Access Request with Security Context
Configure Access Bundle and requesting access with Security Context in Oracle Access Governance.
Lookup Types to fetch Security Context With values
http://${si}/access-governance/service-administration/${version}/orchestratedSystems/{orchestratedSystemId}/lookupAttributes/?lookupType=securityContextsWithValuesResponse
{
"items": [
{
"label": "Business unit::APAC Service Hub",
"value": "Business unit::APAC Service Hub"
},
{
"label": "Business unit::Accounts Payable Unit",
"value": "Business unit::Accounts Payable Unit"
}
]
}
Create an Access Bundle with Security Context values
In this example, we will raise request to include Security Context Values for an Oracle Fusion Cloud Application orchestrated system.
Before creating an access bundle, use the
following endpoints to achieve this:
- List all Orchestrated Systems - [GET] {BasePath}/orchestratedSystem
- List all Permissions for an Orchestrated Systems - [GET] {BasePath}/orchestratedSystem/{id}/permissions
- Find Permission Attributes for an Orchestrated Systems - [POST] {BasePath}/orchestratedSystem/{id}/permissionAttributes
- List all Lookup values for a given Lookup Type - [GET] {BasePath}/orchestratedSystem/{id}/lookupAttributes?lookupType=<lookupType>
- List all Account Profiles for an Orchestrated Systems - [GET] {BasePath}/orchestratedSystem/{id}/accountProfiles
- List all Approval Workflows - [GET] {BasePath}/approvalWorkflows
Sample Request Payload
{
"name": "Security Context Access Bundle - RESTAPI",
"displayName": "Security Context Access Bundle - RESTAPI",
"description": "",
"tags": [
"sod"
],
"owners": [
{
"id": "globalId.xx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.xx.xx.xx",
"name": "Bob",
"isPrimary": true
}
],
"requestableBy": "ANY",
"approvalWorkflowId": "NO_APPROVAL_REQUIRED",
"orchestratedSystemId": "0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx",
"verb": "CREATE",
"externalId": null,
"domainName": null,
"resourceType": null,
"accountProfileId": null,
"accountProfileName": null,
"orchestratedSystemAttributes": {
"accountAttributes": [
{
"name": "password",
"title": "Password",
"values": [],
"type": "GuardedString",
"permissionType": null,
"children": [],
"discriminator": "AccountPassword",
"isQuestion": false
}
],
"permissionAttributes": [
{
"name": "roles.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.ff1d179c9a7f4cdb4d1c3c6912c77711",
"title": "MyRole2",
"values": [
"80B1993Axx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"type": "RepeatableFieldSet",
"permissionType": "roles",
"children": [
{
"items": [
"Business unit::Accounts Payable Unit"
]
}
],
"discriminator": null,
"isQuestion": false
},
{
"name": "roles.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.2e189afacb13455fc956c8225f5e6ca1",
"title": "Communications Customer Service Representative",
"values": [
"A7D67DA4xx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"type": "RepeatableFieldSet",
"permissionType": "roles",
"children": [
{
"items": [
"Business unit::Client Onboarding Team"
]
}
],
"discriminator": null,
"isQuestion": false
}
]
},
"customAttributes": {},
"accessGuardrail": "3f38853f-xx-xx-xx-xxxxxxxxxxxx",
"autoApproveIfNoViolation": false,
"accessTimeLimitType": "INDEFINITELY",
"accessTimeLimit": {
"daysLimit": null,
"hoursLimit": null
},
"organizations": []
}Sample Response
You should receive a 200 response code.
