SODPoliciesAPI
Use this API to implement and manage "separation of duties" (SOD) policies. With SOD policy functionality in place, administrators can organize the access in their tenants to prevent individuals from gaining conflicting or excessive access.
"Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data.
For example, people who record monetary transactions shouldn't be able to issue payment for those transactions.
Any changes to major system configurations should be approved by someone other than the person requesting the change.
Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants. These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access.
To create SOD policies in Identity Security Cloud, administrators use 'Search' and then access 'Policies'. To create a policy, they must configure two lists of access items. Each access item can only be added to one of the two lists. They can search for the entitlements they want to add to these access lists.
>Note: You can have a maximum of 500 policies of any type (including general policies) in your organization. In each access-based SOD policy, you can have a maximum of 50 entitlements in each access list.
Once a SOD policy is in place, if an identity has access items on both lists, a SOD violation will trigger. These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy. The other users can then better help to enforce these SOD policies.
To create a subscription to a SOD policy in Identity Security Cloud, administrators use 'Search' and then access 'Layers'. They can create a subscription to the policy and schedule it to run at a regular interval.
Refer to Managing Policies for more information about SOD policies.
Refer to Subscribe to a SOD Policy for more information about SOD policy subscriptions.
All URIs are relative to https://sailpoint.api.identitynow.com/beta
| Method | HTTP request | Description |
|---|---|---|
| create-sod-policy | Post /sod-policies | Create sod policy |
| delete-sod-policy | Delete /sod-policies/{id} | Delete sod policy by id |
| delete-sod-policy-schedule | Delete /sod-policies/{id}/schedule | Delete sod policy schedule |
| get-custom-violation-report | Get /sod-violation-report/{reportResultId}/download/{fileName} | Download custom violation report |
| get-default-violation-report | Get /sod-violation-report/{reportResultId}/download | Download violation report |
| get-sod-all-report-run-status | Get /sod-violation-report | Get multi-report run task status |
| get-sod-policy | Get /sod-policies/{id} | Get sod policy by id |
| get-sod-policy-schedule | Get /sod-policies/{id}/schedule | Get sod policy schedule |
| get-sod-violation-report-run-status | Get /sod-policies/sod-violation-report-status/{reportResultId} | Get violation report run status |
| get-sod-violation-report-status | Get /sod-policies/{id}/violation-report | Get sod violation report status |
| list-sod-policies | Get /sod-policies | List sod policies |
| patch-sod-policy | Patch /sod-policies/{id} | Patch a sod policy |
| put-policy-schedule | Put /sod-policies/{id}/schedule | Update sod policy schedule |
| put-sod-policy | Put /sod-policies/{id} | Update sod policy by id |
| start-sod-all-policies-for-org | Post /sod-violation-report/run | Runs all policies for org |
| start-sod-policy | Post /sod-policies/{id}/violation-report/run | Runs sod policy violation report |
create-sod-policy
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Create sod policy This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. Requires role of ORG_ADMIN.
Path Parameters
Other Parameters
Other parameters are passed through a pointer to a apiCreateSodPolicyRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|---|---|---|
| sodPolicy | SodPolicy |
Return type
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
"encoding/json"
beta "github.com/sailpoint-oss/golang-sdk/v2/api_beta"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
sodpolicy := []byte(`{
"conflictingAccessCriteria" : {
"leftCriteria" : {
"name" : "money-in",
"criteriaList" : [ {
"type" : "ENTITLEMENT",
"id" : "2c9180866166b5b0016167c32ef31a66",
"name" : "Administrator"
}, {
"type" : "ENTITLEMENT",
"id" : "2c9180866166b5b0016167c32ef31a67",
"name" : "Administrator"
} ]
},
"rightCriteria" : {
"name" : "money-in",
"criteriaList" : [ {
"type" : "ENTITLEMENT",
"id" : "2c9180866166b5b0016167c32ef31a66",
"name" : "Administrator"
}, {
"type" : "ENTITLEMENT",
"id" : "2c9180866166b5b0016167c32ef31a67",
"name" : "Administrator"
} ]
}
},
"ownerRef" : {
"name" : "Support",
"id" : "2c9180a46faadee4016fb4e018c20639",
"type" : "IDENTITY"
},
"created" : "2020-01-01T00:00:00Z",
"scheduled" : true,
"creatorId" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"description" : "This policy ensures compliance of xyz",
"violationOwnerAssignmentConfig" : {
"assignmentRule" : "MANAGER",
"ownerRef" : {
"name" : "Support",
"id" : "2c9180a46faadee4016fb4e018c20639",
"type" : "IDENTITY"
}
},
"correctionAdvice" : "Based on the role of the employee, managers should remove access that is not required for their job function.",
"type" : "GENERAL",
"tags" : [ "TAG1", "TAG2" ],
"name" : "policy-xyz",
"modified" : "2020-01-01T00:00:00Z",
"policyQuery" : "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)",
"compensatingControls" : "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"id" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"state" : "ENFORCED",
"externalPolicyReference" : "XYZ policy"
}`) // SodPolicy |
var sodPolicy beta.SodPolicy
if err := json.Unmarshal(sodpolicy, &sodPolicy); err != nil {
