. |
| targetId | Orchestrated system identifier. |
| accessBundleType | ACCESS_BUNDLE |
| permissions | Lists the specific permissions associated with this Access Bundle. |
Access Guardrails Reference Schema and Sample Output File
Here's Access Guardrails schema for creation, modification, and deletion.
Access Guardrails Create/Update Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"$defs": {
"BasicCondition": {
"type": "object",
"properties": {
"dataType": {
"type": "string"
},
"displayName": {
"type": "string"
},
"lhs": {
"type": "string"
},
"operator": {
"type": "string"
},
"rhs": {
"type": "array",
"items": {
"type": "string"
}
},
"rhsUiDetails": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
}
}
},
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"etag": {
"type": "string"
},
"tags": {
"type": "string"
},
"isDetectiveViolationCheckEnabled": {
"type": "boolean"
},
"lifecycleState": {
"type": "string"
},
"rules": {
"type": "array",
"items": {
"type": "object",
"properties": {
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"additionalAttributes": {
"type": "object"
},
"basicCondition": {
"$ref": "#/$defs/BasicCondition"
},
"childConditions": {
"type": "array",
"items": {
"$ref": "#/$defs/BasicCondition"
}
},
"type": {
"type": "string"
}
}
}
},
"id": {
"type": "string"
},
"operator": {
"type": "string"
},
"type": {
"type": "string",
"const": "DEFAULT"
}
}
}
},
"actionOnFailure": {
"type": "object",
"properties": {
"actionType": {
"type": "string"
},
"revokeLaterAfterNumberOfDays": {
"type": "integer"
},
"risk": {
"type": "string"
},
"shouldUserManagerBeNotified": {
"type": "boolean"
}
}
},
"createdByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"updatedByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"owner": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"ownerShipCollectionId": {
"type": "string"
}
}
}
}Access Guardrails Delete Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"required": [
"id"
]
}Sample Output Code Snippet
{
"headers": {
"eventId": "f56fxxx4-8978-41fb-9c65-4d76c62dxxxx",
"correlationId": "06c5xxxda-1197-4bbb-af61-f52b3c3axx",
"eventTime": "2025-02-13T20:06:46.552420Z",
"eventType": "com.oracle.idm.agcs.data.enablement.accessGuardrail.created",
"eventTypeVersion": "1.0",
"operation": "CREATE",
"messageType": "ACCESS_GUARDRAIL",
"status": "IN_PROGRESS",
"opcRequestId": "oci-6274xxx9150164E-202502132006/8BA77549ECC927ABE9AF11A5C8C36634/85A585D070E8CCCEA80DA02F16D22FD8",
"tenancyId": "ocid1.tenancy.oc1..axxaaaaahvjxelu7yccuhj3wrq5uqiybu7f5tfxvwteiwaupnlkj4woz6ybq",
"serviceInstanceId": "ocid1.agcsgovernanceinstance.dev.dev.amxxxxxxpzw5rdiax5zfaryw34s3l763zzn7lzott4cvv2d4bqb6lmzhqmiq"
}
}{
"id": "1a1xxx8c-18f2-42f2-979d-ebd06adaxxxx",
"externalId": "1a1xxx8c-18f2-42f2-979d-ebd06adaxxxx",
"name": "MS_LowRisk",
"description": "MS_LowRisk",
"etag": "5fa7xxxface30e64407aec2349cb5d056aaaf9705d9d0a4caac7c15b799d7904343",
"tags": "",
"isDetectiveViolationCheckEnabled": false,
"lifecycleState": "ACTIVE",
"rules": [
{
"conditions": [
{
"basicCondition": {
"dataType": "String",
"displayName": "Location",
"lhs": "addresses.country",
"operator": "Eq",
"rhs": ["AD"],
"rhsUiDetails": []
},
"childConditions": [],
"type": "IDENTITY_ATTRIBUTE"
}
],
"id": "b2e0xxx05-baca-4d56-953c-fb8cbf508xxx",
"operator": "OR",
"type": "DEFAULT"
}
],
"actionOnFailure": {
"actionType": "REVOKE_LATER",
"revokeLaterAfterNumberOfDays": 1.0,
"risk": "LOW",
"shouldUserManagerBeNotified": false
},
"createdByRef": {
"displayName": "Ama Maclead",
"resourceType": "ACCESS_GUARDRAIL",
"value": "globalId.OCI.xxx98-5989-4da8-b35b-ede2039defxxx"
},
"updatedByRef": {
"displayName": "Ama Maclead",
"value": "globalId.OCI.xxx98-5989-4da8-b35b-ede2039defxxx"
},
"owner": {
"displayName": "Ama Maclead",
"value": "globalId.OCI.xxx98-5989-4da8-b35b-ede2039defxxx"
},
"ownerShipCollectionId": "38a8xxx4-db2f-4556-bb2b-804def74dxxx"
}Access Guardrails Schema Attribute Definition
Here's the attribute definition for an Access Guardrails output file.
Table - Access Guardrails Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for access guardrails. |
| externalId | External system identifier for tracking. This is same as id for access guardrails,as it is created within Oracle Access Governance. |
| name | Name of access guardrails. |
| description | Identifier for the type of permission granted. |
| isDetectiveViolationCheckEnabled | Boolean flag indicating if violation detection is enabled. |
| lifecycleState |
The current state of the access guardrails. For example, |
| rules | List of conditions for the access guardrails. |
| conditions | Specific constraints what you want to enforce. |
| actionOnFailure | Specifies the action or operation that Oracle Access Governance must perform when an access guardrails violation is triggered. The failure action is governed by actionType (e.g., REVOKE_LATER or REVOKE_IMMEDIATELY)
|
| createdByRef | Reference to the who created the Access Guardrails. |
Identity Reference Schema and Sample Output File
Here's Identity schema for creation, modification, and deletion.
