Workflow Engine

workflows

Download Spec

Workflows for granting role memberships

get/workflow-engine/api/v1/workflows

Get workflow objects.

limitint

Number of items to return

Default: 50
Max: 100

offsetint

Offset where to start fetching the items

Default: 0

Responses

Response examples

Successful response, returns an array of workflows, returns an empty array if no workflows defined

{
  "count": 123,
  "items": [
    {
      "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "requester": {
        "id": "5bf77342-221c-11ee-be56-0242ac120002",
        "display_name": "string",
        "deleted": true
      },
      "requested_role": {
        "id": "5bf77342-221c-11ee-be56-0242ac120002",
        "name": "string",
        "deleted": true
      },
      "request_justification": "string",
      "grant_types": [
        "PERMANENT"
      ],
      "grant_start": "2017-01-01T15:05:05Z",
      "grant_end": "2017-01-01T15:05:05Z",
      "floating_length": 24,
      "max_active_requests": 1,
      "max_floating_duration": 48,
      "max_time_restricted_duration": 15,
      "target_user": {
        "id": "5bf77342-221c-11ee-be56-0242ac120002",
        "display_name": "string",
        "deleted": true
      },
      "target_roles": [
        {
          "id": "5bf77342-221c-11ee-be56-0242ac120002",
          "name": "string",
          "deleted": true
        }
      ],
      "action": "GRANT",
      "created": "2017-01-01T15:05:05Z",
      "updated": "2017-01-01T15:05:05Z",
      "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "name": "An example workflow",
      "status": "WAITING",
      "comment": "A comment",
      "can_bypass_revoke_workflow": true,
      "steps": [
        {
          "name": "string",
          "match": "ALL",
          "approvers": [
            {
              "role": {
                "id": "5bf77342-221c-11ee-be56-0242ac120002",
                "name": "string",
                "deleted": true
              }
            }
          ]
        }
      ]
    }
  ]
}

post/workflow-engine/api/v1/workflows

Create a new workflow. ID, author, created, and updated fields are automatically populated by the server.

idstring

The UUID of the returned object, unique to a workflow template.

Format: uuid
Example: "eef4aefc-d64e-4c2c-aba4-4914c86ce059"

requesterobject

The ID & display name of the user making the request.

idstring

Format: uuid

display_namestring

deletedboolean

It indicates whether a user is present in the system or not.

requested_roleobject

The ID and display name of the requested role. Display name stored for posterity.

idstring

The ID of the requested role.

Format: uuid

namestring

deletedboolean

It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.

request_justificationstring

Justification for the request.

grant_typesarray

List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window.

grant_startstring

Date & time after which the role is granted to the user. Can be overriden in decision phase.

Format: date-time
Example: "2017-01-01T15:05:05Z"

grant_endstring

Date & time after which the role is removed from the user. Can be overriden in decision phase.

Format: date-time
Example: "2017-01-01T15:05:05Z"

floating_lengthint

Time in hours how long the grant should last after initial connection. Can be overriden in decision phase.

Example: 24

max_active_requestsint

required

Maximum number of concurrent open requests a user can have per target role. Set to -1 to allow an unlimited number of open requests. Assumed 1 if not specified.

Example: 1

max_floating_durationint

Time in hours how long the grant should not exceed after initial connection.

Example: 48

max_time_restricted_durationint

Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration.

Example: 15

target_userobject

The ID of the user the request is made for.

idstring

Format: uuid

display_namestring

deletedboolean

It indicates whether a user is present in the system or not.

target_rolesarray

required

A list of roles this workflow targets.

idstring

Format: uuid

namestring

deletedboolean

actionstring

required

Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template.

Enum: GRANT
REMOVE
BOTH

createdstring

When the object was created.

Format: date-time
Example: "2017-01-01T15:05:05Z"

updatedstring

When the object was updated.

Format: date-time
Example: "2017-01-01T15:05:05Z"

updated_bystring

ID of the user who updated the object.

Format: uuid
Example: "eef4aefc-d64e-4c2c-aba4-4914c86ce059"

authorstring

ID of the user who originally authored the object.

