Jump to

• Request
• Response
• Examples

Create an Access Request

post

/access-governance/access-controls/20250331/accessRequests

Creates a new access request for an identity with the specified details. You can create an Access Request only for Workforce Identities.

Request

Header Parameters

• opc-request-id: string
  The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.

Body ()

Details for the new Access Request.

Root Schema : CreateAccessRequestDetails

Type: object

The information about new AccessRequest.

Show Source

• accessBundles: array accessBundles
  list of Access bundle items.
• accessLimitDataDetails: array accessLimitDataDetails
  List of access limit data associated to permission request
• accountProfileDetails: array accountProfileDetails
  List of account profiles associated to access request. Required only if the associated access bundle has Account Profile attached to it.
• attributes: object attributes
  Additional Properties Allowed: additionalProperties

  Attributes of the corresponding model. Example: `{"foo-namespace": {"bar-key": "value"}}`
• identities: array identities
  list of identity ids
• justification: string
  Justification for creating the access request
• orchestratedSystemAttributes: array orchestratedSystemAttributes
  list of orchestratedSystemAttributes associated with targets
• permissionRoles: array permissionRoles
  list of Permission roles items.
• requestStatus: string
  Status of the access request

{
    "type":"object",
    "properties":{
        "justification":{
            "type":"string",
            "description":"Justification for creating the access request"
        },
        "requestStatus":{
            "type":"string",
            "description":"Status of the access request"
        },
        "permissionRoles":{
            "type":"array",
            "description":"list of Permission roles items.",
            "items":{
                "type":"string"
            }
        },
        "accessBundles":{
            "type":"array",
            "description":"list of Access bundle items.",
            "items":{
                "type":"string"
            }
        },
        "identities":{
            "type":"array",
            "description":"list of identity ids",
            "items":{
                "type":"string"
            }
        },
        "orchestratedSystemAttributes":{
            "type":"array",
            "description":"list of orchestratedSystemAttributes associated with targets",
            "items":{
                "$ref":"#/definitions/OrchestratedSystemAttribute"
            }
        },
        "accountProfileDetails":{
            "type":"array",
            "description":"List of account profiles associated to access request. Required only if the associated access bundle has Account Profile attached to it.",
            "items":{
                "$ref":"#/definitions/AccountProfileInfo"
            }
        },
        "attributes":{
            "type":"object",
            "description":"Attributes of the corresponding model. \nExample: `{\"foo-namespace\": {\"bar-key\": \"value\"}}`\n",
            "additionalProperties":{
                "type":"object",
                "properties":{
                }
            }
        },
        "accessLimitDataDetails":{
            "type":"array",
            "description":"List of access limit data associated to permission request",
            "items":{
                "$ref":"#/definitions/AccessLimitDataDetails"
            }
        }
    },
    "description":"The information about new AccessRequest."
}

Nested Schema : accessBundles

Type: array

list of Access bundle items.

Show Source

• Array of: string

{
    "type":"array",
    "description":"list of Access bundle items.",
    "items":{
        "type":"string"
    }
}

Nested Schema : accessLimitDataDetails

Type: array

List of access limit data associated to permission request

Show Source

• Array of: object AccessLimitDataDetails
  Access Limit Data configured by Identity

{
    "type":"array",
    "description":"List of access limit data associated to permission request",
    "items":{
        "$ref":"#/definitions/AccessLimitDataDetails"
    }
}

Nested Schema : accountProfileDetails

Type: array

List of account profiles associated to access request. Required only if the associated access bundle has Account Profile attached to it.

Show Source

• Array of: object AccountProfileInfo
  Account Profile Configuration by Identity

{
    "type":"array",
    "description":"List of account profiles associated to access request. Required only if the associated access bundle has Account Profile attached to it.",
    "items":{
        "$ref":"#/definitions/AccountProfileInfo"
    }
}

Nested Schema : attributes

Type: object

Additional Properties Allowed

Show Source

• object additionalProperties

{
    "type":"object",
    "description":"Attributes of the corresponding model. \nExample: `{\"foo-namespace\": {\"bar-key\": \"value\"}}`\n",
    "additionalProperties":{
        "type":"object",
        "properties":{
        }
    }
}

Attributes of the corresponding model. Example: `{"foo-namespace": {"bar-key": "value"}}`

Nested Schema : identities

Type: array

list of identity ids

Show Source

• Array of: string

{
    "type":"array",
    "description":"list of identity ids",
    "items":{
        "type":"string"
    }
}

Nested Schema : orchestratedSystemAttributes

Type: array

list of orchestratedSystemAttributes associated with targets

Show Source

• Array of: object OrchestratedSystemAttribute
  Account & permission attributes

{
    "type":"array",
    "description":"list of orchestratedSystemAttributes associated with targets",
    "items":{
        "$ref":"#/definitions/OrchestratedSystemAttribute"
    }
}

Nested Schema : permissionRoles

Type: array

list of Permission roles items.

Show Source

• Array of: string

{
    "type":"array",
    "description":"list of Permission roles items.",
    "items":{
        "type":"string"
    }
}

Nested Schema : AccessLimitDataDetails

Type: object

Access Limit Data configured by Identity

Show Source

• accessBundleId: string
  Access bundle Id
• accessLimitDataInfo: object AccessLimitDataInfo
  Access Limit Data information object.
• identityAccessLimitDetails: array identityAccessLimitDetails
  Access Limit Data for Identity
• isIdentitySpecific: boolean
  Same configuration for all identities.