Identity Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "identities",
"type": "array",
"items": {
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"messageType": {
"type": "string"
},
"correlationId": {
"type": "string"
},
"globalIdentity": {
"type": "object",
"properties": {
"identity": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/identity.json"
},
"attributes": {
"type": "object",
"properties": {
"clearance": {
"type": "string"
},
"employeeNumber": {
"type": "string"
}
}
},
"id": {
"type": "string"
},
"targetIdentities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"targetId": {
"type": "string"
},
"identity": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/identity.json"
},
"externalId": {
"type": "string"
},
"id": {
"type": "string"
},
"domainId": {
"type": "string"
}
}
}
}
}
}
}
},
"operation": {
"type": "string"
},
"timestamp": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"globalIdentity"
]
}
}Identity Modification Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "identities",
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"messageType": {
"type": "string"
},
"correlationId": {
"type": "string"
},
"globalIdentity": {
"type": "object",
"properties": {
"identity": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/identity.json"
},
"attributes": {
"type": "object",
"properties": {
"clearance": {
"type": "string"
},
"employeeNumber": {
"type": "string"
}
}
},
"id": {
"type": "string"
},
"targetIdentities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"targetId": {
"type": "string"
},
"identity": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/identity.json"
},
"externalId": {
"type": "string"
},
"id": {
"type": "string"
},
"domainId": {
"type": "string"
}
}
}
}
}
}
}
},
"operation": {
"type": "string"
},
"timestamp": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"globalIdentity"
]
}Identity Deletion Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "identities",
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"globalIdentity": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"targetIdentities": {
"type": "array",
"items": {
"properties": {
"targetIdentity": {
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"globalIdentity"
]
}Sample Output Code Snippet
{
"globalIdentity": {
"id": "globalId.ICF.EBS_HRMS_STAGE.f014bda5ef4003efa0d8149e59216953",
"identity": {
"agStatus": "AG_ACTIVE",
"agSubType": "WORKFORCE",
"agRisk": {
"value": 0,
"customAttributes": {}
},
"agOrganizations": [
{
"value": "ba987bed-15ae-47a2-a5b0-265432568ed0",
"displayName": "PERF_ORGANIZATION-1708541816625"
},
{
"value": "4bf99c0b-ae99-4787-a318-b5eb1e30b89d",
"displayName": "PERF_ORGANIZATION-1708541866473"
}
],
"customAttributes": {
"dateOfBirth": 56160000000,
"businessGroupId": "7328",
"supervisorName": "Ivanchuk, Mr. Dmytro",
"personType": "8351",
"personId": "28727",
"grade": "Professional.1",
"maritalStatus": "S",
"nationality": "UKR",
"job": "Buyer",
"startDate": 828921600000
},
"department": "Purchasing",
"displayName": "Ivan Shevchuk",
"emails": [
{
"value": "Ivan.Shevchuk@example.com"
}
],
"name": {
"familyName": "Shevchuk",
"givenName": "Ivan"
},
"organization": {},
"primaryEmail": "Ivan.Shevchuk@example.com",
"status": "Active",
"title": "MR.",
"userName": "28727"
},
"targetIdentities": [
{
"id": "targetId.account.ICF.EBS-UM.bdf6f156f130553394a859e02f793182",
"externalId": "1015628",
"targetId": "a83f87df-75ca-4c4d-966a-2928626e82b8",
"identity": {
"customAttributes": {
"operationType": "CREATE_OR_UPDATE",
"passwordExpireType": "None",
"effectiveStartDate": 1689206400000,
"roles": []
},
"name": {},
"primaryEmail": "Ivan.Shevchuk@example.com",
"status": "true"
}
},
{
"id": "targetId.account.ICF.EBS_HRMS_STAGE.f014bda5ef4003efa0d8149e59216953",
"externalId": "28727",
"targetId": "f2a858e5-c449-4a5a-9714-c2e7471b1d2a",
"identity": {
"customAttributes": {
"personType": "8351",
"title": "MR.",
"businessGroupId": "7328",
"dateOfBirth": 56160000000,
"employeeNumber": "4",
"assignments": [
{
"element": {
"organizationId": "7376",
"UID": "28936",
"jobId": "30930",
"gradeId": "18000",
"supervisorId": "28725",
"effectiveDate": "828921600000"
}
}
],
"hireDate": 828921600000,
"gender": "M",
"maritalStatus": "S",
"operationType": "CREATE_OR_UPDATE",
"nationality": "UKR",
"lastName": "Shevchuk",
"firstName": "Ivan",
"addresses": []
},
"name": {},
"primaryEmail": "Ivan.Shevchuk@example.com",
"status": "true"
}
}
]
}
}Identity Schema Attribute Definition
Here's the attribute definition for an identity export file.
Table - Identity Schema Attribute Definition for Day 0
| Attributes | Description |
|---|---|
| globalIdentity | Composite identity profile object used by Oracle Access Governance as a source of truth to perform various governance and provisioning operations. It contains access profile details, including core and custom attributes. For more information, refer to Identities Access Details Reference, |
| globalIdentity → id | Unique identifier for the resource within Oracle Access Governance. This also includes the orchestrated system information from where the resource value is ingested. |
| targetIdentities | Orchestrated identity object integrated with Oracle Access Governance and matched with the composite identity profile. |
| targetIdentities → id | Unique identifier for the resource within Oracle Access Governance. In this case, it depicts orchestrated system integrated with Oracle Access Governance. This includes the orchestrated system name identifier. |
| targetId | Unique identifier for the orchestrated system integrated with Oracle Access Governance. |
Group Reference Schema and Sample Output File
Here's group schema for creation, modification, and deletion.
Group Created/Updated Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"domainId": {
"type": "string"
},
"compartmentId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"add": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/group/identities.json"
},
"remove": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/group/identities.json"
}
}
},
"additionalProperties": false,
"required": [
"id"
]
}Group Identities Modification Sub-Schema
Whenever identities in the group changes.
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"identities": {
"type": "array",
"items": {
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetIdentityId": {
"type": "string"
}
}
}
}
}
}Group Deleted Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
}Sample Output Code Snippet
[
{
"id": "group.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.50cbbfe63d291f31cbcb6e4f948445f7",
"domainId": "resource.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.acbae60a4440ffff0b51950c34c3c6e6",
"compartmentId": "resource.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.ff11b1e772ef27a021fc45519970f965",
"externalId": "ocid1.group.oc1..aaaaaaaag5ltzaypusliz5owrqshcrd6kvtiy7gz3eqfha22bpfvgxzlscxq",
"targetId": "435e1c98-5989-4da8-b35b-ede2039defa0",
"name": "ab-testgroup1",
"add": {
"identities": [
{
"id": "globalId.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.8cbb3bb593396504e540b75c4900d59e",
"externalId": "fec6a739324843ecbc7d6add45180b58",
"targetIdentityId": "targetId.account.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.8cbb3bb593396504e540b75c4900d59e"
}
]
},
"remove": {
"identities": []
}
},
{
"id": "group.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.53b402291db7755134f6663ff22cd1a7",
"domainId": "resource.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.acbae60a4440ffff0b51950c34c3c6e6",
"compartmentId": "resource.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.ff11b1e772ef27a021fc45519970f965",
"externalId": "ocid1.group.oc1..aaaaaaaaz2oxykpn5cn6ex2jfbgaymtsmalmltopeuu4acmfmwsq4cv55gia",
"targetId": "435e1c98-5989-4da8-b35b-ede2039defa0",
"name": "grp-lca1s",
"add": {
"identities": [
{
"externalId": "ff09a2c5bee34be0ad88564381f93fbd",
"targetIdentityId": "targetId.account.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.a30f20e40ac98bbc43a6b0c0387cf196"
},
{
"id": "globalId.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.8cbb3bb593396504e540b75c4900d59e",
"externalId": "fec6a739324843ecbc7d6add45180b58",
"targetIdentityId": "targetId.account.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.8cbb3bb593396504e540b75c4900d59e"
}
]
},
"remove": {
"identities": []
}
}Group Schema Attribute Definition
Here's the attribute definition for a group export file. You'll only be able to publish OCI group details.