Format: uuid
Example: "eef4aefc-d64e-4c2c-aba4-4914c86ce059"

namestring

required

Name of the workflow.

Min Length: 4
Max Length: 4096
Example: "An example workflow"

statusstring

Computed status for the instance of the workflow - based on step statuses.

Default: "WAITING"
Enum: WAITING
APPROVED
DENIED

commentstring

A comment describing the object.

Example: "A comment"

can_bypass_revoke_workflowboolean

A flag used to determine if approvers can bypass the revoke workflow to revoke a role.

Default: false

stepsarray

required

Array of steps.

namestring

required

Workflow-step name

matchstring

required

All approvers must approve or any approver can approve

Enum: ALL
ANY

approversarray

required

Who are the approvers in this step

Responses

Request examples

{
  "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "requester": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "display_name": "string",
    "deleted": true
  },
  "requested_role": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "name": "string",
    "deleted": true
  },
  "request_justification": "string",
  "grant_types": [
    "PERMANENT"
  ],
  "grant_start": "2017-01-01T15:05:05Z",
  "grant_end": "2017-01-01T15:05:05Z",
  "floating_length": 24,
  "max_active_requests": 1,
  "max_floating_duration": 48,
  "max_time_restricted_duration": 15,
  "target_user": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "display_name": "string",
    "deleted": true
  },
  "target_roles": [
    {
      "id": "5bf77342-221c-11ee-be56-0242ac120002",
      "name": "string",
      "deleted": true
    }
  ],
  "action": "GRANT",
  "created": "2017-01-01T15:05:05Z",
  "updated": "2017-01-01T15:05:05Z",
  "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "name": "An example workflow",
  "status": "WAITING",
  "comment": "A comment",
  "can_bypass_revoke_workflow": true,
  "steps": [
    {
      "name": "string",
      "match": "ALL",
      "approvers": [
        {
          "role": {
            "id": "5bf77342-221c-11ee-be56-0242ac120002",
            "name": "string",
            "deleted": true
          }
        }
      ]
    }
  ]
}

Response examples

Workflow Successfully created

{
  "id": "5bf77342-221c-11ee-be56-0242ac120002"
}

get/workflow-engine/api/v1/workflows/{workflow_id}

Get workflow object by ID.

workflow_idstring

required

Workflow ID

Responses

Response examples

Successful response, returns a workflow if found

{
  "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "requester": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "display_name": "string",
    "deleted": true
  },
  "requested_role": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "name": "string",
    "deleted": true
  },
  "request_justification": "string",
  "grant_types": [
    "PERMANENT"
  ],
  "grant_start": "2017-01-01T15:05:05Z",
  "grant_end": "2017-01-01T15:05:05Z",
  "floating_length": 24,
  "max_active_requests": 1,
  "max_floating_duration": 48,
  "max_time_restricted_duration": 15,
  "target_user": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "display_name": "string",
    "deleted": true
  },
  "target_roles": [
    {
      "id": "5bf77342-221c-11ee-be56-0242ac120002",
      "name": "string",
      "deleted": true
    }
  ],
  "action": "GRANT",
  "created": "2017-01-01T15:05:05Z",
  "updated": "2017-01-01T15:05:05Z",
  "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "name": "An example workflow",
  "status": "WAITING",
  "comment": "A comment",
  "can_bypass_revoke_workflow": true,
  "steps": [
    {
      "name": "string",
      "match": "ALL",
      "approvers": [
        {
          "role": {
            "id": "5bf77342-221c-11ee-be56-0242ac120002",
            "name": "string",
            "deleted": true
          }
        }
      ]
    }
  ]
}

put/workflow-engine/api/v1/workflows/{workflow_id}

Update a workflow.

idstring

The UUID of the returned object, unique to a workflow template.

Format: uuid
Example: "eef4aefc-d64e-4c2c-aba4-4914c86ce059"

requesterobject

The ID & display name of the user making the request.

idstring

Format: uuid

display_namestring

deletedboolean

It indicates whether a user is present in the system or not.

requested_roleobject

The ID and display name of the requested role. Display name stored for posterity.

idstring

The ID of the requested role.

