requests
Download SpecCreate and act upon role requests
offset
int
Offset where to start fetching the items
- Default
- 0
limit
int
Number of items to return
- Default
- 50
- Max
- 100
filter
string
required
Filter request items - possible values: requests (all the requests the user has made, active, approved or denied), active_requests (requests currently active, waiting to be approved), approvals (all the requests the current user has made a decision or needs to decide), active_approvals (all the requests the current user can make a decision on), all
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
admin
workflowsRequests
requestsView
Get the request queue for the user.
All Scopes
-
admin
· Admin scope - used for built-in PrivX admin account -
requestsView
· View requests -
service
· Microservice scope - used for communication between PrivX microservices -
user
· Normal users -
workflowsManage
· Manage role granting workflows -
workflowsRequestOnBehalf
· Create a role request on behalf of someone -
workflowsRequests
· Manage a role requests -
workflowsView
· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Successful response, returns an array of workflows, returns an empty array if no workflows defined
{
"count": 123,
"items": [
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "PERMANENT",
"grant_types": [
"PERMANENT"
],
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"requested_grant_type": "PERMANENT",
"requested_grant_start": "2017-01-01T15:05:05Z",
"requested_grant_end": "2017-01-01T15:05:05Z",
"requested_floating_length": 24,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"workflow": "5bf77342-221c-11ee-be56-0242ac120002",
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"can_bypass_revoke_workflow": true,
"steps": [
{
"name": "string",
"match": "ALL",
"approvers": [
{
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
]
}
]
}
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivecount
int
items
array[object]
object
Description of a complete workflow. Used both in workflow templates and in requests - depending on the usage, different properties are editable. Workflow-template properties are indicated with a [T] and request properties with [R].
id
string
uuid
The UUID of the returned object, unique to a workflow template and a request. [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the request [R]
id
string
uuid
display_name
string
requested_role
object (requested_role)
The ID and display name of the requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role [R]
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the request [R]
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_types
array[string]
List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. [T]
string
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection. [T]
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration. [T]
- Example
- 15
requested_grant_type
string
Requested grant type, is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
requested_grant_start
string
date-time
Requested date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_grant_end
string
date-time
Requested date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_floating_length
int
Requested time in hours for which the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
target_user
object (target_user)
The ID of the user the request is made for [R]
id
string
uuid
display_name
string
target_roles
array[object]
A list of roles this workflow targets [TR]
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
workflow
string
uuid
The ID of the workflow the request is based on [TR]
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template. [TR]
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created [TR]
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated [TR]
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
required
Name of the workflow [T]
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses [R]
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object [TR]
- Example
- "A comment"
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user [R]
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers [R]
- Default
- false
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role [R]
id
string
uuid
display_name
string
target_role_revocation_time
string
date-time
Date and time of revocation [R]
- Example
- "2017-01-01T15:05:05Z"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role [T]
- Default
- false
steps
array[object]
required
Array of steps [TR]
object
Approval step in the workflow. These are read-only for requests. [TR]
name
string
required
Workflow-step name
match
string
required
All approvers must approve or any approver can approve
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step
object
Approver within a workflow step. Can be a role or a principal [TR]
role
object (role)
required
Approving role's ID and display name
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made [R]
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision
id
string
uuid
The UUID of the returned object, unique to a workflow template and a request. [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the request [R]
id
string
uuid
display_name
string
requested_role
object (requested_role)
The ID and display name of the requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role [R]
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the request [R]
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_types
array[string]
List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. [T]
string
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection. [T]
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration. [T]
- Example
- 15
requested_grant_type
string
Requested grant type, is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
requested_grant_start
string
date-time
Requested date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_grant_end
string
date-time
Requested date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_floating_length
int
Requested time in hours for which the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
target_user
object (target_user)
The ID of the user the request is made for [R]
id
string
uuid
display_name
string
target_roles
array[object]
A list of roles this workflow targets [TR]
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
workflow
string
uuid
The ID of the workflow the request is based on [TR]
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template. [TR]
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created [TR]
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated [TR]
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
required
Name of the workflow [T]
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses [R]
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object [TR]
- Example
- "A comment"
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user [R]
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers [R]
- Default
- false
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role [R]
id
string
uuid
display_name
string
target_role_revocation_time
string
date-time
Date and time of revocation [R]
- Example
- "2017-01-01T15:05:05Z"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role [T]
- Default
- false
steps
array[object]
required
Array of steps [TR]
object
Approval step in the workflow. These are read-only for requests. [TR]
name
string
required
Workflow-step name
match
string
required
All approvers must approve or any approver can approve
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step
object
Approver within a workflow step. Can be a role or a principal [TR]
role
object (role)
required
Approving role's ID and display name
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made [R]
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
offset
int
Offset where to start fetching the items
- Default
- 0
limit
int
Number of items to return
- Default
- 50
- Max
- 100
oauth
Required Scopes:
workflowsRequests
admin
Add a workflow to the request queue.