{
    "type":"object",
    "properties":{
        "accessBundleId":{
            "type":"string",
            "description":"Access bundle Id"
        },
        "isIdentitySpecific":{
            "type":"boolean",
            "description":"Same configuration for all identities."
        },
        "identityAccessLimitDetails":{
            "type":"array",
            "description":"Access Limit Data for Identity",
            "items":{
                "$ref":"#/definitions/IdentityAccessLimitDataInfo"
            }
        },
        "accessLimitDataInfo":{
            "$ref":"#/definitions/AccessLimitDataInfo"
        }
    },
    "description":"Access Limit Data configured by Identity"
}

Nested Schema : AccessLimitDataInfo

Type: object

Access Limit Data information object.

Show Source

• accessLimitData: object AccessLimitData
  The Temporal Access Bundle data.
• accessLimitType: string
  Allowed Values: [ "INDEFINITELY", "NUMBER_OF_DAYS", "NUMBER_OF_HOURS", "DATE_TIME_RANGE" ]

  Time limit type of the access bundle

{
    "type":"object",
    "properties":{
        "accessLimitType":{
            "type":"string",
            "description":"Time limit type of the access bundle",
            "enum":[
                "INDEFINITELY",
                "NUMBER_OF_DAYS",
                "NUMBER_OF_HOURS",
                "DATE_TIME_RANGE"
            ],
            "x-obmcs-top-level-enum":"#/definitions/AccessLimitType",
            "x-default-description":"INDEFINITELY"
        },
        "accessLimitData":{
            "$ref":"#/definitions/AccessLimitData"
        }
    },
    "description":"Access Limit Data information object."
}

Nested Schema : identityAccessLimitDetails

Type: array

Access Limit Data for Identity

Show Source

• Array of: object IdentityAccessLimitDataInfo
  Access Limit Data for Identity

{
    "type":"array",
    "description":"Access Limit Data for Identity",
    "items":{
        "$ref":"#/definitions/IdentityAccessLimitDataInfo"
    }
}

Nested Schema : AccessLimitData

Type: object

The Temporal Access Bundle data.

Show Source

• dateTimeConfig: object AccessLimitDateTimeConfig
  The Temporal Access Bundle data for date time.
• daysConfig: object AccessLimitDaysConfig
  The Temporal Access Bundle data for days.
• hoursConfig: object AccessLimitHoursConfig
  The Temporal Access Bundle data for hours.

{
    "type":"object",
    "properties":{
        "daysConfig":{
            "$ref":"#/definitions/AccessLimitDaysConfig"
        },
        "hoursConfig":{
            "$ref":"#/definitions/AccessLimitHoursConfig"
        },
        "dateTimeConfig":{
            "$ref":"#/definitions/AccessLimitDateTimeConfig"
        }
    },
    "description":"The Temporal Access Bundle data."
}

Nested Schema : AccessLimitDateTimeConfig

Type: object

The Temporal Access Bundle data for date time.

Show Source

• expirationEndTime: integer(int64)
  Time in epoch when the access should be expired
• expirationStartTime: integer(int64)
  Time in epoch when the access should be granted

{
    "type":"object",
    "properties":{
        "expirationStartTime":{
            "type":"integer",
            "format":"int64",
            "description":"Time in epoch when the access should be granted"
        },
        "expirationEndTime":{
            "type":"integer",
            "format":"int64",
            "description":"Time in epoch when the access should be expired"
        }
    },
    "description":"The Temporal Access Bundle data for date time."
}

Nested Schema : AccessLimitDaysConfig

Type: object

The Temporal Access Bundle data for days.

Show Source

• expirationInDays: integer
  Maximum number of days allowed before expiry
• extensionApprovalWorkflowId: object IdInfo
  Generic identifying information object.
• extensionInDays: integer
  Number of days extensions is allowed
• notificationInDays: integer
  Number of days when notification should be sent

{
    "type":"object",
    "properties":{
        "expirationInDays":{
            "type":"integer",
            "description":"Maximum number of days allowed before expiry"
        },
        "notificationInDays":{
            "type":"integer",
            "description":"Number of days when notification should be sent"
        },
        "extensionInDays":{
            "type":"integer",
            "description":"Number of days extensions is allowed"
        },
        "extensionApprovalWorkflowId":{
            "$ref":"#/definitions/IdInfo"
        }
    },
    "description":"The Temporal Access Bundle data for days."
}

Nested Schema : AccessLimitHoursConfig

Type: object

The Temporal Access Bundle data for hours.

Show Source

• expirationInHours: integer
  Maximum number of hours allowed before expiry
• extensionApprovalWorkflowId: object IdInfo
  Generic identifying information object.
• extensionInHours: integer
  Number of hours extensions is allowed
• notificationInHours: integer
  Number of hours when notification should be sent

{
    "type":"object",
    "properties":{
        "expirationInHours":{
            "type":"integer",
            "description":"Maximum number of hours allowed before expiry"
        },
        "notificationInHours":{
            "type":"integer",
            "description":"Number of hours when notification should be sent"
        },
        "extensionInHours":{
            "type":"integer",
            "description":"Number of hours extensions is allowed"
        },
        "extensionApprovalWorkflowId":{
            "$ref":"#/definitions/IdInfo"
        }
    },
    "description":"The Temporal Access Bundle data for hours."
}

Nested Schema : IdInfo

Type: object

Generic identifying information object.

Show Source

• displayName: string
  Display Name of the entity.
• id: string
  Id of the entity.
• name: string
  Name of the entity.

