requests
Download SpecCreate and act upon role requests
offset
int
Offset where to start fetching the items
- Default
- 0
limit
int
Number of items to return
- Default
- 50
- Max
- 100
filter
string
required
Filter request items - possible values: requests (all the requests the user has made, active, approved or denied), active_requests (requests currently active, waiting to be approved), approvals (all the requests the current user has made a decision or needs to decide), active_approvals (all the requests the current user can make a decision on), all
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
adminworkflowsRequestsrequestsView Get the request queue for the user.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Successful response, returns an array of workflows, returns an empty array if no workflows defined
{
"count": 123,
"items": [
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "string",
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"requestor_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"can_bypass_revoke_workflow": true,
"steps": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"match": "ALL",
"approvers": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
],
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
}
}
]
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivecount
int
items
array[object]
object
Description of a complete access request.
id
string
uuid
The UUID of the returned object, unique to a access request.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the access request.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a user is present in the system or not.
requested_role
object (requested_role)
required
The ID and display name of the access requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role.
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the access request.
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase.
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase.
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase.
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase.
- Example
- 24
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection.
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration.
- Example
- 15
target_user
object (target_user)
The ID of the user the request is made for.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a user is present in the system or not.
target_roles
array[object]
A list of roles this workflow targets.
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
requestor_roles
array[object]
The ID and display name of the access requestor roles. Display name stored for posterity.
object
id
string
uuid
The ID of the requestor role.
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template.
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created.
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated.
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
Name of the workflow.
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses.
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object.
- Example
- "A comment"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role.
- Default
- false
steps
array[object]
Array of steps.
object
Approval access request step. These are read-only for requests.
id
string
uuid
name
string
required
Access request name.
match
string
required
All approvers must approve or any approver can approve.
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step.
object
Approver within a access request step.
id
string
uuid
role
object (role)
required
Approving role's ID and display name.
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step.
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made.
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision.
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user.
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers.
- Default
- false
target_role_revocation_time
string
date-time
Date and time of revocation.
- Example
- "2017-01-01T15:05:05Z"
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a role is present in the system or not.
id
string
uuid
The UUID of the returned object, unique to a access request.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the access request.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a user is present in the system or not.
requested_role
object (requested_role)
required
The ID and display name of the access requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role.
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the access request.
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase.
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase.
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase.
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase.
- Example
- 24
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection.
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration.
- Example
- 15
target_user
object (target_user)
The ID of the user the request is made for.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a user is present in the system or not.
target_roles
array[object]
A list of roles this workflow targets.
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
requestor_roles
array[object]
The ID and display name of the access requestor roles. Display name stored for posterity.
object
id
string
uuid
The ID of the requestor role.
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template.
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created.
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated.
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
Name of the workflow.
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses.
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object.
- Example
- "A comment"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role.
- Default
- false
steps
array[object]
Array of steps.
object
Approval access request step. These are read-only for requests.
id
string
uuid
name
string
required
Access request name.
match
string
required
All approvers must approve or any approver can approve.
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step.
object
Approver within a access request step.
id
string
uuid
role
object (role)
required
Approving role's ID and display name.
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step.
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made.
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision.
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user.
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers.
- Default
- false
target_role_revocation_time
string
date-time
Date and time of revocation.
- Example
- "2017-01-01T15:05:05Z"
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a role is present in the system or not.
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
offset
int
Offset where to start fetching the items
- Default
- 0
limit
int
Number of items to return
- Default
- 50
- Max
- 100
oauth
Required Scopes:
workflowsRequestsadmin Add a workflow to the request queue.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Request
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "string",
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"requestor_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"can_bypass_revoke_workflow": true,
"steps": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"match": "ALL",
"approvers": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
],
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
}
}Response
Workflow successfully added to the request queue
{
"id": "5bf77342-221c-11ee-be56-0242ac120002"
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
ID of the created resource
Location
string
Location of the created resource
request_id
string
required
Request item ID
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
workflowsRequestsadmin Gets a request object by ID.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Successful response, returns the request item if found
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "string",
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"requestor_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"can_bypass_revoke_workflow": true,
"steps": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"match": "ALL",
"approvers": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
],
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
}
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
The UUID of the returned object, unique to a access request.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the access request.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a user is present in the system or not.
requested_role
object (requested_role)
required
The ID and display name of the access requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role.
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the access request.
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase.
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase.
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase.
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase.
- Example
- 24
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection.
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration.
- Example
- 15
target_user
object (target_user)
The ID of the user the request is made for.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a user is present in the system or not.
target_roles
array[object]
A list of roles this workflow targets.