All Scopes
-
admin
· Admin scope - used for built-in PrivX admin account -
requestsView
· View requests -
service
· Microservice scope - used for communication between PrivX microservices -
user
· Normal users -
workflowsManage
· Manage role granting workflows -
workflowsRequestOnBehalf
· Create a role request on behalf of someone -
workflowsRequests
· Manage a role requests -
workflowsView
· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Request
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "PERMANENT",
"grant_types": [
"PERMANENT"
],
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"requested_grant_type": "PERMANENT",
"requested_grant_start": "2017-01-01T15:05:05Z",
"requested_grant_end": "2017-01-01T15:05:05Z",
"requested_floating_length": 24,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"workflow": "5bf77342-221c-11ee-be56-0242ac120002",
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"can_bypass_revoke_workflow": true,
"steps": [
{
"name": "string",
"match": "ALL",
"approvers": [
{
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
]
}
Response
Workflow successfully added to the request queue
{
"id": "5bf77342-221c-11ee-be56-0242ac120002"
}
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
ID of the created resource
Location
string
Location of the created resource
request_id
string
required
Request item ID
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
workflowsRequests
admin
Gets a request object by ID.
All Scopes
-
admin
· Admin scope - used for built-in PrivX admin account -
requestsView
· View requests -
service
· Microservice scope - used for communication between PrivX microservices -
user
· Normal users -
workflowsManage
· Manage role granting workflows -
workflowsRequestOnBehalf
· Create a role request on behalf of someone -
workflowsRequests
· Manage a role requests -
workflowsView
· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Successful response, returns the request item if found
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "PERMANENT",
"grant_types": [
"PERMANENT"
],
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"requested_grant_type": "PERMANENT",
"requested_grant_start": "2017-01-01T15:05:05Z",
"requested_grant_end": "2017-01-01T15:05:05Z",
"requested_floating_length": 24,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"workflow": "5bf77342-221c-11ee-be56-0242ac120002",
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"can_bypass_revoke_workflow": true,
"steps": [
{
"name": "string",
"match": "ALL",
"approvers": [
{
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
]
}
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
The UUID of the returned object, unique to a workflow template and a request. [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the request [R]
id
string
uuid
display_name
string
requested_role
object (requested_role)
The ID and display name of the requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role [R]
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the request [R]
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_types
array[string]
List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. [T]
string
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection. [T]
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration. [T]
- Example
- 15
requested_grant_type
string
Requested grant type, is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
requested_grant_start
string
date-time
Requested date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_grant_end
string
date-time
Requested date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_floating_length
int
Requested time in hours for which the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
target_user
object (target_user)
The ID of the user the request is made for [R]
id
string
uuid
display_name
string
target_roles
array[object]
A list of roles this workflow targets [TR]
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
workflow
string
uuid
The ID of the workflow the request is based on [TR]
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template. [TR]
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created [TR]
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated [TR]
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
required
Name of the workflow [T]
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses [R]
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object [TR]
- Example
- "A comment"
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user [R]
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers [R]
- Default
- false
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role [R]
id
string
uuid
display_name
string
target_role_revocation_time
string
date-time
Date and time of revocation [R]
- Example
- "2017-01-01T15:05:05Z"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role [T]
- Default
- false
steps
array[object]
required
Array of steps [TR]
object
Approval step in the workflow. These are read-only for requests. [TR]
name
string
required
Workflow-step name
match
string
required
All approvers must approve or any approver can approve
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step
object
Approver within a workflow step. Can be a role or a principal [TR]
role
object (role)
required
Approving role's ID and display name
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made [R]
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision
request_id
string
required
Request ID
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
workflowsRequests
admin
Delete Request item by ID.