{
"id": "53a2xx-xx-xx-xxxx-xxxxxxxxxxxx",
"name": "Security context Access Bundle REST API",
"displayName": "Security context Access Bundle REST API",
"description": "",
"tags": [
"Security context"
],
"timeCreated": "2026-03-11T06:56:13.998Z",
"timeUpdated": "2026-03-11T06:56:13.998Z",
"createdBy": {
"id": "clientId.External App for Local Dev.xx",
"name": "clientId.External App for Local Dev.xx",
"displayName": "clientId.External App for Local Dev.xx"
},
"updatedBy": {
"id": "clientId.External App for Local Dev.xx",
"name": "clientId.External App for Local Dev.xx",
"displayName": "clientId.External App for Local Dev.xx"
},
"requestableBy": {
"id": "ANY",
"name": "Anyone",
"displayName": "Anyone"
},
"status": "ACTIVE",
"approvalWorkflowId": {
"id": "NO_APPROVAL_REQUIRED",
"name": "No Approval Required",
"displayName": "No Approval Required"
},
"orchestratedSystem": {
"id": "0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx",
"name": "ExampleApp",
"displayName": "ExampleApp"
},
"orchestratedSystemType": "ICF",
"ownershipCollectionId": "9d3dxxxx-xx-xx-xxxx-xxxxxxxxxxxx",
"owners": [
{
"id": "globalId.xx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.xx.xx.xx",
"name": "Bob",
"isPrimary": true
}
],
"externalId": "ocid1.xxx.xx.xx.xx.xx",
"cloudAccountName": null,
"domainName": null,
"resourceType": null,
"compartmentName": null,
"compartmentFqn": null,
"orchestratedSystemAttributes": {
"accountAttributes": [],
"permissionAttributes": [
{
"name": "roles.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.ff1d179c9a7f4cdb4d1c3c6912c77711",
"title": null,
"values": [
"80B1993Axx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"type": "RepeatableFieldSet",
"permissionType": null,
"children": [
{
"items": [
{
"name": "securityContextsWithValues",
"title": "Security context with value",
"values": [
"Business unit::Accounts Payable Unit"
],
"type": null,
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": false
}
]
}
],
"discriminator": null,
"isQuestion": false
},
{
"name": "roles.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.2e189afacb13455fc956c8225f5e6ca1",
"title": "Communications Customer Service Representative",
"values": [
"A7D67DA4xx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"type": "RepeatableFieldSet",
"permissionType": null,
"children": [
{
"items": [
{
"name": "securityContextsWithValues",
"title": "Security context with value",
"values": [
"Business unit::Client Onboarding Team"
],
"type": null,
"permissionType": null,
"children": [],
"discriminator": null,
"isQuestion": false
}
]
}
],
"discriminator": null,
"isQuestion": false
}
]
},
"accountProfileId": null,
"accountProfileName": null,
"customAttributes": {},
"accessGuardrail": {
"id": "3f38853f-xx-xx-xx-xxxxxxxxxxxx",
"name": "AGR_ExampleApp"
},
"permissions": [
{
"id": "roles.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.2e189afacb13455fc956c8225f5e6ca1",
"name": "Communications Customer Service Representative",
"description": "A resource that is typically assigned to a contact center to answer customer inquiries and resolve customer problems. Can respond to inquiries such as frequently asked questions, troubleshooting assistance, order status or order entry, or other transactions. This individual usually is assigned to serve a group of customers or support other customer‑facing resources to resolve issues. This role will perform Communications industry specific tasks that expand upon and cross over the specialized tasks assigned to existing jobs setup in the core Oracle Fusion Applications.",
"type": "ENTITLEMENTS",
"timeCreated": "2026-03-07T11:06:37.496Z",
"timeUpdated": null,
"resource": {
"id": "resource.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.dca879c2e65e5ec0d094b8f5f350d62d",
"name": "ExampleApp",
"displayName": "ExampleApp",
"type": "FA",
"customAttributes": null
},
"permissionType": {
"id": "etype.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.2ffd277796111fbed17984aaf5be853b",
"name": "icf.connector.entitlement.type.roles",
"displayName": "Role",
"externalId": "roles"
}
},
{
"id": "roles.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.ff1d179c9a7f4cdb4d1c3c6912c77711",
"name": "MyRole2",
"description": null,
"type": "ENTITLEMENTS",
"timeCreated": "2026-03-07T11:06:37.511Z",
"timeUpdated": null,
"resource": {
"id": "resource.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.dca879c2e65e5ec0d094b8f5f350d62d",
"name": "ExampleApp",
"displayName": "ExampleApp",
"type": "FA",
"customAttributes": null
},
"permissionType": {
"id": "etype.ICF.0ccc9e9b-xx-xx-xx-xxxxxxxxxxxx.2ffd277796111fbed17984aaf5be853b",
"name": "icf.connector.entitlement.type.roles",
"displayName": "Role",
"externalId": "roles"
}
}
],
"autoApproveIfNoViolation": false,
"accessTimeLimitType": "NUMBER_OF_HOURS",
"accessTimeLimit": {
"daysLimit": null,
"hoursLimit": {
"accessLimitInHours": 24,
"notificationInHours": 1,
"extensionInHours": 6,
"extensionApprovalWorkflowId": {
"id": "Guid_xx-xxxx-xxxx-xxxx-xxxxxxx",
"name": "Custom_WF_Bob",
"displayName": "Custom_WF_Bob"
}
}
},
"organizations": []
}Create an Access Request
Create a self-service access request for one or more identities granting security context values.
