Skip to main content

Access Summaries​

This API returns a list of access summaries for the specified identity campaign certification and type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.

Path Parameters
  • id string required

    The identity campaign certification ID

    Example: ef38f94347e94562b5bb8424a56397d8
  • type string required

    Possible values: [ROLE, ACCESS_PROFILE, ENTITLEMENT]

    The type of access review item to retrieve summaries for

    Example: ACCESS_PROFILE
Query Parameters
  • limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
  • offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

  • count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
  • filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    completed: eq, ne

    access.id: eq, in

    access.name: eq, sw

    entitlement.sourceName: eq, sw

    accessProfile.sourceName: eq, sw

    Example: access.id eq "ef38f94347e94562b5bb8424a56397d8"
  • sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: access.name

    Example: access.name
Responses

List of access summaries

Schema array
  • access object
  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    The ID of the item being certified

  • name string

    The name of the item being certified

  • entitlement object
  • id string

    The id for the entitlement

  • name string

    The name of the entitlement

  • description string

    Information about the entitlement

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • owner object
  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • attributeName string

    The name of the attribute on the source

  • attributeValue string

    The value of the attribute on the source

  • sourceSchemaObjectType string

    The schema object type on the source used to represent the entitlement and its attributes

  • sourceName string

    The name of the source for which this entitlement belongs

  • sourceType string

    The type of the source for which the entitlement belongs

  • hasPermissions boolean

    Indicates if the entitlement has permissions

  • isPermission boolean

    Indicates if the entitlement is a representation of an account permission

  • revocable boolean

    Indicates whether the entitlement can be revoked

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • account object

    Information about the status of the entitlement

  • nativeIdentity string

    The native identity for this account

  • disabled boolean

    Indicates whether this account is currently disabled

  • locked boolean

    Indicates whether this account is currently locked

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    The id associated with the account

  • name string

    The account name

  • created date-time

    When the account was created

  • modified date-time

    When the account was last modified

  • accessProfile object
  • id string

    The id of the Access Profile

  • name string

    Name of the Access Profile

  • description string

    Information about the Access Profile

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • endDate date-time

    The date at which a user's access expires

  • owner object

    Owner of the Access Profile

  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • entitlements object[]

    A list of entitlements associated with this Access Profile

  • id string

    The id for the entitlement

  • name string

    The name of the entitlement

  • description string

    Information about the entitlement

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • owner object
  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • attributeName string

    The name of the attribute on the source

  • attributeValue string

    The value of the attribute on the source

  • sourceSchemaObjectType string

    The schema object type on the source used to represent the entitlement and its attributes

  • sourceName string

    The name of the source for which this entitlement belongs

  • sourceType string

    The type of the source for which the entitlement belongs

  • hasPermissions boolean

    Indicates if the entitlement has permissions

  • isPermission boolean

    Indicates if the entitlement is a representation of an account permission

  • revocable boolean

    Indicates whether the entitlement can be revoked

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • account object

    Information about the status of the entitlement

  • nativeIdentity string

    The native identity for this account

  • disabled boolean

    Indicates whether this account is currently disabled

  • locked boolean

    Indicates whether this account is currently locked

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    The id associated with the account

  • name string

    The account name

  • created date-time

    When the account was created

  • modified date-time

    When the account was last modified

  • created date-time

    Date the Access Profile was created.

  • modified date-time

    Date the Access Profile was last modified.

  • role object
  • id string

    The id for the Role

  • name string

    The name of the Role

  • description string

    Information about the Role

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • owner object
  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • revocable boolean

    Indicates whether the Role can be revoked or requested

  • endDate date-time

    The date when a user's access expires.

  • accessProfiles object[]

    The list of Access Profiles associated with this Role

  • id string

    The id of the Access Profile

  • name string

    Name of the Access Profile

  • description string

    Information about the Access Profile

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • endDate date-time

    The date at which a user's access expires

  • owner object

    Owner of the Access Profile

  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • entitlements object[]

    A list of entitlements associated with this Access Profile

  • id string

    The id for the entitlement

  • name string

    The name of the entitlement

  • description string

    Information about the entitlement

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • owner object
  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • attributeName string

    The name of the attribute on the source

  • attributeValue string

    The value of the attribute on the source

  • sourceSchemaObjectType string

    The schema object type on the source used to represent the entitlement and its attributes

  • sourceName string

    The name of the source for which this entitlement belongs

  • sourceType string

    The type of the source for which the entitlement belongs

  • hasPermissions boolean

    Indicates if the entitlement has permissions

  • isPermission boolean

    Indicates if the entitlement is a representation of an account permission

  • revocable boolean

    Indicates whether the entitlement can be revoked

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • account object

    Information about the status of the entitlement

  • nativeIdentity string

    The native identity for this account

  • disabled boolean

    Indicates whether this account is currently disabled

  • locked boolean

    Indicates whether this account is currently locked

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    The id associated with the account

  • name string

    The account name

  • created date-time

    When the account was created

  • modified date-time

    When the account was last modified

  • created date-time

    Date the Access Profile was created.

  • modified date-time

    Date the Access Profile was last modified.

Loading...