Table - Group Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for the resource within Oracle Access Governance. This also includes the orchestrated system information from where the resource value is ingested. |
| domainId | Unique domain identifier (OCID) associated with the identity collection (IAM group) ingested into Oracle Access Governance. This is applicable only for OCI orchestrated system and contains OCI IAM groups. |
| externalId | Refers to OCID of the object on the OCI console. For an
OCI group, the external id may look like
ocid1.group.oc1.ab1234a |
| compartmentId | Unique compartment identifier (OCID) associated with the identity collection. This is applicable only for OCI orchestrated system and contains OCI IAM groups. |
| name | Identity collection name. |
| description | Identity collection description. |
| add | Array of identities included in the identity collection. |
| remove | Array of identities excluded from this identity collection. Update and Create operations share the same schema. However, when a new identity collection is created, you'll not receive any identities in this attribute. |
Global Identity Collection Reference Schema and Sample Output File
Here's Global identity collection schema for creation, modification, and deletion.
Global Identity Collection Created/Updated Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"name": {
"type": "string"
},
"displayName": {
"type": "string"
},
"identityCollectionId": {
"type": "string"
},
"identityCollectionDescription": {
"type": "string"
},
"identityCollectionType": {
"type": "string"
},
"isManagedAtTarget": {
"type": "string"
},
"targetId": {
"type": "string"
},
"status": {
"type": "string"
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
},
"createdBy": {
"type": "string"
},
"createdByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"createdOn": {
"type": "integer"
},
"updatedBy": {
"type": "string"
},
"updatedByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"updatedOn": {
"type": "integer"
},
"agRisk": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/agRisk.json"
},
"agManaged": {
"type": "boolean"
},
"managedByIds": {
"type": "array",
"items": {
"type": "string"
}
},
"owner": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"ownerShipCollectionId": {
"type": "string"
},
"ownerUIDs": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"id"
]
}
}Global Identity Collection Deleted Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
}Sample Output Code Snippet
[
{
"agManaged": true,
"displayName": "MS_Testing_Creater",
"identityGroupType": "HUMAN",
"membershipRule": "",
"identityGroupDescription": "",
"managedByIds": [],
"tags": [],
"name": "MS_Testing_Creater",
"status": "ACTIVE",
"createdBy": "globalId.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.e316de730fdbd176fceb9a39cd0c5199",
"updatedBy": "AG_System",
"createdOn": 1729868777184,
"updatedOn": 1739700586808,
"isManagedAtTarget": "false",
"membersCount": 4.0,
"agRisk": {
"value": 1.0,
"customAttributes": {}
},
"currentMembers": 4.0,
"expectedMembers": 1.0,
"createdByRef": {
"value": "globalId.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.e316de730fdbd176fceb9a39cd0c5199",
"displayName": "Ama Maclead",
"resourceType": "IDENTITY_GROUP"
},
"updatedByRef": {
"value": "AG_System",
"displayName": "AG System",
"resourceType": "IDENTITY_GROUP"
},
"owner": {
"value": "globalId.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.e316de730fdbd176fceb9a39cd0c5199",
"displayName": "Ama Maclead"
},
"ownerShipCollectionId": "f60c54b8-6cda-4e54-ae54-793b877cee80",
"id": "00074b25-d331-449e-a496-636f556ccabe",
"externalId": "ocid1.agcsgovernanceinstance.dev.dev.amaaaaaapzw5rdiax5zfaryw34s3l763zzn7lzott4cvv2d4bqb6lmzhqmiq",
"schemas": [],
"meta": {
"resourceType": "IDENTITY_GROUP",
"created": 1729868777184,
"lastModified": 1739700586818
}
},
{
"agManaged": false,
"displayName": "jh-test-groupC",
"identityGroupType": "OCI_GROUP",
"membershipRule": "",
"managedByIds": [],
"name": "jh-test-groupC_accessgovtest_Default_accessgovtest",
"status": "ACTIVE",
"createdBy": "AG_System",
"updatedBy": "AG_System",
"createdOn": 1729164621130,
"updatedOn": 1739700455175,
"customAttributes": {
"compartmentFQN": "accessgovtest",
"ocid": "ocid1.group.oc1..aaaaaaaaaohimj6cm4pvztilf3afvqbjhp6ozeihks54xrfdwpq6wzgt6r4a",
"domainOCID": "ocid1.domain.oc1..aaaaaaaayrdl7hgnjeqbpi4nvt72hxtki4uw7o5zif4j3zfh7zpfc6truzoq",
"cloudAccountName": "accessgovtest",
"domainId": "resource.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.acbae60a4440ffff0b51950c34c3c6e6",
"roleAssignments": [],
"compartmentId": "resource.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.ff11b1e772ef27a021fc45519970f965",
"compartmentOCID": "ocid1.tenancy.oc1..aaaaaaaazp2vvzjsn6newkqrpkwndxpdoixtqfgyhnf4y24h7d5ny27h6f3q",
"idcsId": "077d73db4c344f2bbf2d18a11a6550b7",
"mappedTo": [],
"compartmentName": "accessgovtest",
"domainName": "Default",
"mappedFrom": [],
"tags": [],
"isReviewable": true
},
"isManagedAtTarget": "false",
"membersCount": 0.0,
"agRisk": {
"value": 0.0,
"customAttributes": {}
},
"currentMembers": 0.0,
"expectedMembers": 2.0,
"createdByRef": {
"value": "AG_System",
"displayName": "AG System",
"resourceType": "IDENTITY_GROUP"
},
"updatedByRef": {
"value": "AG_System",
"displayName": "AG System",
"resourceType": "IDENTITY_GROUP"
},
"owner": {},
"id": "0028ba84-1029-4fcd-aa61-b30f6b730f29",
"externalId": "group.OCI.435e1c98-5989-4da8-b35b-ede2039defa0.55702b2d2cfdb76a5539e2c310e0751b",
"schemas": [],
"meta": {
"resourceType": "IDENTITY_GROUP",
"created": 1729164621130,
"lastModified": 1739700455183
}
}
]Global Identity Collection Schema Attribute Definition
Here's the attribute definition for the global identity collection managed by or ingested into Oracle Access Governance.
