Get Permissions
post
/access-governance/access-reviews/20250331/campaigns/permissions
Retrieves a list of permissions for running access reviews.
Request
Query Parameters
-
limit: integer
Minimum Value:
1Maximum Value:1000The maximum number of items to return.Default Value:10 -
page: string
Minimum Length:
1A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. -
sortBy: string
The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending.Default Value:
timeCreatedAllowed Values:[ "timeCreated", "displayName" ] -
sortOrder: string
The sort order to use, either 'ASC' or 'DESC'.Allowed Values:
[ "ASC", "DESC" ]
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
The filters to apply.
Root Schema : KeywordFilteredDetails
Type:
objectThe filters to apply along with the keyword contains filters.
Show Source
-
campaignType:
string
Allowed Values:
[ "ACCESS", "OWNERSHIP" ]Campaign type (ACCESS or OWNERSHIP). The default is ACCESS on backend. -
criteria:
array criteria
Maximum Number of Items:
20The list of criteria. -
keywordContains:
string
Maximum Length:
100The substring to match the name or description to. -
scope(required):
string
Allowed Values:
[ "GOVERNANCE_SYSTEM", "CLOUD_PROVIDER", "AG" ]The scope of the campaign.
Nested Schema : criteria
Type:
arrayMaximum Number of Items:
20The list of criteria.
Show Source
-
Array of:
object Criteria
The criteria to use as a filter.
Nested Schema : Criteria
Type:
objectThe criteria to use as a filter.
Show Source
-
conditions:
array conditions
Maximum Number of Items:
100Filter condition (these conditions have an AND binding between them). -
subCriteria:
array subCriteria
The list of values of the criteria.
-
type(required):
string
Allowed Values:
[ "ORGANIZATION", "JOB_CODE", "IDENTITY_LOCATION", "RESOURCE", "RESOURCE_LOCATION", "ENTITLEMENT", "ROLE", "DOMAIN", "COMPARTMENT", "CLOUD_PROVIDER", "POLICY", "POLICY_CREATED", "CUSTOM_ATTRIBUTE", "CUSTOM_ATTRIBUTE_VALUE", "IDENTITY_COLLECTION", "IC_CREATED", "TARGET_IDENTITY", "TARGET", "GLOBAL_IDENTITY", "AM_WORKFLOW", "NOT_REVIEWED_SINCE", "ACCESS_GUARDRAIL", "GRANTED_PERMISSION_TYPE", "TEMPORAL_TYPE" ]The type of the criteria. -
value:
array value
Maximum Number of Items:
500The list of values of the criteria (these values have an OR binding between them).
Nested Schema : conditions
Type:
arrayMaximum Number of Items:
100Filter condition (these conditions have an AND binding between them).
Show Source
-
Array of:
object Condition
The information about Condition.
Nested Schema : subCriteria
Type:
arrayThe list of values of the criteria.
Show Source
-
Array of:
object Criteria
The criteria to use as a filter.
Nested Schema : value
Type:
arrayMaximum Number of Items:
500The list of values of the criteria (these values have an OR binding between them).
Show Source
Nested Schema : Condition
Type:
objectThe information about Condition.
Show Source
-
additionalAttributes:
object additionalAttributes
Additional Properties Allowed: additionalPropertiesAdditional attributes for additional information related to the condition.
-
basicCondition(required):
object BasicCondition
The information about Condition.
-
childConditions:
object BasicConditionCollection
Collection of conditions.
-
type(required):
string
Allowed Values:
[ "IDENTITY_ATTRIBUTE", "PERMISSION", "DOES_NOT_HAVE_PERMISSION" ]The type for AG Resource.
Nested Schema : additionalAttributes
Type:
objectAdditional Properties Allowed
Show Source
Additional attributes for additional information related to the condition.
Nested Schema : BasicCondition
Type:
objectThe information about Condition.
Show Source
-
dataType:
string
Allowed Values:
[ "STRING", "NUMBER", "BOOLEAN", "DATE" ]Data type for the condition Identifier -
displayName(required):
string
Minimum Length:
1Maximum Length:255Access Guardrails Identifier -
lhs(required):
string
Minimum Length:
1Maximum Length:512Left hand side of the condition. -
operator(required):
string
Allowed Values:
[ "EQ", "NE", "GT", "LT", "GTE", "LTE", "BEFORE", "AFTER", "TILL", "FROM", "BETWEEN", "NOT_BETWEEN", "IN", "NOT_IN", "CONTAINS", "NOT_CONTAINS", "BEGINS_WITH", "NOT_BEGINS_WITH", "ENDS_WITH", "NOT_ENDS_WITH", "IS_NULL", "IS_NOT_NULL", "EQUAL_WITH_NULL" ]The operator for a access guardrail. -
rhs(required):
array rhs
Right hand side of the condition.
-
rhsUiDetails:
array rhsUiDetails
Right hand side details of the condition.
Nested Schema : BasicConditionCollection
Type:
objectCollection of conditions.
Show Source
-
items(required):
array items
List of condition.
Nested Schema : rhsUiDetails
Type:
arrayRight hand side details of the condition.
Show Source
-
Array of:
object UiDetail
Ui detail for rendering values on UI
Nested Schema : UiDetail
Type:
objectUi detail for rendering values on UI
Show Source
-
name(required):
string
Name of value
-
value(required):
string
Value
Nested Schema : items
Type:
arrayList of condition.