{
    "type":"object",
    "properties":{
        "id":{
            "type":"string",
            "description":"Id of the entity."
        },
        "name":{
            "type":"string",
            "description":"Name of the entity."
        },
        "displayName":{
            "type":"string",
            "description":"Display Name of the entity."
        }
    },
    "description":"Generic identifying information object."
}

Nested Schema : IdentityAccessLimitDataInfo

Type: object

Access Limit Data for Identity

Show Source

• accessLimitDataInfo: object AccessLimitDataInfo
  Access Limit Data information object.
• identityId: string
  Global Identity Id

{
    "type":"object",
    "properties":{
        "identityId":{
            "type":"string",
            "description":"Global Identity Id"
        },
        "accessLimitDataInfo":{
            "$ref":"#/definitions/AccessLimitDataInfo"
        }
    },
    "description":"Access Limit Data for Identity"
}

Nested Schema : AccountProfileInfo

Type: object

Account Profile Configuration by Identity

Show Source

• accountAttributes: array accountAttributes
  Account Attribute Values
• accountProfileId: string
  Account Profile Id
• identityAccountAttributesDetails: array identityAccountAttributesDetails
  Account Attributes Info by Identity
• identitySpecific: boolean
  Same configuration for all identities.

{
    "type":"object",
    "properties":{
        "accountProfileId":{
            "type":"string",
            "description":"Account Profile Id"
        },
        "identitySpecific":{
            "type":"boolean",
            "description":"Same configuration for all identities."
        },
        "identityAccountAttributesDetails":{
            "type":"array",
            "description":"Account Attributes Info by Identity",
            "items":{
                "$ref":"#/definitions/IdentityAccountAttributesInfo"
            }
        },
        "accountAttributes":{
            "type":"array",
            "description":"Account Attribute Values",
            "items":{
                "$ref":"#/definitions/QuestionAttributeDataSummary"
            }
        }
    },
    "description":"Account Profile Configuration by Identity"
}

Nested Schema : accountAttributes

Type: array

Account Attribute Values

Show Source

• Array of: object QuestionAttributeDataSummary
  Question Attributes of account profile

{
    "type":"array",
    "description":"Account Attribute Values",
    "items":{
        "$ref":"#/definitions/QuestionAttributeDataSummary"
    }
}

Nested Schema : identityAccountAttributesDetails

Type: array

Account Attributes Info by Identity

Show Source

• Array of: object IdentityAccountAttributesInfo
  Account Profile Attributes

{
    "type":"array",
    "description":"Account Attributes Info by Identity",
    "items":{
        "$ref":"#/definitions/IdentityAccountAttributesInfo"
    }
}

Nested Schema : QuestionAttributeDataSummary

Type: object

Question Attributes of account profile

Show Source

• children: array children
  nested attributes
• isQuestion: boolean
  Boolean value for checking if this is attribute is a question for requester.
• name: string
  Attribute name - Unique identifier
• values: array values
  Attribute Values

{
    "type":"object",
    "properties":{
        "name":{
            "type":"string",
            "description":"Attribute name - Unique identifier"
        },
        "values":{
            "type":"array",
            "description":"Attribute Values",
            "items":{
                "type":"string"
            }
        },
        "children":{
            "type":"array",
            "description":"nested attributes",
            "items":{
                "$ref":"#/definitions/NestedQuestionAttributeSummary"
            }
        },
        "isQuestion":{
            "type":"boolean",
            "description":"Boolean value for checking if this is attribute is a question for requester."
        }
    },
    "description":"Question Attributes of account profile"
}

Nested Schema : children

Type: array

nested attributes

Show Source

• Array of: object NestedQuestionAttributeSummary
  Nested set of question attributes

{
    "type":"array",
    "description":"nested attributes",
    "items":{
        "$ref":"#/definitions/NestedQuestionAttributeSummary"
    }
}

Nested Schema : values

Type: array

Attribute Values

Show Source

• Array of: string

{
    "type":"array",
    "description":"Attribute Values",
    "items":{
        "type":"string"
    }
}

Nested Schema : NestedQuestionAttributeSummary

Type: object

Nested set of question attributes

Show Source

• items: array items
  Question attributes

{
    "type":"object",
    "properties":{
        "items":{
            "type":"array",
            "description":"Question attributes",
            "items":{
                "$ref":"#/definitions/QuestionAttributeDataSummary"
            }
        }
    },
    "description":"Nested set of question attributes"
}

Nested Schema : items

Type: array

Question attributes

Show Source

• Array of: object QuestionAttributeDataSummary
  Question Attributes of account profile

{
    "type":"array",
    "description":"Question attributes",
    "items":{
        "$ref":"#/definitions/QuestionAttributeDataSummary"
    }
}

Nested Schema : IdentityAccountAttributesInfo

Type: object

Account Profile Attributes

Show Source

• accountAttributes: array accountAttributes
  Account Attribute Values
• identityId: string
  Global Identity Id

{
    "type":"object",
    "properties":{
        "identityId":{
            "type":"string",
            "description":"Global Identity Id"
        },
        "accountAttributes":{
            "type":"array",
            "description":"Account Attribute Values",
            "items":{
                "$ref":"#/definitions/QuestionAttributeDataSummary"
            }
        }
    },
    "description":"Account Profile Attributes"
}

Nested Schema : accountAttributes

Type: array

Account Attribute Values

Show Source

• Array of: object QuestionAttributeDataSummary
  Question Attributes of account profile

{
    "type":"array",
    "description":"Account Attribute Values",
    "items":{
        "$ref":"#/definitions/QuestionAttributeDataSummary"
    }
}

