List an Identity's Roles
get
/access-governance/identities/20250331/identities/{identityId}/roles
Returns a list of Roles for the given Identity. Note keyword searches are limited to the name field and the first keyword query param.
Request
Path Parameters
-
identityId(required): string
Unique Identity id.
Query Parameters
-
keywordContains: array[string]
Collection Format:
multiMaximum Number of Items:5The list of keywords to filter on -
limit: integer
Minimum Value:
1Maximum Value:100The maximum number of items to return.Default Value:10 -
page: string
Minimum Length:
1A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. -
sortBy: string
The field to sort by. Only one sort order may be provided. Default order for timeCreated is descending. Default order for displayName is ascending.Default Value:
timeCreatedAllowed Values:[ "timeCreated", "displayName" ] -
sortOrder: string
The sort order to use, either 'ASC' or 'DESC'.Allowed Values:
[ "ASC", "DESC" ]
Header Parameters
-
opc-request-id: string
The client request ID for tracing. The only valid characters for request IDs are letters, numbers, underscore, and dash.
Response
Supported Media Types
- application/json
200 Response
A list of Role objects.
Headers
-
opc-next-page: string
For pagination of a list of items. When paging through a list, if this header appears in the response, then a partial list might have been returned. Include this value as the `page` parameter for the subsequent GET request to get the next batch of items.
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : AccessGovernanceTypeCollection
Type:
objectA list of Access Governance Entity items.
Show Source
-
items(required):
array items
List of Access Governance Entity items.
Nested Schema : items
Type:
arrayList of Access Governance Entity items.
Show Source
-
Array of:
object AccessGovernanceEntity
An Access Governance Entity
Nested Schema : AccessGovernanceEntity
Type:
objectAn Access Governance Entity
Show Source
-
entityType(required):
string
The Entity type in Access Governance
-
id(required):
string
The Id for Access Governance Entity
-
isRuleBased:
boolean
Is this identity ruled based
-
name(required):
string
The name for Access Governance Type
-
timeCreated(required):
string(date-time)
Time when entity was created by Access Governance
-
timeUpdated(required):
string(date-time)
Time when entity was last modified by Access Governance
-
type(required):
string
Allowed Values:
[ "IDENTITY", "IDENTITY_COLLECTION", "ORGANIZATION", "ROLE", "PERMISSION", "ACCESS_BUNDLE", "POLICY", "RESOURCE", "CLOUD_RESOURCE", "ACCOUNT", "OWNERSHIP", "APPROVAL_PROCESS", "TARGET", "ACCESS_GUARDRAIL" ]The Access Governance Entity Type -
value(required):
string
The json schema for Access Governance Type
-
violationDetails(required):
object ViolationDetails
The Violation details object
Nested Schema : ViolationDetails
Type:
objectThe Violation details object
Show Source
-
accessGuardrailViolationId(required):
string
The access guardrail violation id
-
violationType(required):
string
Allowed Values:
[ "NO_VIOLATION", "LOW_RISK_ACCESS_GUARDRAIL_VIOLATION", "HIGH_RISK_ACCESS_GUARDRAIL_VIOLATION", "VIOLATION_NOT_AVAILABLE" ]The Violation type in Access Governance
400 Response
Bad Request
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
401 Response
Unauthorized
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
404 Response
Not Found
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
429 Response
Too Many Requests
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
500 Response
Internal Server Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Default Response
Unknown Error
Headers
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Root Schema : Error
Type:
objectError Information.
Show Source
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing.
-
message(required):
string
A human-readable error string.
Examples
The following example shows how to retrieve roles assigned to an identity.
cURL Example - Without Query Parameters
curl -i -X GET \
-H "Authorization:Bearer <your access token >" \
'${service-instance-url}/access-governance/identities/${versionId}/identities/${identityId}/rolesExample of the Response Body
The following example shows the contents of the response body in JSON format, including details for an identity:
{
"items": [
{
"id": "032e5b98-f13e-4516-bf5b-350064bbxxx",
"type": "ROLE",
"name": "InsightTestRole",
"timeCreated": "2025-03-20T07:50:00.000Z",
"timeUpdated": "2025-03-20T07:50:00.000Z",
"entityType": "PM_ROLE",
"typeDetails": "{$si}/access-governance/identities/20250331/types/agcs.Role",
"attributes": [
{
"name": "provisionedByMechanism",
"value": "REQUEST"
},
{
"name": "status",
"value": "REVOKED"
},
{
"name": "accountId",
"value": "targetId.account.ICF.xxxxxxx-4b4c-8f48-629eb3daxxx9.c8b30e19f5ff86b4bb5d99a3e195ec32"
},
{
"name": "risk",
"value": ""
}
],
"value": "{\"appIdDisplayName\":\"\",\"approvalWorkflowId\":\"NO_APPROVAL_REQUIRED\",\"createdByRef\":{\"value\":\"globalId.xxxxx.\",\"displayName\":\"Jordan Rivers\",\"customAttributes\":{}},\"classifications\":\"\",\"customAttributes\":{},\"description\":\"desc InsightRole\",\"isCertifiable\":false,\"name\":\"InsightTestRole\",\"provisionedByMechanism\":\"REQUEST\",\"requestableBy\":\"ANY\",\"riskLevel\":\"0\",\"status\":\"REVOKED\",\"tags\":[],\"grantDate\":\"1742490881922\",\"grantUntil\":\"\",\"accountId\":\"targetId.account.ICF.629eb3daxxx9.xxxxxc32\",\"policyId\":\"71ce21e8-xxxxx-3162a8f1xxx8\",\"risk\":\"\",\"owner\":{\"value\":\"globalId.xxxx-ab68-xxxx-ae89-7bcc0f9dxxxbe.18.a84836862e0958ba29exxxx\",\"displayName\":\"Jordan Rivers\",\"customAttributes\":{}},\"id\":\"032e5b98-f13e-4516-bf5b-350064bbxxx\",\"meta\":{\"resourceType\":\"PM_ROLE\",\"created\":1742457000000,\"lastModified\":1742457000000}}"
}
]
}