List an Identity's Permissions
get
/access-governance/identities/20250331/identities/{identityId}/permissions
Returns a list of Permissions for the given Identity. Note keyword searches are limited to the name field and the first keyword query param.
Request
Path Parameters
-
identityId(required): string
Unique Identity id.
Query Parameters
-
keywordContains: array[string]
Collection Format:
multiMaximum Number of Items:5The list of keywords to filter on -
limit: integer
Minimum Value:
1Maximum Value:1000The maximum number of items to return.Default Value:10 -
page: string
Minimum Length:
1A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. -
sortBy: string
The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending.Default Value:
timeCreatedAllowed Values:[ "timeCreated", "displayName" ] -
sortOrder: string
The sort order to use, either 'ASC' or 'DESC'.Allowed Values:
[ "ASC", "DESC" ]
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Response
Supported Media Types
- application/json
200 Response
A list of Permission objects.
Headers
-
opc-next-page: string
For pagination of a list of items. When paging through a list, if this header appears in the response, then a partial list might have been returned. Include this value as the `page` parameter for the subsequent GET request to get the next batch of items.
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : AccessGovernanceTypeCollection
Type:
objectA list of Access Governance Entity items.
Show Source
-
items(required):
array items
List of Access Governance Entity items.
Nested Schema : items
Type:
arrayList of Access Governance Entity items.
Show Source
-
Array of:
object AccessGovernanceEntity
An Access Governance Entity
Nested Schema : AccessGovernanceEntity
Type:
objectAn Access Governance Entity
Show Source
-
entityType(required):
string
The Entity type in Access Governance
-
id(required):
string
The Id for Access Governance Entity
-
isRuleBased:
boolean
Is this identity ruled based
-
name(required):
string
The name for Access Governance Type
-
timeCreated(required):
string(date-time)
Time when entity was created by Access Governance
-
timeUpdated(required):
string(date-time)
Time when entity was last modified by Access Governance
-
type(required):
string
Allowed Values:
[ "IDENTITY", "IDENTITY_COLLECTION", "ORGANIZATION", "ROLE", "PERMISSION", "ACCESS_BUNDLE", "POLICY", "RESOURCE", "CLOUD_RESOURCE", "ACCOUNT", "OWNERSHIP", "APPROVAL_PROCESS", "TARGET", "ACCESS_GUARDRAIL" ]The Access Governance Entity Type -
value(required):
string
The json schema for Access Governance Type
-
violationDetails(required):
object ViolationDetails
The Violation details object
Nested Schema : ViolationDetails
Type:
objectThe Violation details object
Show Source
-
accessGuardrailViolationId(required):
string
The access guardrail violation id
-
violationType(required):
string
Allowed Values:
[ "NO_VIOLATION", "LOW_RISK_ACCESS_GUARDRAIL_VIOLATION", "HIGH_RISK_ACCESS_GUARDRAIL_VIOLATION", "VIOLATION_NOT_AVAILABLE" ]The Violation type in Access Governance
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to retrieve permissions assigned to an identity.