Table - Global Identity Collection Schema Attribute Definition
| Attributes | Description |
|---|---|
| agManaged | Indicated if the identity collection is managed by Oracle Access Governance. |
| displayName | Identity collection display name. |
| identityGroupType | Specifies the type of identity group (HUMAN or OCI_GROUP).
|
| membershipRule | Defines rules for membership criteria based on certain conditional statements. |
| managedByIds | List of IDs managing this identity group. |
| tags | Any associated tags for categorization |
| name | Identity Collection name. |
| status | Current status of the identity collection. (For example, ACTIVE, DRAFT, and so on).
|
| createdBy | Identity that created the group. For OCI Identity Collections, it is AG System.
|
| currentMembers | Number of active members in the group. |
| expectedMembers | Expected number of members based on rules. |
Cloud Policies Reference Schema and Sample Output File
Here's cloud policy schema for creation and deletion.
Policies Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"cloudType": {
"type": "string"
},
"compartmentId": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"policyStatementId": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"statement": {
"type": "string"
},
"subjects": {
"type": "array",
"items": {
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"type": {
"type": "string"
}
}
}
},
"verb": {
"type": "string"
},
"resourceType": {
"type": "string"
},
"location": {
"type": "object",
"properties": {
"compartment": {
"type": "string"
}
}
},
"tags": {
"type": "object"
}
}
},
"additionalProperties": false,
"required": [
"id"
]
}Policies Modification Schema
Policy Modifications are handled using a combination of create and delete operations. To update a policy, existing policy is first deleted before replacing it with a policy with new parameters.
Policies Deletion Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
},
"additionalProperties": false,
"required": [
"id"
]
}
}Sample Output Code Snippet
{
"headers": {
"eventId": "8788h161-acde-43a4-87e4-b6f01ca3aaf0",
"correlationId": "dc98e55c-f574-422f-a9ce-326fce9d9edc",
"eventTime": "2024-08-27T21:44:15.274034651Z",
"eventType": "com.oracle.idm.agcs.data.enablement.policyStatement.created",
"eventTypeVersion": "1.0",
"operation": "CREATE",
"messageType": "TARGET_ACCESS_POLICY_STATEMENT",
"status": "IN_PROGRESS",
"opcRequestId": <opc-request-id>,
"tenancyId": <tenancy-id>,
"serviceInstanceId": <service-instance-ocid>
},
"data": "[{\"id\":\"tapolicy.OCI.agcusttokyo.aed5bbcee30da0a828e76f01deef7090\",\"externalId\":\"ocid1.policy.oc1..aaaaaaaabgvxsco3avg772ehflmwvljaur75zvzdwh6y7wqhzhvcvp2mxtha\",\"targetId\":\"fdb6c5f7-6e3a-4f36-9dd0-a17993be389f\",\"policyStatementId\":\"tapolicystmt.OCI.agcusttokyo.a72df097dce1deecf8606c59b6dec588\",\"name\":\"DummyPolicy20Nov\",\"description\":\"DummyPolicy20Nov\",\"statement\":\"Allow group \\u0027TestAlpha\\u0027/\\u0027ComputeGroup\\u0027 to manage instance-family in tenancy\",\"subjects\":[{\"id\":\"TestAlpha/ComputeGroup\"}],\"verb\":\"MANAGE\",\"resourceTypes\":[\"VolumeAttachment\",\"InstanceConsoleConnection\",\"Instance\",\"AppCatalogListing\",\"ComputeCapacityReservation\",\"DedicatedVmHost\",\"AutoScalingConfiguration\",\"InstanceAgentCommand\",\"ConsoleHistory\"],\"location\":{\"compartment\":\"agcusttokyo\"}},{\"id\":\"tapolicy.OCI.agcusttokyo.aed5bbcee30da0a828e76f01deef7090\",\"externalId\":\"ocid1.policy.oc1..aaaaaaaabgvxsco3avg772ehflmwvljaur75zvzdwh6y7wqhzhvcvp2mxtha\",\"targetId\":\"fdb6c5f7-6e3a-4f36-9dd0-a17993be389f\",\"policyStatementId\":\"tapolicystmt.OCI.agcusttokyo.08940cfb6db80a7d9b4027e3c9994d51\",\"name\":\"DummyPolicy20Nov\",\"description\":\"DummyPolicy20Nov\",\"statement\":\"Allow group \\u0027TestAlpha\\u0027/\\u002726DecCloudCompute\\u0027 to read app-catalog-listing in tenancy\",\"subjects\":[{\"id\":\"TestAlpha/26DecCloudCompute\"}],\"verb\":\"READ\",\"resourceTypes\":[\"AppCatalogListing\"],\"location\":{\"compartment\":\"agcusttokyo\"}}]"
}Cloud Policies Schema Attribute Definition
Here's the attribute definition for cloud policy that grants access to resources.
Table - Cloud Policy Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for the policy assigned within Oracle Access Governance. |
| cloudType | Indicates that policy applies to OCI. |
| compartmentId | Unique compartment identifier (OCID) associated with the policy. This is applicable only for OCI policies. |
| externalId | Unique policy identifier in OCI, called OCID. For policy,
the external id may look like
ocid1.policy.oc1.aa1234 |
| policyStatementId | Unique identifier for each policy statement associated with the policy. |
| name | Cloud policy name. |
| description | Cloud policy description |
| statement | Policy rules governing control of resources. Each policy consists of one or more policy statements |
| subjects | Array of principals to which the access is granted by this policy, for example, IAM group-name. |
| verb | Access grant type assigned to a resource by using verbs
in the policy. Possible verbs may be inspect,
read, use,
inspect. manage.
|
| resourceType | Array of resource types associated with a policy. It can
be family resource-type or individual resource-type. For example,
instance, volumes,
volume-family, and so on. For more information, see
Resource Types in
OCI.
|
| location | Scope of access granted through this policy, such as specific compartment or entire tenancy. |
Policy Schema and Sample Output File
Here's policy schema for creation, modification, and deletion. It contains policy rules and statements that govern access to resources.