fmt.Println("Error:", err)
return
}
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.CreateSodPolicy(context.Background()).SodPolicy(sodPolicy).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.CreateSodPolicy(context.Background()).SodPolicy(sodPolicy).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.CreateSodPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `CreateSodPolicy`: SodPolicy
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.CreateSodPolicy`: %v\n", resp)
}
delete-sod-policy
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Delete sod policy by id This deletes a specified SOD policy. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The ID of the SOD Policy to delete. |
Other Parameters
Other parameters are passed through a pointer to a apiDeleteSodPolicyRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
logical | bool | Indicates whether this is a soft delete (logical true) or a hard delete. | [default to true]
Return type
(empty response body)
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the SOD Policy to delete. # string | The ID of the SOD Policy to delete.
logical := true // bool | Indicates whether this is a soft delete (logical true) or a hard delete. (optional) (default to true) # bool | Indicates whether this is a soft delete (logical true) or a hard delete. (optional) (default to true)
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
r, err := apiClient.Beta.SODPoliciesAPI.DeleteSodPolicy(context.Background(), id).Execute()
//r, err := apiClient.Beta.SODPoliciesAPI.DeleteSodPolicy(context.Background(), id).Logical(logical).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.DeleteSodPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
}
delete-sod-policy-schedule
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Delete sod policy schedule This deletes schedule for a specified SOD policy. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The ID of the SOD policy the schedule must be deleted for. |
Other Parameters
Other parameters are passed through a pointer to a apiDeleteSodPolicyScheduleRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
Return type
(empty response body)
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the SOD policy the schedule must be deleted for. # string | The ID of the SOD policy the schedule must be deleted for.
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
r, err := apiClient.Beta.SODPoliciesAPI.DeleteSodPolicySchedule(context.Background(), id).Execute()
//r, err := apiClient.Beta.SODPoliciesAPI.DeleteSodPolicySchedule(context.Background(), id).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.DeleteSodPolicySchedule``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
}
get-custom-violation-report
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Download custom violation report This allows to download a specified named violation report for a given report reference. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| reportResultId | string | The ID of the report reference to download. | |
| fileName | string | Custom Name for the file. |
Other Parameters
Other parameters are passed through a pointer to a apiGetCustomViolationReportRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/zip, application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
reportResultId := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the report reference to download. # string | The ID of the report reference to download.
fileName := `custom-name` // string | Custom Name for the file. # string | Custom Name for the file.
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.GetCustomViolationReport(context.Background(), reportResultId, fileName).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.GetCustomViolationReport(context.Background(), reportResultId, fileName).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.GetCustomViolationReport``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `GetCustomViolationReport`: *os.File
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.GetCustomViolationReport`: %v\n", resp)
}
get-default-violation-report
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Download violation report This allows to download a violation report for a given report reference. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| reportResultId | string | The ID of the report reference to download. |
Other Parameters
Other parameters are passed through a pointer to a apiGetDefaultViolationReportRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/zip, application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
reportResultId := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the report reference to download. # string | The ID of the report reference to download.
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.GetDefaultViolationReport(context.Background(), reportResultId).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.GetDefaultViolationReport(context.Background(), reportResultId).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.GetDefaultViolationReport``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `GetDefaultViolationReport`: *os.File
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.GetDefaultViolationReport`: %v\n", resp)
}
get-sod-all-report-run-status
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Get multi-report run task status This endpoint gets the status for a violation report for all policy run. Requires role of ORG_ADMIN.
Path Parameters
This endpoint does not need any parameter.