Nested Schema : additionalProperties

Type: object

Show Source

{
    "type":"object",
    "properties":{
    }
}

Nested Schema : OrchestratedSystemAttribute

Type: object

Account & permission attributes

Show Source

• accountAttributes: array accountAttributes
  List of Orchestrated System account attributes
• orchestratedSystem: object Info
  Generic information object.
• permissionAttributes: array permissionAttributes
  List of Orchestrated System permission attributes

{
    "type":"object",
    "properties":{
        "orchestratedSystem":{
            "$ref":"#/definitions/Info"
        },
        "accountAttributes":{
            "type":"array",
            "description":"List of Orchestrated System account attributes",
            "items":{
                "$ref":"#/definitions/OrchestratedSystemAttributeData"
            }
        },
        "permissionAttributes":{
            "type":"array",
            "description":"List of Orchestrated System permission attributes",
            "items":{
                "$ref":"#/definitions/OrchestratedSystemAttributeData"
            }
        }
    },
    "description":"Account & permission attributes"
}

Nested Schema : accountAttributes

Type: array

List of Orchestrated System account attributes

Show Source

• Array of: object OrchestratedSystemAttributeData
  Orchestrated System Attributes

{
    "type":"array",
    "description":"List of Orchestrated System account attributes",
    "items":{
        "$ref":"#/definitions/OrchestratedSystemAttributeData"
    }
}

Nested Schema : Info

Type: object

Generic information object.

Show Source

• displayName: string
  Display Name of the entity.
• id: string
  id of the entity.
• name: string
  name of the entity.

{
    "type":"object",
    "properties":{
        "id":{
            "type":"string",
            "description":"id of the entity."
        },
        "name":{
            "type":"string",
            "description":"name of the entity."
        },
        "displayName":{
            "type":"string",
            "description":"Display Name of the entity."
        }
    },
    "description":"Generic information object."
}

Nested Schema : permissionAttributes

Type: array

List of Orchestrated System permission attributes

Show Source

• Array of: object OrchestratedSystemAttributeData
  Orchestrated System Attributes

{
    "type":"array",
    "description":"List of Orchestrated System permission attributes",
    "items":{
        "$ref":"#/definitions/OrchestratedSystemAttributeData"
    }
}

Nested Schema : OrchestratedSystemAttributeData

Type: object

Orchestrated System Attributes

Show Source

• children: array children
  nested attributes
• defaultValues: array defaultValues
  Attribute Value
• description: string
  A description of the attribute
• discriminator: string
  this field signify attribute field is password
• lookupType: string
  LookupID for the attribute
• name: string
  Attribute name
• permissionType: string
  Permission Type
• title: string
  Display Name for the attribute.
• type: string
  Type of attribute

{
    "type":"object",
    "properties":{
        "name":{
            "type":"string",
            "description":"Attribute name"
        },
        "type":{
            "type":"string",
            "description":"Type of attribute"
        },
        "title":{
            "type":"string",
            "description":"Display Name for the attribute."
        },
        "description":{
            "type":"string",
            "description":"A description of the attribute"
        },
        "children":{
            "type":"array",
            "description":"nested attributes",
            "items":{
                "$ref":"#/definitions/NestedAttributes"
            }
        },
        "lookupType":{
            "type":"string",
            "description":"LookupID for the attribute"
        },
        "defaultValues":{
            "type":"array",
            "description":"Attribute Value",
            "items":{
                "type":"string"
            }
        },
        "permissionType":{
            "type":"string",
            "description":"Permission Type"
        },
        "discriminator":{
            "type":"string",
            "description":"this field signify attribute field is password"
        }
    },
    "description":"Orchestrated System Attributes"
}

Nested Schema : children

Type: array

nested attributes

Show Source

• Array of: object NestedAttributes
  Nested set of Orchestrated System attributes

{
    "type":"array",
    "description":"nested attributes",
    "items":{
        "$ref":"#/definitions/NestedAttributes"
    }
}

Nested Schema : defaultValues

Type: array

Attribute Value

Show Source

• Array of: string

{
    "type":"array",
    "description":"Attribute Value",
    "items":{
        "type":"string"
    }
}

Nested Schema : NestedAttributes

Type: object

Nested set of Orchestrated System attributes

Show Source

• items: array items
  Orchestrated System attributes

{
    "type":"object",
    "properties":{
        "items":{
            "type":"array",
            "description":"Orchestrated System attributes",
            "items":{
                "$ref":"#/definitions/OrchestratedSystemAttributeData"
            }
        }
    },
    "description":"Nested set of Orchestrated System attributes"
}

Nested Schema : items

Type: array

Orchestrated System attributes

Show Source

• Array of: object OrchestratedSystemAttributeData
  Orchestrated System Attributes

{
    "type":"array",
    "description":"Orchestrated System attributes",
    "items":{
        "$ref":"#/definitions/OrchestratedSystemAttributeData"
    }
}

Back to Top

Response

Supported Media Types

• application/json

200 Response

The newly created Access Request

Headers

• etag: string
  For optimistic concurrency control. See `if-match`.
• opc-request-id: string
  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Body ()

Root Schema : AccessRequest

Type: object

Description of AccessRequest.