Policy Created/Updated Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"externalId": {
"type": "string"
},
"description": {
"type": "string"
},
"displayName": {
"type": "string"
},
"status": {
"type": "string"
},
"isTransformedPolicy": {
"type": "string"
},
"constraints": {
"type": "string"
},
"tags": {
"type": "string"
},
"policyType": {
"type": "string"
},
"policyVersion": {
"type": "string"
},
"targetId": {
"type": "string"
},
"targetPolicyId": {
"type": "string"
},
"policyRules": {
"type": "array",
"items": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/policyRule.json"
}
},
"createdBy": {
"type": "string"
},
"createdByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"createdOn": {
"type": "integer"
},
"updatedBy": {
"type": "string"
},
"updatedByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"updatedOn": {
"type": "integer"
},
"agRisk": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/agRisk.json"
},
"agManaged": {
"type": "boolean"
},
"managedByIds": {
"type": "array",
"items": {
"type": "string"
}
},
"owner": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"ownerShipCollectionId": {
"type": "string"
},
"ownerUIDs": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"id"
]
}
}Policy Rule sub-schema
Whenever policy rules change for a policy, it uses the following schema.
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"assignmentId": {
"type": "string"
},
"containerId": {
"type": "string"
},
"accessBundleId": {
"type": "string"
},
"identityAttributes": {
"type": "string"
},
"identityCollectionId": {
"type": "string"
},
"identityId": {
"type": "string"
},
"operationId": {
"type": "string"
},
"parsedOn": {
"existingJavaType": "Long",
"type": "integer"
},
"permissionAttributes": {
"type": "string"
},
"policyRuleVersion": {
"type": "string"
},
"referenceRequestId": {
"type": "string"
},
"resourceBundleId": {
"type": "string"
},
"resourceId": {
"type": "string"
},
"roleId": {
"type": "string"
},
"ruleAction": {
"type": "string"
},
"ruleConstraints": {
"type": "string"
},
"ruleStatement": {
"type": "string"
},
"ruleStatus": {
"type": "string"
},
"ruleType": {
"type": "string"
},
"ruleVerb": {
"type": "string"
},
"targetId": {
"type": "string"
},
"targetIdentityId": {
"type": "string"
},
"createdBy": {
"type": "string"
},
"createdOn": {
"type": "integer"
},
"updatedBy": {
"type": "string"
},
"updatedOn": {
"type": "integer"
}
}
}Policy Deleted Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
}Sample Output Code Snippet
{
"id": "d1a34f78-5bdc-4e9d-bc6e-3fbb134f76a2",
"name": "Dev_Policy",
"displayName": "Development Access Policy",
"status": "ACTIVE",
"policyType": "STANDARD_POLICY",
"policyVersion": "1",
"policyRules": [
{
"id": "f23a6c89-1bd1-4d76-98bc-e4c3a75d68e2",
"ruleAction": "Assign",
"ruleStatement": "Assign access-bundle [Dev_Env_Access] to identity-group [Development_Team]",
"ruleStatus": "ACTIVE",
"ruleType": "RBAC_RULE"
}
]
},
{
"id": "b6f29a32-9fdc-4a6e-a34b-5cd761f84b73",
"name": "QA_Policy",
"displayName": "Quality Assurance Access Policy",
"status": "ACTIVE",
"policyType": "STANDARD_POLICY",
"policyVersion": "1",
"policyRules": [
{
"id": "e7a54b21-3c8d-496f-91ea-5c32b764f3d9",
"ruleAction": "Assign",
"ruleStatement": "Assign access-bundle [QA_Testing_Env_Access] to identity-group [QA_Team]",
"ruleStatus": "ACTIVE",
"ruleType": "RBAC_RULE"
}
]
},
{
"id": "a9d45162-5f7e-47ca-a215-8b6c7f90e372",
"name": "DevOps_Policy",
"displayName": "DevOps Access Policy",
"status": "ACTIVE",
"policyType": "STANDARD_POLICY",
"policyVersion": "1",
"policyRules": [
{
"id": "c5b687f4-2a8d-41fb-b9ec-f3a9d76c5e91",
"ruleAction": "Assign",
"ruleStatement": "Assign access-bundle [DevOps_Admin_Access] to identity-group [DevOps_Team]",
"ruleStatus": "ACTIVE",
"ruleType": "RBAC_RULE"
}
]
}Policy Schema Attribute Definition
Here's the attribute definition for an policy output file.
Table - Policy Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for each policy. |
| name | Name of the policy. |
| displayName | Display name of the policy. |
| requestableBy | The identity type that may request the Access Bundle. For
example, ANY or NONE.
|
| status |
Status of the policy. For example, |
| policyVersion | Version of the policy indicating updates. |
| policyRules | List of rules associated with the policy |
| ruleAction | Defines the action taken, such as Assign or Allow.
|
| ruleStatement | Specifies what the rule does in a statement form.
|
| ruleStatus | Current status of the rule (e.g., ACTIVE).
|
| ruleType | Rule type. For example, RBAC_RULE, ABAC_RULE.
|
Permission Reference Schema and Sample Output File
Here's Permission schema for creation, modification, and deletion.
Permission Create/Update Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"displayName": {
"type": "string"
},
"permissionTypeId": {
"type": "string"
},
"granteeName": {
"type": "string"
},
"granteeType": {
"type": "string"
},
"resourceId": {
"type": "string"
},
"resourceName": {
"type": "string"
},
"riskLevel": {
"type": "string"
},
"status": {
"type": "string"
},
"targetId": {
"type": "string"
},
"userDefinedTags": {
"type": "string"
},
"owner": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"customAttributes": {
"type": "object"
}
},
"additionalProperties": false,
"required": [
"id"
]
}
}Permission Delete Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
}Sample Output Code Snippet
You'll receive JSONL format. The headers section contains metadata such as event type, timestamps, correlation IDs, tenancy details, and request identifiers. Each line represents permission entries, each defining permission details, group IDs, external identifiers, associated resource IDs, target IDs, and operation types.