cURL Example - Without Query Parameters
curl -i -X GET \
-H "Authorization:Bearer <your access token >" \
'${service-instance-url}/access-governance/identities/${versionId}/identities/${identityId}/permissions'Example of the Response Body
The following example shows the contents of the response body in JSON format, including details for an identity:
{
"items": [
{
"id": "role.MockSource.xx.mockroleengineer",
"type": "PERMISSION",
"name": "TestRoleEngineer",
"timeCreated": "2024-05-01T08:00:00Z",
"timeUpdated": "2024-06-01T09:00:00Z",
"entityType": "ROLE",
"typeDetails": "https://mock-stage-idam/access-governance/identities/20250501/types/agcs.Permission?orchestratedSystemId=xx123-mock-xx78",
"attributes": [
{ "name": "provisionedByMechanism", "value": "Request" },
{ "name": "status", "value": "ACTIVE" },
{ "name": "orchestratedSystemType", "value": "OIG" },
{ "name": "permissionType", "value": "Role" },
{ "name": "accountId", "value": "mock-account-xx123" },
{ "name": "orchestratedSystemId", "value": "xx123-mock-xx78" },
{ "name": "resourceId", "value": "resource.MockSource.xx.mockresource" },
{ "name": "risk", "value": "0" },
{ "name": "identityId", "value": "targetId.identity.MockSource.xx.mockroleengineer" },
{ "name": "processInstanceId", "value": "proc-xx-mock-45" }
],
"value": "{\"name\":\"TestRoleEngineer\",\"targetType\":\"OIG\",\"resourceName\":\"MockSource\",\"status\":\"ACTIVE\",\"source\":\"TARGET\",\"provisionedByMechanism\":\"Request\",\"grantDate\":\"1714540800000\",\"grantUntil\":\"4102444799000\",\"accountName\":\"mockuser\",\"accountId\":\"mock-account-xx123\",\"permissionType\":\"Role\",\"targetId\":\"xx123-mock-xx78\",\"resourceId\":\"resource.MockSource.xx.mockresource\",\"policyName\":\"\",\"risk\":\"0\",\"identityId\":\"targetId.identity.MockSource.xx.mockroleengineer\",\"processInstanceId\":\"proc-xx-mock-45\",\"customAttributes\":{\"ocid\":\"ocid1.mock.oc1..xxmockdataxx\",\"cloudAccountName\":\"UnitTestCloud\",\"compartmentName\":\"TestCompartment\",\"compartmentOCID\":\"ocid1.compartment.oc1..xxmockcompartmentxx\",\"domainName\":\"TestDomain\",\"domainOCID\":\"ocid1.domain.oc1..xxmockdomainxx\"},\"owner\":{\"value\":\"testowner1\",\"displayName\":\"Test Owner\",\"customAttributes\":{}},\"id\":\"role.MockSource.xx.mockroleengineer\",\"meta\":{\"resourceType\":\"Role\"}}"
},
{
"id": "role.MockSource.xx.testbiadmin",
"type": "PERMISSION",
"name": "BIReportAdminTest",
"timeCreated": "2024-05-10T10:30:00Z",
"timeUpdated": "2024-05-20T12:15:00Z",
"entityType": "ROLE",
"typeDetails": "https://mock-stage-idam/access-governance/identities/20250501/types/agcs.Permission?orchestratedSystemId=xx123-mock-xx78",
"attributes": [
{ "name": "provisionedByMechanism", "value": "AutoProvision" },
{ "name": "status", "value": "ACTIVE" },
{ "name": "orchestratedSystemType", "value": "OIG" },
{ "name": "permissionType", "value": "Role" },
{ "name": "accountId", "value": "mock-account-xx456" },
{ "name": "orchestratedSystemId", "value": "xx123-mock-xx78" },
{ "name": "resourceId", "value": "resource.MockSource.xx.testbiadmin" },
{ "name": "risk", "value": "1" },
{ "name": "identityId", "value": "targetId.identity.MockSource.xx.testbiadmin" },
{ "name": "processInstanceId", "value": "" }
],