Other Parameters
Other parameters are passed through a pointer to a apiGetSodAllReportRunStatusRequest struct via the builder pattern
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodAllReportRunStatus(context.Background()).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodAllReportRunStatus(context.Background()).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.GetSodAllReportRunStatus``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `GetSodAllReportRunStatus`: ReportResultReference
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.GetSodAllReportRunStatus`: %v\n", resp)
}
get-sod-policy
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Get sod policy by id This gets specified SOD policy. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The ID of the object reference to retrieve. |
Other Parameters
Other parameters are passed through a pointer to a apiGetSodPolicyRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the object reference to retrieve. # string | The ID of the object reference to retrieve.
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodPolicy(context.Background(), id).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodPolicy(context.Background(), id).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.GetSodPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `GetSodPolicy`: SodPolicy
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.GetSodPolicy`: %v\n", resp)
}
get-sod-policy-schedule
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Get sod policy schedule This endpoint gets a specified SOD policy's schedule. Requires the role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The ID of the object reference to retrieve. |
Other Parameters
Other parameters are passed through a pointer to a apiGetSodPolicyScheduleRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the object reference to retrieve. # string | The ID of the object reference to retrieve.
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodPolicySchedule(context.Background(), id).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodPolicySchedule(context.Background(), id).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.GetSodPolicySchedule``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `GetSodPolicySchedule`: SodPolicySchedule
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.GetSodPolicySchedule`: %v\n", resp)
}
get-sod-violation-report-run-status
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Get violation report run status This gets the status for a violation report run task that has already been invoked. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| reportResultId | string | The ID of the report reference to retrieve. |
Other Parameters
Other parameters are passed through a pointer to a apiGetSodViolationReportRunStatusRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
reportResultId := `2e8d8180-24bc-4d21-91c6-7affdb473b0d` // string | The ID of the report reference to retrieve. # string | The ID of the report reference to retrieve.
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodViolationReportRunStatus(context.Background(), reportResultId).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodViolationReportRunStatus(context.Background(), reportResultId).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.GetSodViolationReportRunStatus``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `GetSodViolationReportRunStatus`: ReportResultReference
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.GetSodViolationReportRunStatus`: %v\n", resp)
}
get-sod-violation-report-status
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Get sod violation report status This gets the status for a violation report run task that has already been invoked. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The ID of the object reference to retrieve. |
Other Parameters
Other parameters are passed through a pointer to a apiGetSodViolationReportStatusRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the object reference to retrieve. # string | The ID of the object reference to retrieve.
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodViolationReportStatus(context.Background(), id).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.GetSodViolationReportStatus(context.Background(), id).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.GetSodViolationReportStatus``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `GetSodViolationReportStatus`: ReportResultReference
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.GetSodViolationReportStatus`: %v\n", resp)
}
list-sod-policies
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
List sod policies This gets list of all SOD policies. Requires role of ORG_ADMIN
Path Parameters
Other Parameters
Other parameters are passed through a pointer to a apiListSodPoliciesRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|---|---|---|
| limit | int32 | Max number of results to return. See V3 API Standard Collection Parameters for more information. | [default to 250] |
| offset | int32 | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. | [default to 0] |
| count | bool | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. | [default to false] |
| filters | string | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: id: eq, in name: eq, in state: eq, in | |
| sorters | string | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, name, created, modified, description |
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
limit := 250 // int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250) # int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
offset := 0 // int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0) # int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
count := true // bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to false) # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to false)
filters := `id eq "bc693f07e7b645539626c25954c58554"` // string | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in* **state**: *eq, in* (optional) # string | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in* **state**: *eq, in* (optional)
sorters := `id,name` // string | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, description** (optional) # string | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, description** (optional)
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.ListSodPolicies(context.Background()).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.ListSodPolicies(context.Background()).Limit(limit).Offset(offset).Count(count).Filters(filters).Sorters(sorters).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.ListSodPolicies``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `ListSodPolicies`: []SodPolicy
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.ListSodPolicies`: %v\n", resp)
}
patch-sod-policy
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Patch a sod policy Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the JSON Patch standard. Requires role of ORG_ADMIN. This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The ID of the SOD policy being modified. |
Other Parameters
Other parameters are passed through a pointer to a apiPatchSodPolicyRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
requestBody | []map[string]interface | A list of SOD Policy update operations according to the JSON Patch standard. The following fields are patchable: * name * description * ownerRef * externalPolicyReference * compensatingControls * correctionAdvice * state * tags * violationOwnerAssignmentConfig * scheduled * conflictingAccessCriteria |
Return type
HTTP request headers
- Content-Type: application/json-patch+json
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
"encoding/json"
beta "github.com/sailpoint-oss/golang-sdk/v2/api_beta"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `2c9180835d191a86015d28455b4a2329` // string | The ID of the SOD policy being modified. # string | The ID of the SOD policy being modified.