{"headers":{"eventId":"a20187cX-8bbX-460d-a8X0-55806d7e235c","correlationId":"824dc4fX-7e6X-450a-aaXb-c356f3ae6fbd","eventTime":"2025-02-12T17:28:34.879845Z","eventType":"com.oracle.idm.agcs.data.enablement.permission.created","eventTypeVersion":"1.0","operation":"CREATE","messageType":"PERMISSION","status":"IN_PROGRESS","opcRequestId":"oci-D69EFA92F9FXXF1A-202502121725/39F44AEA185XXE1CF9D200A4840B7A49/CF1A12B2886X01E19C642AE5DF909F9A","tenancyId":"ocid1.tenancy.oc1..aaaaaaaahvjXXlu7yccuhj3wrq5uqiybu7f5tfxvwteiwaupnlkj4woz6ybq","serviceInstanceId":"ocid1.notreviewedplaceholder.dev.dev.amaaaaaapzwXXrdiarmplc2m2fwyd4z3h7gbxkwkasgeu64a7n6kx5ulgsbaa"}}
{"id":"groups.ICF.AD2.0013a594f9XXXe2d766114aef26a73b90","externalId":"CN\u003dADUpgradeGrp a16ug7rXXX_a1oqif0idk,OU\u003dVision,dc\u003dserverad,dc\u003dcom","name":"ADUpgradeGrp a16ug7rXXX_a1oqif0idk","permissionTypeId":"etype.ICF.AD2.ea72c837XXaa05daf0123ae94d7b0ff4","resourceId":"resource.ICF.AD2.f775de49XXdadcea269cc5072261730ac","targetId":"05452611-7305-43c3-b0XX-0ba9936a8553","customAttributes":{"operationType":"CREATE_OR_UPDATE"}}
{"id":"groups.ICF.AD2.001d73d254XXea03ba76ceab1201f083","externalId":"CN\u003dENTL_LHBPS,OU\u003dVision,dc\u003dserverad,dc\u003dcom","name":"ENTL_LHBPS","permissionTypeId":"etype.ICF.AD2.ea72c837XXaa05daf0123ae94d7b0ff4","resourceId":"resource.ICF.AD2.f775de49XXdadcea269cc5072261730ac","targetId":"05452611-7305-43c3-b0XX-0ba9936a8553","customAttributes":{"operationType":"CREATE_OR_UPDATE"}}
{"id":"groups.ICF.AD2.001ead5fXXf0d8b17161eb92b9954740","externalId":"CN\u003dEntl_TCA,OU\u003dVision,dc\u003dserverad,dc\u003dcom","name":"Entl_TCA","permissionTypeId":"etype.ICF.AD2.ea72c837XXaa05daf0123ae94d7b0ff4","resourceId":"resource.ICF.AD2.f775de49XXdadcea269cc5072261730ac","targetId":"05452611-7305-43c3-b0XX-0ba9936a8553","customAttributes":{"operationType":"CREATE_OR_UPDATE"}}
Permission Schema Attribute Definition
Here's the attribute definition for an permission output file.
Table - Permission Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for each permission, such as groups or privileges . |
| externalId | External system identifier for the permission, such as distinguished name identifier |
| name | Name of the permission. For example, Active Directory Group IT_Admins |
| permissionTypeId | Identifier for the type of permission granted. |
| resourceId | Unique identifier for the resource associated with the permission. |
| targetId | Identifier of the target system where permissions apply. |
| customAttributes | Additional attributes related to the permission. |
| operationType | Specifies the operation performed while provisioning. For example CREATE or UPDATE.
|
Permission Assignment Reference Schema and Sample Output File
Here's permission assignment schema for creation, modification, and deletion, including the sub-schema.
Permission Assignment Create/Update Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"targetIdentityId": {
"type": "string"
},
"globalIdentityId": {
"type": "string"
},
"add": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/permissionAssignments.json"
},
"remove": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/permissionAssignments.json"
}
},
"additionalProperties": false,
"required": [
"targetIdentityId"
]
}
}Permission Assignment Sub-Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": { "type": "string" },
"externalId": { "type": "string" },
"status": { "type": "string" },
"accountStatus": { "type": "string" },
"targetId": { "type": "string" },
"targetType": { "type": "string" },
"granttype": { "type": "string" },
"permissionType": { "type": "string" },
"permissionId": { "type": "string" },
"permissionName": { "type": "string" },
"accessBundleId": { "type": "string" },
"accessBundleName": { "type": "string" },
"roleId": { "type": "string" },
"roleName": { "type": "string" },
"identityGroupId": { "type": "string" },
"identityGroupName": { "type": "string" },
"resourceId": { "type": "string" },
"resourceDisplayName": { "type": "string" },
"policyId": { "type": "string" },
"policyName": { "type": "string" },
"policyRuleId": { "type": "string" },
"userLogin": { "type": "string" },
"validFrom": { "type": "integer" },
"validTo": { "type": "integer" }
},
"additionalProperties": false,
"required": ["id", "permissionId"]
}
}Permission Assignment Delete Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"globalIdentityId": {
"type": "string"
},
"targetIdentityId": {
"type": "string"
},
"ids": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"targetIdentityId"
]
}Sample Output Code Snippet
This JSON data represents global identities and their associated access permissions, detailing which identity accounts have been granted access. It includes permission assignments linked to a specific resource and tracks the provisioning status of each account.
{
"targetIdentityId": "targetId.account.ICF.AD2.193b1cacbe9aceeee750c3191c119d91d",
"globalIdentityId": "globalId.ICF.ADWildFire.30309426d8d71699f2139c093e41dacb",
"add": [
{
"id": "215CEE0D5E52FCB8E063DB15000A41cF",
"externalId": "34a6e879c9e8084fac787d3b59d8bf08",
"status": "PROVISIONED",
"accountStatus": "true",
"targetId": "05452611-7305-43c3-b0cc-0bac936a855c",
"targetType": "ICF",
"granttype": "DIRECT",
"permissionId": "groups.ICF.AD2.b11900a7c06b0b6344dec199ba54c23a",
"permissionName": "ADVP2",
"resourceId": "resource.ICF.AD2.f77cde493dadceac69cc507226173cac",
"resourceDisplayName": "AD2"
},
{
"id": "215CEE102C4CFCB8E063DB15000A41cF",
"externalId": "f6aaec83c51db144a7e0acde8f4b9d65",
"status": "PROVISIONED",
"accountStatus": "true",
"targetId": "05452611-7305-43c3-b0cc-0bac936a855c",
"targetType": "ICF",
"granttype": "DIRECT",
"permissionId": "groups.ICF.AD2.9797bc45058c8d4fd4c1fa3282a8b6a4",
"permissionName": "ADVP3",
"resourceId": "resource.ICF.AD2.f77cde493dadceac69cc507226173cac",
"resourceDisplayName": "AD2"
}
]
}
Permission Assignment Schema Attribute Definition
Here's the attribute definition for an permission assignment output file.