Sample POST Command using REST Client
Include the following
Headers:
| Authorization | Bearer <your access token> |
| Content-Type | application/json |
${si}/access-governance/access-controls/${version}/accessRequestsSample Request Payload
{
"justification": "Security context attributes",
"requestStatus": "",
"createdBy": "globalId.xxxxxx-ab68-4f09-ae89-xxx.18.a84836862e0958ba29e9002afd63a7fb",
"permissionRoles": [],
"accessBundles": [
"53a29301-7b28-48f8-812c-xxxxxx"
],
"identities": [
"globalId.8d51efbf-ab68-4f09-ae89-xxxxxx.18.xxxxx"
],
"orchestratedSystemAttributes": [],
"accountProfileDetails": [],
"attributes": {
"securityContext": {
"accessBundles": [
{
"id": "53a29301-7b28-48f8-812c-3d9ade25cc76",
"name": "Security context Access Bundle REST API",
"entitlements": [
{
"id": "roles.ICF.xxxxxx-035f-4d9d-823f-03e70ff7beac.ff1d179c9a7f4cdb4d1c3c6912c77711",
"securityContextValues": [
"Business unit::Client Onboarding Team",
"Business unit::Accounts Payable Unit"
]
}
]
}
]
},
"additionalProp1": {},
"additionalProp2": {},
"additionalProp3": {}
},
"accessLimitDataDetails": [
{
"accessBundleId": "53a29301-xxxx-48f8-812c-3d9ade25cc76",
"isIdentitySpecific": false,
"identityAccessLimitDetails": [],
"accessLimitDataInfo": {
"accessLimitType": "NUMBER_OF_HOURS",
"accessLimitData": {
"daysConfig": null,
"hoursConfig": {
"expirationInHours": 24,
"notificationInHours": 1,
"extensionInHours": 6,
"extensionApprovalWorkflowId": {
"id": "Guid_03f0eacc-xxx-43dc-a8e9-76c884d07804",
"name": "Custom_WF_Amel Maclead",
"displayName": "Custom_WF_Amel Maclead"
}
},
"dateTimeConfig": null
}
}
}
]
}Sample Response Body
You should receive a 200 response code, with a following response body:
{
"id": "123xxx89",
"justification": "Security context attributes",
"requestStatus": "IN_PROGRESS",
"timeCreated": "2026-03-11T11:32:50.694Z",
"timeUpdated": "2026-03-11T11:32:50.694Z",
"createdBy": "globalId.xxxxxx-ab68-4f09-ae89-xxx.18.a84836862e0958ba29e9002afd63a7fb",
"permissionRoles": [],
"accessBundles": [
{
"id": "53a29301-7b28-48f8-812c-xxxxxx",
"name": "Security context Access Bundle REST API",
"displayName": "Security context Access Bundle REST API",
"accountProfileId": null
}
],
"identities": [
{
"id": "globalId.8d51efbf-ab68-4f09-ae89-xxxxxx.18.xxxxx",
"name": "Ama Maclead",
"displayName": "Ama Maclead",
"owners": null
}
],
"attributes": {
"additionalProp1": {},
"additionalProp3": {},
"securityContext": {
"accessBundles": [
{
"id": "53a29301-7b28-48f8-812c-xxxxxx",
"name": "Security context Access Bundle REST API",
"entitlements": [
{
"id": "roles.ICF.xxxxxx-035f-4d9d-823f-03e70ff7beac.ff1d179c9a7f4cdb4d1c3c6912c77711",
"securityContextValues": [
"Business unit::Client Onboarding Team",
"Business unit::Accounts Payable Unit"
]
}
]
}
]
},
"additionalProp2": {}
},
"approvalRequests": [
{
"id": "INPROGRESS_a280a6b9-73eb-4e31-a959-40886c488d6c",
"requestor": "88b9690ece344653953570480031e7d0",
"beneficiary": "Amel Maclead",
"beneficiaryEmail": "amaclead@testociemail-blackhole.com",
"status": "PENDING_APPROVALS",
"assignmentName": "Security context Access Bundle REST API",
"assignmentType": "ACCESS_BUNDLE",
"assignmentDescription": null,
"requestType": "NO_WORKFLOW",
"timeUpdated": "2026-03-11T11:32:50.694Z",
"failedDueToAccessGuardrailViolations": false,
"accessStartTime": null,
"separationOfDutiesAnalysisRequests": null
}
],
"accessLimitDataDetails": [
{
"accessBundleId": "53a29301-xxxx-48f8-812c-3d9ade25cc76",
"isIdentitySpecific": false,
"identityAccessLimitDetails": [],
"accessLimitDataInfo": {
"accessLimitType": "NUMBER_OF_HOURS",
"accessLimitData": {
"daysConfig": null,
"hoursConfig": {
"expirationInHours": 24,
"notificationInHours": 1,
"extensionInHours": 6,
"extensionApprovalWorkflowId": {
"id": "Guid_03f0eacc-xxx-43dc-a8e9-76c884d07804",
"name": "Custom_WF_Amel Maclead",
"displayName": "Custom_WF_Amel Maclead"
}
},
"dateTimeConfig": null
}
}
}
]
}Get Details of an Access Request
You can verify or check the status of the access request that you just created by running the following endpoint:GET ${si}/access-governance/access-controls/${versionId}/accessRequests/${accessRequestId}