Show Source

• accessBundles: array accessBundles
  list of Access bundle items.
• approvalRequests: array approvalRequests
  List of approval requests created as part of the access request
• attributes: object attributes
  Additional Properties Allowed: additionalProperties

  Attributes of the corresponding model. Example: `{"foo-namespace": {"bar-key": "value"}}`
• createdBy: string
  The user that created the request
• id(required): string
  The Unique Oracle ID (OCID) that is immutable on creation.
• identities: array identities
  list of identities
• justification: string
  Justification for creating or updating the access request
• permissionRoles: array permissionRoles
  list of Permission roles items.
• requestStatus: string
  Status of the access request
• timeCreated: string(date-time)
  The time the the AccessRequest was created. An RFC3339 formatted datetime string
• timeUpdated: string(date-time)
  The time the the AccessRequest was last updated. An RFC3339 formatted datetime string

{
    "type":"object",
    "required":[
        "id"
    ],
    "properties":{
        "id":{
            "type":"string",
            "description":"The Unique Oracle ID (OCID) that is immutable on creation."
        },
        "justification":{
            "type":"string",
            "description":"Justification for creating or updating the access request"
        },
        "requestStatus":{
            "type":"string",
            "description":"Status of the access request"
        },
        "timeCreated":{
            "type":"string",
            "format":"date-time",
            "description":"The time the the AccessRequest was created. An RFC3339 formatted datetime string"
        },
        "timeUpdated":{
            "type":"string",
            "format":"date-time",
            "description":"The time the the AccessRequest was last updated. An RFC3339 formatted datetime string"
        },
        "createdBy":{
            "type":"string",
            "description":"The user that created the request"
        },
        "permissionRoles":{
            "type":"array",
            "description":"list of Permission roles items.",
            "items":{
                "$ref":"#/definitions/Info"
            }
        },
        "accessBundles":{
            "type":"array",
            "description":"list of Access bundle items.",
            "items":{
                "$ref":"#/definitions/AccessBundleInfo"
            }
        },
        "identities":{
            "type":"array",
            "description":"list of identities",
            "items":{
                "$ref":"#/definitions/Info"
            }
        },
        "attributes":{
            "type":"object",
            "description":"Attributes of the corresponding model. \nExample: `{\"foo-namespace\": {\"bar-key\": \"value\"}}`\n",
            "additionalProperties":{
                "type":"object",
                "properties":{
                }
            }
        },
        "approvalRequests":{
            "type":"array",
            "description":"List of approval requests created as part of the access request",
            "items":{
                "$ref":"#/definitions/ApprovalRequest"
            }
        }
    },
    "description":"Description of AccessRequest."
}

Nested Schema : accessBundles

Type: array

list of Access bundle items.

Show Source

• Array of: object AccessBundleInfo
  Generic information object.

{
    "type":"array",
    "description":"list of Access bundle items.",
    "items":{
        "$ref":"#/definitions/AccessBundleInfo"
    }
}

Nested Schema : approvalRequests

Type: array

List of approval requests created as part of the access request

Show Source

• Array of: object ApprovalRequest
  Details of an Approval Request.

{
    "type":"array",
    "description":"List of approval requests created as part of the access request",
    "items":{
        "$ref":"#/definitions/ApprovalRequest"
    }
}

Nested Schema : attributes

Type: object

Additional Properties Allowed

Show Source

• object additionalProperties

{
    "type":"object",
    "description":"Attributes of the corresponding model. \nExample: `{\"foo-namespace\": {\"bar-key\": \"value\"}}`\n",
    "additionalProperties":{
        "type":"object",
        "properties":{
        }
    }
}

Attributes of the corresponding model. Example: `{"foo-namespace": {"bar-key": "value"}}`

Nested Schema : identities

Type: array

list of identities

Show Source

• Array of: object Info
  Generic information object.

{
    "type":"array",
    "description":"list of identities",
    "items":{
        "$ref":"#/definitions/Info"
    }
}

Nested Schema : permissionRoles

Type: array

list of Permission roles items.

Show Source

• Array of: object Info
  Generic information object.

{
    "type":"array",
    "description":"list of Permission roles items.",
    "items":{
        "$ref":"#/definitions/Info"
    }
}

Nested Schema : AccessBundleInfo

Type: object

Generic information object.

Show Source

• accountProfileId: string
  account profile id
• displayName: string
  display name of the entity
• id: string
  id of the entity.
• name: string
  name of the entity.

{
    "type":"object",
    "properties":{
        "id":{
            "type":"string",
            "description":"id of the entity."
        },
        "name":{
            "type":"string",
            "description":"name of the entity."
        },
        "displayName":{
            "type":"string",
            "description":"display name of the entity"
        },
        "accountProfileId":{
            "type":"string",
            "description":"account profile id"
        }
    },
    "description":"Generic information object."
}

Nested Schema : ApprovalRequest

Type: object

Details of an Approval Request.

Show Source

• accessStartTime: string(date-time)
  The temporal access start time
• assignmentDescription: string
  Description of the assignment that is being requested.
• assignmentName: string
  Name of the assignment that is being requested.
• assignmentType: string
  Allowed Values: [ "ACCESS_BUNDLE", "ROLE", "IDENTITY_GROUP", "ACTIVE_GROUP", "CONSUMER_GROUP", "AG_ORGANIZATION" ]

  Type of the assignment that is being requested.
• beneficiary: string
  Identifier of the beneficiary.
• beneficiaryEmail: string
  email of the beneficiary.
• failedDueToAccessGuardrailViolations: boolean
  Boolean flag set to true if request failed due to Access Guardrail violations.
• id(required): string
  process instance id.
• requestor: string
  Identifier of the requestor.
• requestType: string
  Allowed Values: [ "WORKFLOW", "NO_WORKFLOW" ]

  Type the request - workflow or no workflow.
• separationOfDutiesAnalysisRequests: object SeparationOfDutiesRequestCollection
  A collection of separation of duties request summaries.
• status: string
  Allowed Values: [ "PENDING_APPROVALS", "INFO_REQUESTED", "APPROVED", "REJECTED", "DELETED", "FAILED", "CANCELLED", "PENDING_SOD", "PROVISIONED", "PROVISIONING_IN_PROGRESS", "PROVISIONING_FAILED" ]

  The status of the approval process instance.
• timeUpdated: string(date-time)
  The last update date of the request.