Table - Identity Schema Attribute Definition for Day 0
| Attributes | Description |
|---|---|
| globalIdentity | Composite identity profile object used by Oracle Access Governance as a source of truth to perform various governance and provisioning operations. It contains access profile details, including core and custom attributes. For more information, refer to Identities Access Details Reference, |
| targetIdentities | Unique identifier of the orchestrated identity object integrated with Oracle Access Governance and matched with the composite identity profile. |
| add | List of permissions granted to the global identity. |
| id | Unique identifier for each permission assignment. |
| externalId | External system identifier for the permission entry. |
| status | Provisioning status of the permission (for example,
PROVISIONED).
|
| accountStatus | Indicates whether the account is active
(true or false).
|
| targetId | Identifier of the target system where permissions apply. |
| targetType | Type of the target system (for example,
ICF).
|
| granttype | Specifies how permission is granted (For example,
DIRECT).
|
| permissionId | Unique identifier for the assigned permission. |
| permissionName | Name of the permission granted. |
| resourceId | Identifier of the resource associated with the permission. |
| resourceDisplayName | User-friendly name of the resource (For example,
AD2).
|
Roles Reference Schema and Sample Output File
Here's Oracle Access Governance roles schema for creation, modification, and deletion.
Roles Created/Updated Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": { "type": "string" },
"externalId": { "type": "string" },
"name": { "type": "string" },
"description": { "type": "string" },
"displayName": { "type": "string" },
"requestableBy": { "type": "string" },
"referenceRequestId": { "type": "string" },
"status": { "type": "string" },
"approvalWorkflow": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/approvalWorkflow.json"
},
"tags": { "type": "string" },
"classifications": { "type": "string" },
"accessBundleIds": {
"type": "array",
"items": { "type": "string" }
},
"createdBy": { "type": "string" },
"createdByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"createdOn": { "type": "integer" },
"updatedBy": { "type": "string" },
"updatedByRef": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"updatedOn": { "type": "integer" },
"agManaged": { "type": "boolean" },
"managedByIds": {
"type": "array",
"items": { "type": "string" }
},
"owner": {
"$ref": "resource:com/oracle/idm/agcs/data/enablement/schema/reference.json"
},
"ownerShipCollectionId": { "type": "string" },
"ownerUIDs": {
"type": "array",
"items": { "type": "string" }
}
},
"additionalProperties": false,
"required": ["id"]
}
}Roles Deleted Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": ["id"]
}Sample Output Code Snippet
{
"id": "1bce7e90-XXXX-41ea-8d1c-bceXXXXe31099",
"externalId": "ocid1.dev.dev.amcxxxvcaaapzw5rdiarmplc2m2fwXXXXz3h7gbxkwkasgeu64a7n6kx5ulgsbaa",
"name": "AD_User_Groups_Access",
"description": "Access permissions for Active Directory User Groups",
"displayName": "AD Group Role",
"requestableBy": "ANY",
"status": "ACTIVE",
"approvalWorkflow": {
"id": "NO_APPROVAL_REQUIRED"
},
"accessBundles": [
"7c4e49ad-XXXX-4051-8b9a-80543acfXXXX"
],
"createdBy": "Amel MacLead",
"createdOn": 1703145588737,
"updatedBy": "AG_System_Shared",
"updatedOn": 1703145588737,
"agManaged": false
}Roles Schema Attribute Definition
Here's the attribute definition for an Roles output file.
Table - Roles Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier for each access bundle. |
| externalId | External system identifier for the system. |
| name | Name of the role. |
| description | Description of role. |
| displayName | Display name of the role. |
| requestableBy | The identity type that may request the role. For example, ANY or NONE.
|
| status |
Status of the role. For example, |
| approvalWorkflow | The id of the approval workflow that is applicable to the role. |
| accessBundles | List of associated access bundles. |
| createdOn | Timestamp indicating when the role was created. |
| createdBy | User who created the role. |
| updatedBy | User who last modified the role. |
| updatedOn | Timestamp indicating when the role was last updated. |
| agManaged | Boolean flag indicating if the entity is managed automatically |
Resource Reference Schema and Sample
Here's resource schema for creation, modification, and deletion.
Resource Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "resources",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"resourceName": {
"type": "string"
},
"resourceType": {
"type": "string"
},
"description": {
"type": "string"
}
},
"additionalProperties": false
}
}Resource Modification Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "resources",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"tenancyId": {
"type": "string"
},
"resourceName": {
"type": "string"
},
"resourceType": {
"type": "string"
},
"description": {
"type": "string"
}
},
"additionalProperties": false
}
}Resource Deletion Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"id": {
"type": "string"
},
"additionalProperties": false,
"required": [
"id"
]
}
}Sample Output Code Snippet
{
"id": "resource.ICF.ADUPDATE.4bbac5904b6302dc82871da2c9756fea",
"externalId": "48713388",
"targetId": "ade93352-e7d5-46e6-847a-c765be1f0aad",
"tenancyId": "ocid1.tenancy.oc1..aaaaaaaahvjxelu7yccuhj3wrq5uqiybu7f5tfxvwteiwaupnlkj4woz6ybq",
"resourceName": "ADUPDATE",
"resourceType": "AD",
"description": ""
}Resources Schema Attribute Definition
Here's the attribute definition for an resource export file.
Table - Resource Schema Attribute Definition
| Attributes | Description |
|---|---|
| id | Unique identifier assigned within Oracle Access Governance for resource tracing. It also contains orchestrated system identifier from which the resource is ingested into Oracle Access Governance. |
| externalId | Unique resource identifier in OCI. |
| targetId | Unique identifier for the orchestrated system integrated with Oracle Access Governance. |
| tenancyId | Unique tenancy identifier (OCID) in which the resource is located. This is applicable only for OCI orchestrated system and contains OCI resources. |
| resourceName | Resource name. |
| resourceType | Resource Type |
| description | Resource description |
Resource to Policy Statement
Here's a schema for list of policies associated with a resource.
