Get Roles
post
/access-governance/access-reviews/20250331/campaigns/roles
Retrieves a list of roles for running access reviews.
Request
Query Parameters
-
limit: integer
Minimum Value:
1Maximum Value:1000The maximum number of items to return.Default Value:10 -
page: string
Minimum Length:
1A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. -
sortBy: string
The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending.Default Value:
timeCreatedAllowed Values:[ "timeCreated", "displayName" ] -
sortOrder: string
The sort order to use, either 'ASC' or 'DESC'.Allowed Values:
[ "ASC", "DESC" ]
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
The filters to apply.
Root Schema : FilteredDetails
Type:
objectThe filters to apply
Show Source
-
campaignType:
string
Allowed Values:
[ "ACCESS", "OWNERSHIP" ]Campaign type (ACCESS or OWNERSHIP). The default is ACCESS on backend. -
criteria:
array criteria
Maximum Number of Items:
20The list of criteria -
nameContains:
string
Maximum Length:
100The substring to match the name to -
scope(required):
string
Allowed Values:
[ "GOVERNANCE_SYSTEM", "CLOUD_PROVIDER", "AG" ]The scope of the campaign
Nested Schema : criteria
Type:
arrayMaximum Number of Items:
20The list of criteria
Show Source
-
Array of:
object Criteria
The criteria to use as a filter.
Nested Schema : Criteria
Type:
objectThe criteria to use as a filter.
Show Source
-
conditions:
array conditions
Maximum Number of Items:
100Filter condition (these conditions have an AND binding between them). -
subCriteria:
array subCriteria
The list of values of the criteria.
-
type(required):
string
Allowed Values:
[ "ORGANIZATION", "JOB_CODE", "IDENTITY_LOCATION", "RESOURCE", "RESOURCE_LOCATION", "ENTITLEMENT", "ROLE", "DOMAIN", "COMPARTMENT", "CLOUD_PROVIDER", "POLICY", "POLICY_CREATED", "CUSTOM_ATTRIBUTE", "CUSTOM_ATTRIBUTE_VALUE", "IDENTITY_COLLECTION", "IC_CREATED", "TARGET_IDENTITY", "TARGET", "GLOBAL_IDENTITY", "AM_WORKFLOW", "NOT_REVIEWED_SINCE", "ACCESS_GUARDRAIL", "GRANTED_PERMISSION_TYPE", "TEMPORAL_TYPE" ]The type of the criteria. -
value:
array value
Maximum Number of Items:
500The list of values of the criteria (these values have an OR binding between them).
Nested Schema : conditions
Type:
arrayMaximum Number of Items:
100Filter condition (these conditions have an AND binding between them).
Show Source
-
Array of:
object Condition
The information about Condition.
Nested Schema : subCriteria
Type:
arrayThe list of values of the criteria.
Show Source
-
Array of:
object Criteria
The criteria to use as a filter.
Nested Schema : value
Type:
arrayMaximum Number of Items:
500The list of values of the criteria (these values have an OR binding between them).
Show Source
Nested Schema : Condition
Type:
objectThe information about Condition.
Show Source
-
additionalAttributes:
object additionalAttributes
Additional Properties Allowed: additionalPropertiesAdditional attributes for additional information related to the condition.
-
basicCondition(required):
object BasicCondition
The information about Condition.
-
childConditions:
object BasicConditionCollection
Collection of conditions.
-
type(required):
string
Allowed Values:
[ "IDENTITY_ATTRIBUTE", "PERMISSION", "DOES_NOT_HAVE_PERMISSION" ]The type for AG Resource.
Nested Schema : additionalAttributes
Type:
objectAdditional Properties Allowed
Show Source
Additional attributes for additional information related to the condition.
Nested Schema : BasicCondition
Type:
objectThe information about Condition.
Show Source
-
dataType:
string
Allowed Values:
[ "STRING", "NUMBER", "BOOLEAN", "DATE" ]Data type for the condition Identifier -
displayName(required):
string
Minimum Length:
1Maximum Length:255Access Guardrails Identifier -
lhs(required):
string
Minimum Length:
1Maximum Length:512Left hand side of the condition. -
operator(required):
string
Allowed Values:
[ "EQ", "NE", "GT", "LT", "GTE", "LTE", "BEFORE", "AFTER", "TILL", "FROM", "BETWEEN", "NOT_BETWEEN", "IN", "NOT_IN", "CONTAINS", "NOT_CONTAINS", "BEGINS_WITH", "NOT_BEGINS_WITH", "ENDS_WITH", "NOT_ENDS_WITH", "IS_NULL", "IS_NOT_NULL", "EQUAL_WITH_NULL" ]The operator for a access guardrail. -
rhs(required):
array rhs
Right hand side of the condition.
-
rhsUiDetails:
array rhsUiDetails
Right hand side details of the condition.
Nested Schema : BasicConditionCollection
Type:
objectCollection of conditions.