{
    "type":"object",
    "required":[
        "id"
    ],
    "properties":{
        "id":{
            "type":"string",
            "description":"process instance id."
        },
        "requestor":{
            "type":"string",
            "description":"Identifier of the requestor."
        },
        "beneficiary":{
            "type":"string",
            "description":"Identifier of the beneficiary."
        },
        "beneficiaryEmail":{
            "type":"string",
            "description":"email of the beneficiary."
        },
        "status":{
            "type":"string",
            "description":"The status of the approval process instance.",
            "enum":[
                "PENDING_APPROVALS",
                "INFO_REQUESTED",
                "APPROVED",
                "REJECTED",
                "DELETED",
                "FAILED",
                "CANCELLED",
                "PENDING_SOD",
                "PROVISIONED",
                "PROVISIONING_IN_PROGRESS",
                "PROVISIONING_FAILED"
            ],
            "x-obmcs-top-level-enum":"#/definitions/RequestStatus"
        },
        "assignmentName":{
            "type":"string",
            "description":"Name of the assignment that is being requested."
        },
        "assignmentType":{
            "type":"string",
            "description":"Type of the assignment that is being requested.",
            "enum":[
                "ACCESS_BUNDLE",
                "ROLE",
                "IDENTITY_GROUP",
                "ACTIVE_GROUP",
                "CONSUMER_GROUP",
                "AG_ORGANIZATION"
            ],
            "x-obmcs-top-level-enum":"#/definitions/AssignmentType"
        },
        "assignmentDescription":{
            "type":"string",
            "description":"Description of the assignment that is being requested."
        },
        "requestType":{
            "type":"string",
            "description":"Type the request - workflow or no workflow.",
            "enum":[
                "WORKFLOW",
                "NO_WORKFLOW"
            ],
            "x-obmcs-top-level-enum":"#/definitions/RequestType"
        },
        "timeUpdated":{
            "type":"string",
            "format":"date-time",
            "description":"The last update date of the request."
        },
        "failedDueToAccessGuardrailViolations":{
            "type":"boolean",
            "description":"Boolean flag set to true if request failed due to Access Guardrail violations."
        },
        "accessStartTime":{
            "type":"string",
            "format":"date-time",
            "description":"The temporal access start time"
        },
        "separationOfDutiesAnalysisRequests":{
            "$ref":"#/definitions/SeparationOfDutiesRequestCollection"
        }
    },
    "description":"Details of an Approval Request."
}

Nested Schema : SeparationOfDutiesRequestCollection

Type: object

A collection of separation of duties request summaries.

Show Source

• items(required): array items
  List of separation of duties request summaries.

{
    "type":"object",
    "required":[
        "items"
    ],
    "properties":{
        "items":{
            "type":"array",
            "description":"List of separation of duties request summaries.",
            "items":{
                "$ref":"#/definitions/SeparationOfDutiesRequestSummary"
            }
        }
    },
    "description":"A collection of separation of duties request summaries."
}

Nested Schema : items

Type: array

List of separation of duties request summaries.

Show Source

• Array of: object SeparationOfDutiesRequestSummary
  A summary for a separation of duties request.

{
    "type":"array",
    "description":"List of separation of duties request summaries.",
    "items":{
        "$ref":"#/definitions/SeparationOfDutiesRequestSummary"
    }
}

Nested Schema : SeparationOfDutiesRequestSummary

Type: object

A summary for a separation of duties request.

Show Source

• requestId(required): string
  A string representing a separation of duties work request. Get updates on the status of a request by using the 'Check status of the separation of duties request(s)' endpoint.
• status(required): string
  The status of the separation of duties work request.

{
    "type":"object",
    "required":[
        "requestId",
        "status"
    ],
    "properties":{
        "requestId":{
            "type":"string",
            "description":"A string representing a separation of duties work request. Get updates on the status of a request by\nusing the 'Check status of the separation of duties request(s)' endpoint.\n"
        },
        "status":{
            "type":"string",
            "description":"The status of the separation of duties work request."
        }
    },
    "description":"A summary for a separation of duties request."
}

Nested Schema : additionalProperties

Type: object

Show Source

{
    "type":"object",
    "properties":{
    }
}

Nested Schema : Info

Type: object

Generic information object.

Show Source

• displayName: string
  Display Name of the entity.
• id: string
  id of the entity.
• name: string
  name of the entity.

{
    "type":"object",
    "properties":{
        "id":{
            "type":"string",
            "description":"id of the entity."
        },
        "name":{
            "type":"string",
            "description":"name of the entity."
        },
        "displayName":{
            "type":"string",
            "description":"Display Name of the entity."
        }
    },
    "description":"Generic information object."
}

400 Response

Bad Request

Headers

• opc-request-id: string
  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Body ()

Root Schema : Error

Type: object

Error Information.

Show Source

• code(required): string
  A short error code that defines the error, meant for programmatic parsing.
• message(required): string
  A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

401 Response

Unauthorized

Headers

• opc-request-id: string
  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Body ()

Root Schema : Error

Type: object

Error Information.

Show Source

• code(required): string
  A short error code that defines the error, meant for programmatic parsing.
• message(required): string
  A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

404 Response

Not Found

Headers

• opc-request-id: string
  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Body ()

Root Schema : Error

Type: object

Error Information.