Policy Statement to Resource Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "accessPolicyStatementResourceMapping",
"type": "array",
"items": {
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"policies": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"policyStatementId": {
"type": "string"
}
}
}
}
}
}
}Sample Output Code Snippet
{
"compartmentId": "ocid1.tenancy.oc1..ppppppp2h5y42lkaalhtrwmqyinmwipjyxc3xmod4h7m3d2bmdjg6qwerty",
"id": "resource.OCI.agcusttokyo.1b65a16c154269702eea873f34cef690",
"externalId": "ocid1.database.oc1.ap-tokyo-1.anxhiljrzqwertya7o46ijh4nv3rjzpnqjwqidqh37rcptyngy5g46ebnlea",
"targetId": "e88d075e-d2a6-4f1d-8c1b-f472917b8770",
"policies": [
{
"id": "tapolicy.OCI.agcusttokyo.70ffb4c4f706aa55a5a35cb7902fe47a",
"externalId": "ocid1.policy.oc1..aaaaaaaaxkyqwertyenond5hoclrmmvhlxw3tjukgqbbstfmepigetr6ulqq",
"policyStatementId": "tapolicystmt.OCI.agcusttokyo.99cd276ef37300a357c0a1488dae2567"
}
]
}Resources to Policy Schema Attribute Definition
Here's the attribute definition for an identity export file.
Table - Resource to Policy Schema Attribute Definition
| Attributes | Description |
|---|---|
| compartmentId | Unique compartment identifier (OCID) associated with the resource. This is applicable only for OCI resources. |
| id | Unique identifier for the resource assigned within Oracle Access Governance. |
| externalId | Unique resource identifier in OCI, called resource OCID. |
| targetId | Unique identifier to identify orchestrated system associated with the resource. |
| policies | Array of policies attached to a resource. Each policy contains details like policy id, policy statement id, and external id to identify policies |
Policy Statement to Resource
Here's a schema for a policy statement associated with a list of resources.
Policy Statement to Resource Creation Schema
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"title": "accessPolicyStatementResourceMapping",
"type": "array",
"items": {
"type": "object",
"properties": {
"compartmentId": {
"type": "string"
},
"id": {
"type": "string"
},
"externalId": {
"type": "string"
},
"policyStatementId": {
"type": "string"
},
"targetId": {
"type": "string"
},
"resources": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"externalId": {
"type": "string"
}
}
}
}
}
}
}Sample Output Code Snippet
{
"compartmentId": "ocid1.tenancy.oc1..aaaaaaaazp2vvzjsn6newkqrpkwndxpdoixtqfgyhnf4y24h7d5ny27h6f3q",
"id": "tapolicy.OCI.ag-test.58a173b97f94c6ff0046448470573609",
"externalId": "ocid1.policy.oc1..aaaaaaaa3axgfgqgc3f4xcbno5p7driojc2hnaxr3jw3pu5xs7lhkoopo55a",
"policyStatementId": "tapolicystmt.OCI.ag-test.2dc34ea12d5f0cbd7e9429029b257c99",
"targetId": "2879c2b3-721c-4ede-afc5-5aa6c3b54e99",
"resources": [
{
"id": "resource.OCI.ag-test.189fa43b2323037d1da11e6f0e488296",
"externalId": "ocid1.instance.oc1.me-abudhabi-1.anqxkljrebkbezqcpoofyvho44qcyb76uu75aonuhexk42ibcv4ohpfat5iq"
},
{
"id": "resource.OCI.ag-test.s563541re3fca34e7105fe5a7c516025",
"externalId": "ocid1.instance.oc1.iad.anuwcljsebkbezqcowg5so6mnuewanlrohoovt7ce54ujhuqxi3h75hm6mrq"
},
{
"id": "resource.OCI.ag-test.d3e8c10a5659d18dda403bf00e1e2aea",
"externalId": "ocid1.instance.oc1.iad.anuwcljtebkbezqcxvwlq62t4ldkyb5kkttgvyobqvuh3tltz7qjtxchldja"
},
{
"id": "resource.OCI.ag-test.c189f74e4c77ca6416f0d92bb2db9f2a",
"externalId": "ocid1.instance.oc1.us-sanjose-1.abcdejrebkbezqctftv5vbfucdb3amdgslvbptnjpdqyvporupbhr3sluqq"
},
{
"id": "resource.OCI.ag-test.a1f0662fd624e07c6b41e14fdf918591",
"externalId": "ocid1.instance.oc1.iad.abcdejtebkbezqctyoxut22u26pvej5wglyodyjen6fb7qqid3ovy4sfbxa"
},
{
"id": "resource.OCI.ag-test.8d177901e639e144b6289ed1d81fe255",
"externalId": "ocid1.instance.oc1.iad.qwertyjtebkbezqcoxwhqw4wfpmlozp5ghrhr74222jcivbdaannyo6a26xq"
},
{
"id": "resource.OCI.ag-test.81bdacf188ed585e3aca85a131e23df5",
"externalId": "ocid1.instance.oc1.iad.qwertyjtebkbezqcdtejri54el6u7dw4bvjmz5t2rzxar76oz5szigf2o4aq"
},
{
"id": "resource.OCI.ag-test.3883fc488ff0531274fcee9d87f00fd2",
"externalId": "ocid1.instance.oc1.iad.qwertyjtebkbezqczdrg677joyhxf2kdm2jzlzmetzzylox4lptxd2svbnva"
},
{
"id": "resource.OCI.ag-test.3480fad0d9bf8a3fe13c54028f13f66c",
"externalId": "ocid1.instance.oc1.us-sanjose-1.qwertyjrebkbezqcyrzc7xu3flvidhwoyssaoiyyewi3bidnnnuucpfjmwwq"
},
{
"id": "resource.OCI.ag-test.3480fad0d9bf8a3fe13c54028f13f66c",
"externalId": "ocid1.instance.oc1.us-sanjose-1.qwertyjrebkbezqcyrzc7xu3flvidhwoyssaoiyyewi3bidnnnuucpfjmwwq"
},
{
"id": "resource.OCI.ag-test.2a14a90e547488318d2bca0b30a247f1",
"externalId": "ocid1.instance.oc1.ad.qwertyjtebkbezqcwyajizhztiujrmmshn3cuqiou4vtodhv4femidlpj7ha"
}
]
}Policy to Resources Schema Attribute Definition
Here are the definitions of the attribute included in the policy access to resource export file.
| Attributes | Description |
|---|---|
| compartmentId | Unique compartment identifier (OCID) associated with a policy. This is applicable only for OCI policies. |
| id | Unique identifier for the policy assigned within Oracle Access Governance. |
| externalId | Unique policy identifier in OCI, called OCID. |
| targetId | Unique identifier to identify orchestrated system associated with the policy. |
| resources | Array of resources attached to a resource. Each policy contains details like policy id, policy statement id, and external id to identify policies |
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.