requestbody := []byte(`[{op=replace, path=/description, value=Modified description}, {op=replace, path=/conflictingAccessCriteria/leftCriteria/name, value=money-in-modified}, {op=replace, path=/conflictingAccessCriteria/rightCriteria, value={name=money-out-modified, criteriaList=[{type=ENTITLEMENT, id=2c918087682f9a86016839c0509c1ab2}]}}]`) // []map[string]interface{} | A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * ownerRef * externalPolicyReference * compensatingControls * correctionAdvice * state * tags * violationOwnerAssignmentConfig * scheduled * conflictingAccessCriteria
var requestBody []beta.RequestBody
if err := json.Unmarshal(requestbody, &requestBody); err != nil {
fmt.Println("Error:", err)
return
}
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.PatchSodPolicy(context.Background(), id).RequestBody(requestBody).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.PatchSodPolicy(context.Background(), id).RequestBody(requestBody).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.PatchSodPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `PatchSodPolicy`: SodPolicy
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.PatchSodPolicy`: %v\n", resp)
}
put-policy-schedule
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Update sod policy schedule This updates schedule for a specified SOD policy. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The ID of the SOD policy to update its schedule. |
Other Parameters
Other parameters are passed through a pointer to a apiPutPolicyScheduleRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
sodPolicySchedule | SodPolicySchedule | |
Return type
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
"encoding/json"
beta "github.com/sailpoint-oss/golang-sdk/v2/api_beta"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the SOD policy to update its schedule. # string | The ID of the SOD policy to update its schedule.
sodpolicyschedule := []byte(`{
"schedule" : {
"hours" : {
"accountMatchConfig" : {
"matchExpression" : {
"and" : true,
"matchTerms" : [ {
"name" : "",
"value" : "",
"container" : true,
"and" : false,
"children" : [ {
"name" : "businessCategory",
"value" : "Service",
"op" : "eq",
"container" : false,
"and" : false
} ]
} ]
}
},
"applicationId" : "2c91808874ff91550175097daaec161c\""
},
"months" : {
"accountMatchConfig" : {
"matchExpression" : {
"and" : true,
"matchTerms" : [ {
"name" : "",
"value" : "",
"container" : true,
"and" : false,
"children" : [ {
"name" : "businessCategory",
"value" : "Service",
"op" : "eq",
"container" : false,
"and" : false
} ]
} ]
}
},
"applicationId" : "2c91808874ff91550175097daaec161c\""
},
"timeZoneId" : "America/Chicago",
"days" : {
"accountMatchConfig" : {
"matchExpression" : {
"and" : true,
"matchTerms" : [ {
"name" : "",
"value" : "",
"container" : true,
"and" : false,
"children" : [ {
"name" : "businessCategory",
"value" : "Service",
"op" : "eq",
"container" : false,
"and" : false
} ]
} ]
}
},
"applicationId" : "2c91808874ff91550175097daaec161c\""
},
"expiration" : "2018-06-25T20:22:28.104Z",
"type" : "WEEKLY"
},
"created" : "2020-01-01T00:00:00Z",
"recipients" : [ {
"name" : "Michael Michaels",
"id" : "2c7180a46faadee4016fb4e018c20642",
"type" : "IDENTITY"
}, {
"name" : "Michael Michaels",
"id" : "2c7180a46faadee4016fb4e018c20642",
"type" : "IDENTITY"
} ],
"name" : "SCH-1584312283015",
"creatorId" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modified" : "2020-01-01T00:00:00Z",
"description" : "Schedule for policy xyz",
"emailEmptyResults" : false
}`) // SodPolicySchedule |
var sodPolicySchedule beta.SodPolicySchedule
if err := json.Unmarshal(sodpolicyschedule, &sodPolicySchedule); err != nil {
fmt.Println("Error:", err)
return
}
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.PutPolicySchedule(context.Background(), id).SodPolicySchedule(sodPolicySchedule).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.PutPolicySchedule(context.Background(), id).SodPolicySchedule(sodPolicySchedule).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.PutPolicySchedule``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `PutPolicySchedule`: SodPolicySchedule
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.PutPolicySchedule`: %v\n", resp)
}
put-sod-policy
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Update sod policy by id This updates a specified SOD policy. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The ID of the SOD policy to update. |
Other Parameters
Other parameters are passed through a pointer to a apiPutSodPolicyRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
sodPolicy | SodPolicy | |
Return type
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
"encoding/json"
beta "github.com/sailpoint-oss/golang-sdk/v2/api_beta"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `ef38f94347e94562b5bb8424a56397d8` // string | The ID of the SOD policy to update. # string | The ID of the SOD policy to update.