Show Source

• code(required): string
  A short error code that defines the error, meant for programmatic parsing.
• message(required): string
  A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

409 Response

Conflict

Headers

• opc-request-id: string
  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Body ()

Root Schema : Error

Type: object

Error Information.

Show Source

• code(required): string
  A short error code that defines the error, meant for programmatic parsing.
• message(required): string
  A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

429 Response

Too Many Requests

Headers

• opc-request-id: string
  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Body ()

Root Schema : Error

Type: object

Error Information.

Show Source

• code(required): string
  A short error code that defines the error, meant for programmatic parsing.
• message(required): string
  A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

500 Response

Internal Server Error

Headers

• opc-request-id: string
  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Body ()

Root Schema : Error

Type: object

Error Information.

Show Source

• code(required): string
  A short error code that defines the error, meant for programmatic parsing.
• message(required): string
  A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

Default Response

Unknown Error

Headers

• opc-request-id: string
  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Body ()

Root Schema : Error

Type: object

Error Information.

Show Source

• code(required): string
  A short error code that defines the error, meant for programmatic parsing.
• message(required): string
  A human-readable error string.

{
    "required":[
        "code",
        "message"
    ],
    "properties":{
        "code":{
            "type":"string",
            "description":"A short error code that defines the error, meant for programmatic parsing."
        },
        "message":{
            "type":"string",
            "description":"A human-readable error string."
        }
    },
    "description":"Error Information."
}

Back to Top

Examples

The following example shows how to create a new access request. In a single access request, you can request multiple access bundles for multiple identities.

You must have Access Bundle ID, Identities ID, Account Profile ID and details, along with Account Attributes details. In this example, we will use the same question value for all identities.

Replace placeholder values with actual values before running the sample command.

cURL Request Example

curl -i -X POST \
   -H "Authorization:Bearer <your access token>" \
   -H "Content-Type:application/json" \
   -d \
'{
    "justification": "Sample Request Access",  
    "accessBundles": ["6adcbc8d-1816-44a7-af70-78c40bf850fb"],
    "identities": ["globalId.OCI.bd49ff2a-5c47-4242-8975-9ba235fbb0ec.9fxxxxxxx69c2af598b63d4"],
    "accountProfileDetails": [
        {
            "accountProfileId": "84321700-1a93-4cf2-9226-3f4xxxxx68",
            "identitySpecific": false,
            "accountAttributes": [
                {
                    "name": "defaultTablespaceQuotaInMB",
                    "values": [
                        "100"
                    ],
                    "children": [],
                    "isQuestion": true
                }
            ]
        }
    ]
}' \
 '${service-instance-url}/access-governance/access-controls/20250331/accessRequests'

Example Request Payload

{
 "justification": "Sample Request Access",
 "accessBundles": [
 "6adcbc8d-1816-44a7-af70-7xxxxxf850fb"
 ],
 "identities": [
 "globalId.OCI.bd49ff2a-5c47-4242-8975-9ba235fbb0ec.9f6exxxxx4960469c2af598b63d4"
 ],
 "accountProfileDetails": [
 {
 "accountProfileId": "8432xx700-1a93-4cf2-9226-3fxxxxxxxx768",
 "identitySpecific": false,
 "accountAttributes": [
 {
 "name": "defaultTablespaceQuotaInMB",
 "values": [
 "100"
 ],
 "children": [],
 "isQuestion": true
 }
 ]
 }
 ]
}

Example of the Response Code

You'll receive 200 OK response along with the following response body:

{
  "id": "0ff9207f-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "justification": "Sample justification",
  "requestStatus": "PENDING_APPROVALS",
  "timeCreated": "2025-04-11T08:10:51.357Z",
  "timeUpdated": "2025-04-11T08:10:51.357Z",
  "createdBy": "globalId.125123c3-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "permissionRoles": [],
  "accessBundles": [
    {
      "id": "6adcbc8d-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "name": "Example payload",
      "displayName": "Example payload",
      "accountProfileId": "84321700-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    }
  ],
  "identities": [
    {
      "id": "globalId.OCI.bd49ff2a-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "name": "Bill.Clark@example.com",
      "displayName": "Bill Clark",
      "owners": null
    }
  ],
  "attributes": {
    "orchestratedSystemAttributes": null
  },
  "approvalRequests": null
}
    

Example 2: Request Payload for Request Limited to Members of Organization

{
  "justification": "Database-Infra Access Request for Members Only",
  "accessBundles": [
    "08f5xxbe-5261-4146-af78-8fb7xx8568bb8"
  ],
  "identities": [
    "globalId.ICF.4564xx83-1e06-417a-888a-864exxb1f4db.e12axx250df05186a3d0dff3bf7cf770",
    "globalId.ICF.4564xx83-1e06-417a-888a-864exxb1f4db.7467xx8f03826ddc8a670280e0e7d6e8"
  ],
  "accountProfileDetails": [
    {
      "accountProfileId": "8432xx00-1a93-4cf2-9226-3f4cxxfd9768",
      "identitySpecific": false,
      "accountAttributes": [
        {
          "name": "defaultTablespaceQuotaInMB",
          "values": [
            "100"
          ],
          "children": [],
          "isQuestion": true
        },
        {
          "name": "defaultTablespace",
          "values": [
            "DBINFRA_CATALOG_INDEX_TAB"
          ],
          "isQuestion": false
        }
      ]
    }
  ],
  "accessLimitDataDetails": [
    {
      "accessBundleId": "08f5xxbe-5261-4146-af78-8fb7xx8568bb8",
      "isIdentitySpecific": false,
      "accessLimitDataInfo": {
        "accessLimitType": "NUMBER_OF_HOURS",
        "accessLimitData": {
          "daysConfig": null,
          "hoursConfig": {
            "expirationInHours": 24,
            "notificationInHours": 24,
            "extensionInHours": 8,
            "extensionApprovalWorkflowId": {
              "id": "Guid_03f0xxcc-129a-43dc-a8e9-76c8xxd07804",
              "name": "Custom_WF_Amel Maclead",
              "displayName": "Custom_WF_Amel Maclead"
            }
          },
          "dateTimeConfig": null
        }
      }
    }
  ]
}