Show Source
-
items(required):
array items
List of condition.
Nested Schema : rhsUiDetails
Type:
arrayRight hand side details of the condition.
Show Source
-
Array of:
object UiDetail
Ui detail for rendering values on UI
Nested Schema : UiDetail
Type:
objectUi detail for rendering values on UI
Show Source
-
name(required):
string
Name of value
-
value(required):
string
Value
Nested Schema : items
Type:
arrayList of condition.
Show Source
-
Array of:
object BasicCondition
The information about Condition.
Response
Supported Media Types
- application/json
200 Response
A page of role summary objects.
Headers
-
opc-next-page: string
For pagination of a list of items. When paging through a list, if this header appears in the response, then a partial list might have been returned. Include this value as the `page` parameter for the subsequent GET request to get the next batch of items.
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : RoleSummaryCollection
Type:
objectResults of a role summary search.
Show Source
-
items(required):
array items
List of role summaries.
Nested Schema : items
Type:
arrayList of role summaries.
Show Source
-
Array of:
object RoleSummary
Role object summary.
Nested Schema : RoleSummary
Type:
objectRole object summary.
Show Source
-
approvalWorkflowId:
string
ApprovalWorkflowId that is applicable to the Role
-
createdBy:
object IdInfo
Generic identifying information object.
-
customAttributes:
object customAttributes
Metadata associated with the access bundle
-
description:
string
Role description
-
id(required):
string
Unique identifier that is immutable on creation
-
isOwner:
boolean
Boolean value checking if logged-in user is owner of this resource or not.
-
name:
string
Role name
-
owners:
array owners
List of owner entities
-
primaryOwner:
object PrimaryOwner
Details of a primary Owner.
-
requestableBy:
string
Allowed Values:
[ "ANY", "NONE" ]The identity type that may request the Access Bundle. -
status:
string
Allowed Values:
[ "ACTIVE", "DRAFT", "INACTIVE", "PENDING", "FAILED", "IN_PROGRESS", "SAVED", "SUCCESS", "TIMEOUT" ]Status of the Role -
tags:
array tags
List of tags attached to the Role
-
timeCreated:
string(date-time)
Time when the Role was created. An RFC3339 formatted datetime string
-
timeUpdated:
string(date-time)
Time when the Role was last updated. An RFC3339 formatted datetime string
Nested Schema : IdInfo
Type:
objectGeneric identifying information object.
Show Source
-
displayName:
string
Display Name of the entity.
-
id:
string
Id of the entity.
-
name:
string
Name of the entity.
Nested Schema : customAttributes
Type:
objectMetadata associated with the access bundle
Show Source
Nested Schema : owners
Type:
arrayList of owner entities
Show Source
-
Array of:
object OwnerSummary
Owner entity object
Nested Schema : PrimaryOwner
Type:
objectDetails of a primary Owner.
Show Source
-
displayName:
string
Display name of the primary Owner.
-
value:
string
Id of the primary Owner.
Nested Schema : OwnerSummary
Type:
objectOwner entity object
Show Source
-
id(required):
string
Unique identifier that is immutable on creation
-
isPrimary(required):
boolean
Is this entity the primary owner?
-
name(required):
string
Name of the owner
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to retrieve a list of roles available in Oracle Access Governance for review.
cURL Request Example
curl -i -L -X POST \
-H "Authorization:Bearer <your long access token>" \
-H "Content-Type:application/json" \
-d \
'{
"criteria": [
{
"type": "CUSTOM_ATTRIBUTE",
"value": [
"organization.displayName"
],
"subCriteria": [
{
"type": "CUSTOM_ATTRIBUTE_VALUE",
"value": [
"AG_CS_ORG"
]
}
]
}
],
"scope": "AG",
"campaignType": "ACCESS"
}' \
'<${service-instance-url}/access-governance/access-reviews/${version}/campaigns/roles>'Sample Request Payload
Select
POST and add the following URL${service-instance-url}/access-governance/access-reviews/${version}/campaigns/resources{
"criteria": [
{
"type": "CUSTOM_ATTRIBUTE",
"value": [
"organization.displayName"
],
"subCriteria": [
{
"type": "CUSTOM_ATTRIBUTE_VALUE",
"value": [
"AG_CS_ORG"
]
}
]
}
],
"scope": "AG",
"campaignType": "ACCESS"
}Example of the Response Code
You'll receive 200 response with the following body:
{
"items": [
{
"id": "85c6dd8f-XXXX-4794-a55d-878a34ac00dc",
"name": "KY_Role_AWF",
"displayName": "Workflow Admin Role",
"description": "Grants administrative access to workflow configurations",
"applicationName": "AccessWorkflowApp"
},
{
"id": "9cf66b84-XXXX-42fe-a6d5-ee4f150e214f",
"name": "KY_Role_NWF",
"displayName": "Workflow Viewer Role",
"description": "Allows read-only access to workflow data",
"applicationName": "AccessWorkflowApp"
}
]
}