"value": "{\"name\":\"BIReportAdminTest\",\"targetType\":\"OIG\",\"resourceName\":\"MockSource\",\"status\":\"ACTIVE\",\"source\":\"TARGET\",\"provisionedByMechanism\":\"AutoProvision\",\"grantDate\":\"1715289000000\",\"grantUntil\":\"4102444799000\",\"accountName\":\"bi.test.user\",\"accountId\":\"mock-account-xx456\",\"permissionType\":\"Role\",\"targetId\":\"xx123-mock-xx78\",\"resourceId\":\"resource.MockSource.xx.testbiadmin\",\"policyName\":\"\",\"risk\":\"1\",\"identityId\":\"targetId.identity.MockSource.xx.testbiadmin\",\"processInstanceId\":\"\",\"customAttributes\":{\"ocid\":\"ocid1.mock.oc1..xxmockdataxx\",\"cloudAccountName\":\"TestCloud\",\"compartmentName\":\"ReportsCompartment\",\"compartmentOCID\":\"ocid1.compartment.oc1..xxmockcompxx\",\"domainName\":\"ReportsDomain\",\"domainOCID\":\"ocid1.domain.oc1..xxmockdomainxx\"},\"owner\":{\"value\":\"testowner2\",\"displayName\":\"Unit Test Owner\",\"customAttributes\":{}},\"id\":\"role.MockSource.xx.testbiadmin\",\"meta\":{\"resourceType\":\"Role\"}}"
},
{
"id": "groups.MockAD.xx.mockadgroup",
"type": "PERMISSION",
"name": "TestADGroup",
"timeCreated": "2024-06-10T13:45:00Z",
"timeUpdated": null,
"entityType": "PERMISSIONS",
"typeDetails": "https://mock-stage-idam/access-governance/identities/20250501/types/agcs.Permission?orchestratedSystemId=mockad-xx789",
"attributes": [
{ "name": "provisionedByMechanism", "value": "DirectAssignment" },
{ "name": "status", "value": "ACTIVE" },
{ "name": "orchestratedSystemType", "value": "ICF" },
{ "name": "permissionType", "value": "Group" },
{ "name": "accountId", "value": "test-account-xx789" },
{ "name": "orchestratedSystemId", "value": "mockad-xx789" },
{ "name": "resourceId", "value": "resource.MockAD.xx.mockadgroup" },
{ "name": "risk", "value": "1" },
{ "name": "identityId", "value": "" },
{ "name": "processInstanceId", "value": "proc-xx-678" }
],
"value": "{\"name\":\"TestADGroup\",\"targetType\":\"ICF\",\"resourceName\":\"MockADGroup\",\"status\":\"ACTIVE\",\"source\":\"TARGET\",\"provisionedByMechanism\":\"DirectAssignment\",\"grantDate\":\"1718001900000\",\"grantUntil\":\"4102444799000\",\"accountName\":\"ad.testuser\",\"accountId\":\"test-account-xx789\",\"permissionType\":\"Group\",\"targetId\":\"mockad-xx789\",\"resourceId\":\"resource.MockAD.xx.mockadgroup\",\"policyName\":\"\",\"risk\":\"1\",\"identityId\":\"\",\"processInstanceId\":\"proc-xx-678\",\"customAttributes\":{\"ocid\":\"ocid1.mock.oc1..xxmockdataxx\",\"cloudAccountName\":\"TestCloud\",\"compartmentName\":\"TestADCompartment\",\"compartmentOCID\":\"ocid1.compartment.oc1..xxadcompxx\",\"domainName\":\"TestDomain\",\"domainOCID\":\"ocid1.domain.oc1..xxmockdomainxx\"},\"owner\":{\"value\":\"testowner3\",\"displayName\":\"Test Owner 3\",\"customAttributes\":{}},\"id\":\"groups.MockAD.xx.mockadgroup\",\"meta\":{\"resourceType\":\"Permission\"}}"
},
{
"id": "privileges.ICF.xx.mockpriv1",
"type": "PERMISSION",
"name": "BackupTestTable",
"timeCreated": "2024-05-05T11:00:00Z",
"timeUpdated": null,
"entityType": "PERMISSIONS",
"typeDetails": "https://mock-stage-idam/access-governance/identities/20250501/types/agcs.Permission?orchestratedSystemId=perm-xx987",
"attributes": [
{ "name": "provisionedByMechanism", "value": "ManualGrant" },