sodpolicy := []byte(`{
"conflictingAccessCriteria" : {
"leftCriteria" : {
"name" : "money-in",
"criteriaList" : [ {
"type" : "ENTITLEMENT",
"id" : "2c9180866166b5b0016167c32ef31a66",
"name" : "Administrator"
}, {
"type" : "ENTITLEMENT",
"id" : "2c9180866166b5b0016167c32ef31a67",
"name" : "Administrator"
} ]
},
"rightCriteria" : {
"name" : "money-in",
"criteriaList" : [ {
"type" : "ENTITLEMENT",
"id" : "2c9180866166b5b0016167c32ef31a66",
"name" : "Administrator"
}, {
"type" : "ENTITLEMENT",
"id" : "2c9180866166b5b0016167c32ef31a67",
"name" : "Administrator"
} ]
}
},
"ownerRef" : {
"name" : "Support",
"id" : "2c9180a46faadee4016fb4e018c20639",
"type" : "IDENTITY"
},
"created" : "2020-01-01T00:00:00Z",
"scheduled" : true,
"creatorId" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"description" : "This policy ensures compliance of xyz",
"violationOwnerAssignmentConfig" : {
"assignmentRule" : "MANAGER",
"ownerRef" : {
"name" : "Support",
"id" : "2c9180a46faadee4016fb4e018c20639",
"type" : "IDENTITY"
}
},
"correctionAdvice" : "Based on the role of the employee, managers should remove access that is not required for their job function.",
"type" : "GENERAL",
"tags" : [ "TAG1", "TAG2" ],
"name" : "policy-xyz",
"modified" : "2020-01-01T00:00:00Z",
"policyQuery" : "@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)",
"compensatingControls" : "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"id" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"state" : "ENFORCED",
"externalPolicyReference" : "XYZ policy"
}`) // SodPolicy |
var sodPolicy beta.SodPolicy
if err := json.Unmarshal(sodpolicy, &sodPolicy); err != nil {
fmt.Println("Error:", err)
return
}
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.PutSodPolicy(context.Background(), id).SodPolicy(sodPolicy).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.PutSodPolicy(context.Background(), id).SodPolicy(sodPolicy).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.PutSodPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `PutSodPolicy`: SodPolicy
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.PutSodPolicy`: %v\n", resp)
}
start-sod-all-policies-for-org
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Runs all policies for org Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided. Requires role of ORG_ADMIN.
Path Parameters
Other Parameters
Other parameters are passed through a pointer to a apiStartSodAllPoliciesForOrgRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|---|---|---|
| multiPolicyRequest | MultiPolicyRequest |
Return type
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
multipolicyrequest := []byte(`{
"filteredPolicyList" : [ "filteredPolicyList", "filteredPolicyList" ]
}`) // MultiPolicyRequest | (optional)
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.StartSodAllPoliciesForOrg(context.Background()).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.StartSodAllPoliciesForOrg(context.Background()).MultiPolicyRequest(multiPolicyRequest).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.StartSodAllPoliciesForOrg``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `StartSodAllPoliciesForOrg`: ReportResultReference
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.StartSodAllPoliciesForOrg`: %v\n", resp)
}
start-sod-policy
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Runs sod policy violation report This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message. Requires role of ORG_ADMIN.
Path Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ctx | context.Context | context for authentication, logging, cancellation, deadlines, tracing, etc. | |
| id | string | The SOD policy ID to run. |
Other Parameters
Other parameters are passed through a pointer to a apiStartSodPolicyRequest struct via the builder pattern
| Name | Type | Description | Notes |
|---|
Return type
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
package main
import (
"context"
"fmt"
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)
func main() {
id := `ef38f94347e94562b5bb8424a56397d8` // string | The SOD policy ID to run. # string | The SOD policy ID to run.
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.Beta.SODPoliciesAPI.StartSodPolicy(context.Background(), id).Execute()
//resp, r, err := apiClient.Beta.SODPoliciesAPI.StartSodPolicy(context.Background(), id).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SODPoliciesAPI.StartSodPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `StartSodPolicy`: ReportResultReference
fmt.Fprintf(os.Stdout, "Response from `SODPoliciesAPI.StartSodPolicy`: %v\n", resp)
}