Show Source
-
Array of:
object BasicCondition
The information about Condition.
Response
Supported Media Types
- application/json
200 Response
A page of permission objects.
Headers
-
opc-next-page: string
For pagination of a list of items. When paging through a list, if this header appears in the response, then a partial list might have been returned. Include this value as the `page` parameter for the subsequent GET request to get the next batch of items.
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : EntitlementSummaryCollection
Type:
objectResults of a permission search.
Show Source
-
items(required):
array items
List of permission summaries.
Nested Schema : items
Type:
arrayList of permission summaries.
Show Source
-
Array of:
object EntitlementSummary
The summary of a permission.
Nested Schema : EntitlementSummary
Type:
objectThe summary of a permission.
Show Source
-
accessLimitType:
string
Allowed Values:
[ "INDEFINITELY", "NUMBER_OF_DAYS", "NUMBER_OF_HOURS", "DATE_TIME_RANGE" ]The type of access limit for entity - NUMBER_OF_DAYS or NUMBER_OF_HOURS. -
cloudAccount:
string
The cloud account of the permission.
-
displayName:
string
The display name of the permission.
-
domainName:
string
The domain name of the permission.
-
expirationTime:
integer
The number of days or hours access bundle is time limited to.
-
id(required):
string
The ID of the permission.
-
isBundle:
boolean
If the entity is an bundle.
-
name(required):
string
The name of the permission.
-
permissionType:
string
The type of the permission.
-
resourceDisplayName:
string
The display name of the associated resource.
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to retrieve a list of Permissions (Groups, Roles, and Privileges) available in Oracle Access Governance.
cURL Request Example
curl -i -L -X POST \
-H "Authorization:Bearer <your long access token>" \
-H "Content-Type:application/json" \
-d \
'{
"criteria": [
{
"type": "CUSTOM_ATTRIBUTE",
"value": [
"organization.displayName"
],
"subCriteria": [
{
"type": "CUSTOM_ATTRIBUTE_VALUE",
"value": [
"Security"
]
}
]
}
],
"scope": "AG",
"campaignType": "ACCESS"
}' \
'<${service-instance-url}/access-governance/access-reviews/${version}/campaigns/permissions>'Sample Request Payload
Select
POST and add the following URL${service-instance-url}/access-governance/access-reviews/${version}/campaigns/permissions{
"criteria": [
{
"type": "CUSTOM_ATTRIBUTE",
"value": [
"organization.displayName"
],
"subCriteria": [
{
"type": "CUSTOM_ATTRIBUTE_VALUE",
"value": [
"Security"
]
}
]
}
],
"scope": "AG",
"campaignType": "ACCESS"
}Example of the Response Code
You'll receive 200 response with the following body:
{
"items": [
{
"id": "groups.ICF.xxTEAMID1.xxxxxxxxGROUPID001",
"name": "Finance Security Group",
"displayName": null,
"resourceDisplayName": "AD_SECURITY_DEPT",
"permissionType": "Group",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "groups.ICF.xxTEAMID1.xxxxxxxxGROUPID002",
"name": "HR Security Group",
"displayName": null,
"resourceDisplayName": "AD_SECURITY_DEPT",
"permissionType": "Group",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "groups.ICF.xxTEAMID1.xxxxxxxxGROUPID003",
"name": "IT Security Group",
"displayName": null,
"resourceDisplayName": "AD_SECURITY_DEPT",
"permissionType": "Group",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "groups.ICF.xxTEAMID2.xxxxxxxxGROUPID004",
"name": "Security-AdminRole1",
"displayName": null,
"resourceDisplayName": "OUD_SEC_ADMIN",
"permissionType": "Group Name",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "groups.ICF.xxTEAMID2.xxxxxxxxGROUPID005",
"name": "Security-AdminRole2",
"displayName": null,
"resourceDisplayName": "OUD_SEC_ADMIN",
"permissionType": "Group Name",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "privileges.ICF.xxPRIVID1.xxxxxxxxPRIVID001",
"name": "ALTER USER",
"displayName": null,
"resourceDisplayName": "CORP_DBUM_MAIN",
"permissionType": "Privilege",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "privileges.ICF.xxPRIVID2.xxxxxxxxPRIVID002",
"name": "ALTER USER",
"displayName": null,
"resourceDisplayName": "ENTERPRISE_DBUM",
"permissionType": "Privilege",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "roles.ICF.xxROLEID1.xxxxxxxxROLEID001",
"name": "SEC_DATA_ROLE",
"displayName": null,
"resourceDisplayName": "CORP_DBUM_MAIN",
"permissionType": "Role",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "roles.ICF.xxROLEID2.xxxxxxxxROLEID002",
"name": "SEC_DATA_ROLE",
"displayName": null,
"resourceDisplayName": "ENTERPRISE_DBUM",
"permissionType": "Role",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
},
{
"id": "privileges.ICF.xxPRIVID1.xxxxxxxxPRIVID003",
"name": "CREATE SESSION",
"displayName": null,
"resourceDisplayName": "CORP_DBUM_MAIN",
"permissionType": "Privilege",
"cloudAccount": null,
"domainName": null,
"isBundle": false,
"expirationTime": 0,
"accessLimitType": null
}
]
}