{ "name": "status", "value": "ACTIVE" },
{ "name": "orchestratedSystemType", "value": "ICF" },
{ "name": "permissionType", "value": "Privilege" },
{ "name": "accountId", "value": "mock-privaccount-xx001" },
{ "name": "orchestratedSystemId", "value": "perm-xx987" },
{ "name": "resourceId", "value": "resource.ICF.xx.mockprivresource1" },
{ "name": "risk", "value": "0" },
{ "name": "identityId", "value": "" },
{ "name": "processInstanceId", "value": "" }
],
"value": "{\"name\":\"BackupTestTable\",\"targetType\":\"ICF\",\"resourceName\":\"MockDB1\",\"status\":\"ACTIVE\",\"source\":\"TARGET\",\"provisionedByMechanism\":\"ManualGrant\",\"grantDate\":\"1714902000000\",\"grantUntil\":\"\",\"accountName\":\"dbadmin1\",\"accountId\":\"mock-privaccount-xx001\",\"permissionType\":\"Privilege\",\"targetId\":\"perm-xx987\",\"resourceId\":\"resource.ICF.xx.mockprivresource1\",\"policyName\":\"\",\"risk\":\"0\",\"identityId\":\"\",\"processInstanceId\":\"\",\"customAttributes\":{\"ocid\":\"ocid1.mock.oc1..xxmockdataxx\",\"cloudAccountName\":\"UnitTestCloud\",\"compartmentName\":\"PrivilegeTestCompartment\",\"compartmentOCID\":\"ocid1.compartment.oc1..xxprivcompxx\",\"domainName\":\"DBTestDomain\",\"domainOCID\":\"ocid1.domain.oc1..xxmockdbdomainxx\"},\"owner\":{\"value\":\"testowner4\",\"displayName\":\"Test Owner 4\",\"customAttributes\":{}},\"id\":\"privileges.ICF.xx.mockpriv1\",\"meta\":{\"resourceType\":\"Permission\"}}"
},
{
"id": "roles.ICF.xx.mockauthuser",
"type": "PERMISSION",
"name": "AuthenticatedUserMock",
"timeCreated": "2024-06-10T12:00:00Z",
"timeUpdated": null,
"entityType": "PERMISSIONS",
"typeDetails": "https://mock-stage-idam/access-governance/identities/20250501/types/agcs.Permission?orchestratedSystemId=perm-xx654",
"attributes": [
{ "name": "provisionedByMechanism", "value": "DirectAssignment" },
{ "name": "status", "value": "ACTIVE" },
{ "name": "orchestratedSystemType", "value": "ICF" },
{ "name": "permissionType", "value": "Role" },
{ "name": "accountId", "value": "mock-authuser-account-xx258" },
{ "name": "orchestratedSystemId", "value": "perm-xx654" },
{ "name": "resourceId", "value": "resource.ICF.xx.mockresourceauth" },
{ "name": "risk", "value": "0" },
{ "name": "identityId", "value": "" },
{ "name": "processInstanceId", "value": "" }
],
"value": "{\"name\":\"AuthenticatedUserMock\",\"targetType\":\"ICF\",\"resourceName\":\"MockAuthDB\",\"status\":\"ACTIVE\",\"source\":\"TARGET\",\"provisionedByMechanism\":\"DirectAssignment\",\"grantDate\":\"1718011200000\",\"grantUntil\":\"\",\"accountName\":\"authuser.test\",\"accountId\":\"mock-authuser-account-xx258\",\"permissionType\":\"Role\",\"targetId\":\"perm-xx654\",\"resourceId\":\"resource.ICF.xx.mockresourceauth\",\"policyName\":\"\",\"risk\":\"0\",\"identityId\":\"\",\"processInstanceId\":\"\",\"customAttributes\":{\"ocid\":\"ocid1.mock.oc1..xxmockdataxx\",\"cloudAccountName\":\"TestCloud\",\"compartmentName\":\"MockAuthCompartment\",\"compartmentOCID\":\"ocid1.compartment.oc1..xxauthcompxx\",\"domainName\":\"MockAuthDomain\",\"domainOCID\":\"ocid1.domain.oc1..xxmockauthdomainxx\"},\"owner\":{\"value\":\"testowner5\",\"displayName\":\"Test Owner 5\",\"customAttributes\":{}},\"id\":\"roles.ICF.xx.mockauthuser\",\"meta\":{\"resourceType\":\"Permission\"}}"
}
]
}