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
requestor_roles
array[object]
The ID and display name of the access requestor roles. Display name stored for posterity.
object
id
string
uuid
The ID of the requestor role.
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template.
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created.
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated.
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
Name of the workflow.
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses.
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object.
- Example
- "A comment"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role.
- Default
- false
steps
array[object]
Array of steps.
object
Approval access request step. These are read-only for requests.
id
string
uuid
name
string
required
Access request name.
match
string
required
All approvers must approve or any approver can approve.
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step.
object
Approver within a access request step.
id
string
uuid
role
object (role)
required
Approving role's ID and display name.
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step.
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made.
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision.
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user.
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers.
- Default
- false
target_role_revocation_time
string
date-time
Date and time of revocation.
- Example
- "2017-01-01T15:05:05Z"
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a role is present in the system or not.
request_id
string
required
Request ID
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
workflowsRequestsadmin Delete Request item by ID.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Request item successfully deleted
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveUpdate a request in queue. Only users with matching role are permitted to change the status of a step requiring such role.
step
int
Workflow step requires approval
decision
string
The user's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment accompanying the decision
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
request_id
string
required
Request item ID
oauth
Required Scopes:
workflowsRequestsadmin Update a request in queue. Only users with matching role are permitted to change the status of a step requiring such role.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Request
{
"step": 123,
"decision": "WAITING",
"comment": "string"
}Response
Decision recorded
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveRevoke the target user role. Only original approvers of the request can revoke a role this way.
request_id
string
required
Request item ID
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
workflowsRequestsadmin Revoke the target user role. Only original approvers of the request can revoke a role this way.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Role revoked
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivekeywords
string
- Example
- "GRANT"
start_time
string
date-time
- Example
- "2017-01-01T15:05:05Z"
end_time
string
date-time
- Example
- "2017-01-01T15:05:05Z"
filter
string
- Example
- "requests"
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
offset
int
Offset where to start fetching the items
- Default
- 0
limit
int
Number of items to return
- Default
- 50
sortkey
string
Sort by specific object property
- Default
- "id"
sortdir
string
Sort direction, asc or desc
- Default
- "ASC"
- Enum
-
- ASC
- DESC
filter
string
required
Filter request items(requests, active_requests, approvals, etc.)
- Default
- "REQUESTS"
- Enum
-
- ALL
- ACTIVE_REQUESTS
- ACTIVE_APPROVALS
- APPROVALS
- REQUESTS
oauth
Required Scopes:
adminworkflowsRequestsrequestsView Search access requests
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
requestsView· View requests -
service· Microservice scope - used for communication between PrivX microservices -
user· Normal users -
workflowsManage· Manage role granting workflows -
workflowsRequestOnBehalf· Create a role request on behalf of someone -
workflowsRequests· Manage a role requests -
workflowsView· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Request
{
"keywords": "GRANT",
"start_time": "2017-01-01T15:05:05Z",
"end_time": "2017-01-01T15:05:05Z",
"filter": "requests"
}Response
Successful response, returns an array of requests, returns an empty array if no requests found
{
"count": 123,
"items": [
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "string",
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"requestor_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"can_bypass_revoke_workflow": true,
"steps": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"match": "ALL",
"approvers": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
],
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string",
"deleted": true
}
}
]
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivecount
int
items
array[object]
object
Description of a complete access request.
id
string
uuid
The UUID of the returned object, unique to a access request.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the access request.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a user is present in the system or not.
requested_role
object (requested_role)
required
The ID and display name of the access requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role.
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the access request.
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase.
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase.
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase.
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase.
- Example
- 24
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection.
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration.
- Example
- 15
target_user
object (target_user)
The ID of the user the request is made for.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a user is present in the system or not.
target_roles
array[object]
A list of roles this workflow targets.
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
requestor_roles
array[object]
The ID and display name of the access requestor roles. Display name stored for posterity.
object
id
string
uuid
The ID of the requestor role.
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template.
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created.
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated.
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object.
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
Name of the workflow.
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses.
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object.
- Example
- "A comment"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role.
- Default
- false
steps
array[object]
Array of steps.
object
Approval access request step. These are read-only for requests.
id
string
uuid
name
string
required
Access request name.
match
string
required
All approvers must approve or any approver can approve.
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step.
object
Approver within a access request step.
id
string
uuid
role
object (role)
required
Approving role's ID and display name.
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step.
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made.
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision.
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user.
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers.
- Default
- false
target_role_revocation_time
string
date-time
Date and time of revocation.
- Example
- "2017-01-01T15:05:05Z"
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role.
id
string
uuid
display_name
string
deleted
boolean
It indicates whether a role is present in the system or not.
Was this page helpful?