Skip to main content

List of Access Review Items​

This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.

Path Parameters
  • id string required

    The identity campaign certification ID

    Example: ef38f94347e94562b5bb8424a56397d8
Query Parameters
  • limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
  • offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

  • count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
  • filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in

    type / access.type: eq

    completed: eq, ne

    identitySummary.id: eq, in

    identitySummary.name: eq, sw

    access.id: eq, in

    access.name: eq, sw

    entitlement.sourceName: eq, sw

    accessProfile.sourceName: eq, sw

    Example: id eq "ef38f94347e94562b5bb8424a56397d8"
  • sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName

    Example: access.name,-accessProfile.sourceName
  • entitlements string

    Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.

    An error will occur if this param is used with access-profiles or roles as only one of these query params can be used at a time.

    Example: identityEntitlement
  • access-profiles string

    Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.

    An error will occur if this param is used with entitlements or roles as only one of these query params can be used at a time.

    Example: accessProfile1
  • roles string

    Filter results to view access review items that pertain to any of the specified comma-separated role IDs.

    An error will occur if this param is used with entitlements or access-profiles as only one of these query params can be used at a time.

    Example: userRole
Responses

A list of access review items

Schema array
  • accessSummary object

    An object holding the access that is being reviewed

  • access object
  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    The ID of the item being certified

  • name string

    The name of the item being certified

  • entitlement object
  • id string

    The id for the entitlement

  • name string

    The name of the entitlement

  • description string

    Information about the entitlement

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • owner object
  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • attributeName string

    The name of the attribute on the source

  • attributeValue string

    The value of the attribute on the source

  • sourceSchemaObjectType string

    The schema object type on the source used to represent the entitlement and its attributes

  • sourceName string

    The name of the source for which this entitlement belongs

  • sourceType string

    The type of the source for which the entitlement belongs

  • hasPermissions boolean

    Indicates if the entitlement has permissions

  • isPermission boolean

    Indicates if the entitlement is a representation of an account permission

  • revocable boolean

    Indicates whether the entitlement can be revoked

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • account object

    Information about the status of the entitlement

  • nativeIdentity string

    The native identity for this account

  • disabled boolean

    Indicates whether this account is currently disabled

  • locked boolean

    Indicates whether this account is currently locked

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    The id associated with the account

  • name string

    The account name

  • created date-time

    When the account was created

  • modified date-time

    When the account was last modified

  • accessProfile object
  • id string

    The id of the Access Profile

  • name string

    Name of the Access Profile

  • description string

    Information about the Access Profile

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • endDate date-time

    The date at which a user's access expires

  • owner object

    Owner of the Access Profile

  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • entitlements object[]

    A list of entitlements associated with this Access Profile

  • id string

    The id for the entitlement

  • name string

    The name of the entitlement

  • description string

    Information about the entitlement

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • owner object
  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • attributeName string

    The name of the attribute on the source

  • attributeValue string

    The value of the attribute on the source

  • sourceSchemaObjectType string

    The schema object type on the source used to represent the entitlement and its attributes

  • sourceName string

    The name of the source for which this entitlement belongs

  • sourceType string

    The type of the source for which the entitlement belongs

  • hasPermissions boolean

    Indicates if the entitlement has permissions

  • isPermission boolean

    Indicates if the entitlement is a representation of an account permission

  • revocable boolean

    Indicates whether the entitlement can be revoked

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • account object

    Information about the status of the entitlement

  • nativeIdentity string

    The native identity for this account

  • disabled boolean

    Indicates whether this account is currently disabled

  • locked boolean

    Indicates whether this account is currently locked

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    The id associated with the account

  • name string

    The account name

  • created date-time

    When the account was created

  • modified date-time

    When the account was last modified

  • created date-time

    Date the Access Profile was created.

  • modified date-time

    Date the Access Profile was last modified.

  • role object
  • id string

    The id for the Role

  • name string

    The name of the Role

  • description string

    Information about the Role

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • owner object
  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • revocable boolean

    Indicates whether the Role can be revoked or requested

  • endDate date-time

    The date when a user's access expires.

  • accessProfiles object[]

    The list of Access Profiles associated with this Role

  • id string

    The id of the Access Profile

  • name string

    Name of the Access Profile

  • description string

    Information about the Access Profile

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • endDate date-time

    The date at which a user's access expires

  • owner object

    Owner of the Access Profile

  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • entitlements object[]

    A list of entitlements associated with this Access Profile

  • id string

    The id for the entitlement

  • name string

    The name of the entitlement

  • description string

    Information about the entitlement

  • privileged boolean

    Indicates if the entitlement is a privileged entitlement

  • owner object
  • type string

    The type can only be IDENTITY. This is read-only

  • id string

    Identity id.

  • name string

    Human-readable display name of identity. This is read-only

  • email string

    Email address of identity. This is read-only

  • attributeName string

    The name of the attribute on the source

  • attributeValue string

    The value of the attribute on the source

  • sourceSchemaObjectType string

    The schema object type on the source used to represent the entitlement and its attributes

  • sourceName string

    The name of the source for which this entitlement belongs

  • sourceType string

    The type of the source for which the entitlement belongs

  • hasPermissions boolean

    Indicates if the entitlement has permissions

  • isPermission boolean

    Indicates if the entitlement is a representation of an account permission

  • revocable boolean

    Indicates whether the entitlement can be revoked

  • cloudGoverned boolean

    True if the entitlement is cloud governed

  • account object

    Information about the status of the entitlement

  • nativeIdentity string

    The native identity for this account

  • disabled boolean

    Indicates whether this account is currently disabled

  • locked boolean

    Indicates whether this account is currently locked

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    The id associated with the account

  • name string

    The account name

  • created date-time

    When the account was created

  • modified date-time

    When the account was last modified

  • created date-time

    Date the Access Profile was created.

  • modified date-time

    Date the Access Profile was last modified.

  • identitySummary object
  • id string

    The ID of the identity summary

  • name string

    Name of the linked identity

  • identityId string

    The ID of the identity being certified

  • completed boolean

    Indicates whether the review items for the linked identity's certification have been completed

  • id string

    The review item's id

  • completed boolean

    Whether the review item is complete

  • newAccess boolean

    Indicates whether the review item is for new access to a source

  • decision string

    Possible values: [APPROVE, REVOKE]

    The decision to approve or revoke the review item

  • comments string

    Comments for this review item

Loading...