Example 3: Request Payload for Separation of Duties Violations (SoD Violations)

{
  "justification": "SoD Conflict REST API",
  "requestStatus": "",
  "createdBy": "globalId.xxxxxx-ab68-4f09-ae89-7bcc0f9de5be.18.a84836862e0958ba29e9002afd63a7fb",
  "permissionRoles": [
  ],
  "accessBundles": [
    "5b56a9ed-050c-xxxx-8384-cf1214a8d5c0"
  ],
  "identities": [
    "globalId.ICF.xxxxxx-ff64-40fb-91d1-59193b9869e7.a9967ca5224b562256f4869d02c826f8"
  ],
  "orchestratedSystemAttributes": [
  ],
  "accountProfileDetails": [
  ],
  "attributes": {
    "additionalProp1": {
    },
    "additionalProp2": {
    },
    "additionalProp3": {
    }
  },
  "accessLimitDataDetails": [
    {
      "accessBundleId": "5b56a9ed-050c-xxxxx-8384-cf1214a8d5c0",
      "isIdentitySpecific": false,
      "identityAccessLimitDetails": [
        {
          "identityId": "globalId.ICF.xxxxx-5187-4301-a47b-83ffe7300adf.3af3598cdbb4782e6a19d496f2882b62",
          "accessLimitDataInfo": {
            "accessLimitType": "INDEFINITELY",
            "accessLimitData": {
              "daysConfig": null,
              "hoursConfig": null,
              "dateTimeConfig": null
            }
          }
        }
      ],
      "accessLimitDataInfo": {
        "accessLimitType": "INDEFINITELY",
        "accessLimitData": {
          "daysConfig": null,
          "hoursConfig": null,
          "dateTimeConfig": null
        }
      }
    },
    {
      "accessBundleId": "5b56a9ed-xxxx-4679-8384-cf1214a8d5c0",
      "isIdentitySpecific": false,
      "identityAccessLimitDetails": [
        {
          "identityId": "globalId.ICF.xxxxx-5187-4301-a47b-83ffe7300adf.3af3598cdbb4782e6a19d496f2882b62",
          "accessLimitDataInfo": {
            "accessLimitType": "INDEFINITELY",
            "accessLimitData": {
              "daysConfig": null,
              "hoursConfig": null,
              "dateTimeConfig": null
            }
          }
        }
      ],
      "accessLimitDataInfo": {
        "accessLimitType": "INDEFINITELY",
        "accessLimitData": {
          "daysConfig": null,
          "hoursConfig": null,
          "dateTimeConfig": null
        }
      }
    }
  ]
}

Response for SoD Violations Conflict

{
    "id": "ebf199cf-e773-4547-b1c7-xxxx7da",
    "justification": "Conflict REST API Test2",
    "requestStatus": "IN_PROGRESS",
    "timeCreated": "2026-03-12T05:55:36.336Z",
    "timeUpdated": "2026-03-12T05:55:36.336Z",
    "createdBy": "clientId.External App for Local Dev.88bxxxx",
    "permissionRoles": [
    ],
    "accessBundles": [
        {
            "id": "5b56a9ed-050c-xxxx",
            "name": "MS_Conflicting_Permissions",
            "displayName": "MS_Conflicting_Permissions",
            "accountProfileId": null
        }
    ],
    "identities": [
        {
            "id": "globalId.xxxx.e4ee3fcd-ff64-40fb-91d1-5xxxx.xxxx",
            "name": "FFMatching155602 User155602",
            "displayName": "FFMatching155602 User155602",
            "owners": null
        }
    ],
    "attributes": {
        "additionalProp1": {
        },
        "additionalProp3": {
        },
        "additionalProp2": {
        }
    },
    "approvalRequests": [
        {
            "id": "INPROGRESS_ba777536-1887-42e5-a9ca-xxxx",
            "requestor": "88b9690ece3xxxx53570480031e7d0",
            "beneficiary": "xxx155602 xxxx",
            "beneficiaryEmail": "xxx@oracle.com155602",
            "status": "PENDING_SOD",
            "assignmentName": "MS_Conflicting_Permissions",
            "assignmentType": "ACCESS_BUNDLE",
            "assignmentDescription": null,
            "requestType": "WORKFLOW",
            "timeUpdated": "2026-03-12T05:55:36.336Z",
            "failedDueToAccessGuardrailViolations": false,
            "accessStartTime": null,
            "separationOfDutiesAnalysisRequests": {
                "items": [
                    {
                        "requestId": "61120d25d4b34229xxxxx",
                        "status": "PENDING"
                    }
                ]
            }
        }
    ]
}

SoD Violation results are not available immediately. Run ${si}/access-governance/access-controls/${version}/accessRequests/{accessRequestId} to fetch the status.

In case the SoD status fails, check if a user account has an associated worker information. Verify this, from the Security Console → Users page, a linked account shows Associated Worker Information.

Back to Top