Format: uuid

namestring

deletedboolean

request_justificationstring

Justification for the request.

grant_typesarray

grant_startstring

Date & time after which the role is granted to the user. Can be overriden in decision phase.

Format: date-time
Example: "2017-01-01T15:05:05Z"

grant_endstring

Date & time after which the role is removed from the user. Can be overriden in decision phase.

Format: date-time
Example: "2017-01-01T15:05:05Z"

floating_lengthint

Time in hours how long the grant should last after initial connection. Can be overriden in decision phase.

Example: 24

max_active_requestsint

required

Maximum number of concurrent open requests a user can have per target role. Set to -1 to allow an unlimited number of open requests. Assumed 1 if not specified.

Example: 1

max_floating_durationint

Time in hours how long the grant should not exceed after initial connection.

Example: 48

max_time_restricted_durationint

Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration.

Example: 15

target_userobject

The ID of the user the request is made for.

idstring

Format: uuid

display_namestring

deletedboolean

It indicates whether a user is present in the system or not.

target_rolesarray

required

A list of roles this workflow targets.

idstring

Format: uuid

namestring

deletedboolean

actionstring

required

Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template.

Enum: GRANT
REMOVE
BOTH

createdstring

When the object was created.

Format: date-time
Example: "2017-01-01T15:05:05Z"

updatedstring

When the object was updated.

Format: date-time
Example: "2017-01-01T15:05:05Z"

updated_bystring

ID of the user who updated the object.

Format: uuid
Example: "eef4aefc-d64e-4c2c-aba4-4914c86ce059"

authorstring

ID of the user who originally authored the object.

Format: uuid
Example: "eef4aefc-d64e-4c2c-aba4-4914c86ce059"

namestring

required

Name of the workflow.

Min Length: 4
Max Length: 4096
Example: "An example workflow"

statusstring

Computed status for the instance of the workflow - based on step statuses.

Default: "WAITING"
Enum: WAITING
APPROVED
DENIED

commentstring

A comment describing the object.

Example: "A comment"

can_bypass_revoke_workflowboolean

A flag used to determine if approvers can bypass the revoke workflow to revoke a role.

Default: false

stepsarray

required

Array of steps.

namestring

required

Workflow-step name

matchstring

required

All approvers must approve or any approver can approve

Enum: ALL
ANY

approversarray

required

Who are the approvers in this step

Responses

Request examples

{
  "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "requester": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "display_name": "string",
    "deleted": true
  },
  "requested_role": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "name": "string",
    "deleted": true
  },
  "request_justification": "string",
  "grant_types": [
    "PERMANENT"
  ],
  "grant_start": "2017-01-01T15:05:05Z",
  "grant_end": "2017-01-01T15:05:05Z",
  "floating_length": 24,
  "max_active_requests": 1,
  "max_floating_duration": 48,
  "max_time_restricted_duration": 15,
  "target_user": {
    "id": "5bf77342-221c-11ee-be56-0242ac120002",
    "display_name": "string",
    "deleted": true
  },
  "target_roles": [
    {
      "id": "5bf77342-221c-11ee-be56-0242ac120002",
      "name": "string",
      "deleted": true
    }
  ],
  "action": "GRANT",
  "created": "2017-01-01T15:05:05Z",
  "updated": "2017-01-01T15:05:05Z",
  "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "name": "An example workflow",
  "status": "WAITING",
  "comment": "A comment",
  "can_bypass_revoke_workflow": true,
  "steps": [
    {
      "name": "string",
      "match": "ALL",
      "approvers": [
        {
          "role": {
            "id": "5bf77342-221c-11ee-be56-0242ac120002",
            "name": "string",
            "deleted": true
          }
        }
      ]
    }
  ]
}

Response examples

Workflow successfully updated

Empty response

delete/workflow-engine/api/v1/workflows/{workflow_id}

Deletes workflow by ID.

workflow_idstring

required

Workflow ID

Responses

Response examples

Workflow Successfully deleted

Empty response

Was this page helpful?