All Scopes
-
admin
· Admin scope - used for built-in PrivX admin account -
requestsView
· View requests -
service
· Microservice scope - used for communication between PrivX microservices -
user
· Normal users -
workflowsManage
· Manage role granting workflows -
workflowsRequestOnBehalf
· Create a role request on behalf of someone -
workflowsRequests
· Manage a role requests -
workflowsView
· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Request item successfully deleted
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveUpdate a request in queue. Only users with matching role are permitted to change the status of a step requiring such role.
step
int
Workflow step requires approval
decision
string
The user's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment accompanying the decision
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
request_id
string
required
Request item ID
oauth
Required Scopes:
workflowsRequests
admin
Update a request in queue. Only users with matching role are permitted to change the status of a step requiring such role.
All Scopes
-
admin
· Admin scope - used for built-in PrivX admin account -
requestsView
· View requests -
service
· Microservice scope - used for communication between PrivX microservices -
user
· Normal users -
workflowsManage
· Manage role granting workflows -
workflowsRequestOnBehalf
· Create a role request on behalf of someone -
workflowsRequests
· Manage a role requests -
workflowsView
· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Request
{
"step": 123,
"decision": "WAITING",
"comment": "string"
}
Response
Decision recorded
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveRevoke the target user role. Only original approvers of the request can revoke a role this way.
request_id
string
required
Request item ID
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
oauth
Required Scopes:
workflowsRequests
admin
Revoke the target user role. Only original approvers of the request can revoke a role this way.
All Scopes
-
admin
· Admin scope - used for built-in PrivX admin account -
requestsView
· View requests -
service
· Microservice scope - used for communication between PrivX microservices -
user
· Normal users -
workflowsManage
· Manage role granting workflows -
workflowsRequestOnBehalf
· Create a role request on behalf of someone -
workflowsRequests
· Manage a role requests -
workflowsView
· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Role revoked
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivekeywords
string
- Example
- "GRANT"
start_time
string
date-time
- Example
- "2017-01-01T15:05:05Z"
end_time
string
date-time
- Example
- "2017-01-01T15:05:05Z"
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
offset
int
Offset where to start fetching the items
- Default
- 0
limit
int
Number of items to return
- Default
- 50
sortkey
string
Sort by specific object property
- Default
- "id"
sortdir
string
Sort direction, asc or desc
- Default
- "ASC"
- Enum
-
- ASC
- DESC
filter
string
required
Filter request items(requests, active_requests, approvals, etc.)
- Default
- "REQUESTS"
- Enum
-
- ALL
- ACTIVE_REQUESTS
- ACTIVE_APPROVALS
- APPROVALS
- REQUESTS
oauth
Required Scopes:
admin
workflowsRequests
requestsView
Search access requests
All Scopes
-
admin
· Admin scope - used for built-in PrivX admin account -
requestsView
· View requests -
service
· Microservice scope - used for communication between PrivX microservices -
user
· Normal users -
workflowsManage
· Manage role granting workflows -
workflowsRequestOnBehalf
· Create a role request on behalf of someone -
workflowsRequests
· Manage a role requests -
workflowsView
· View role granting workflows
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Request
{
"keywords": "GRANT",
"start_time": "2017-01-01T15:05:05Z",
"end_time": "2017-01-01T15:05:05Z"
}
Response
Successful response, returns an array of requests, returns an empty array if no requests found
{
"count": 123,
"items": [
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"requester": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"requested_role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"request_justification": "string",
"grant_type": "PERMANENT",
"grant_types": [
"PERMANENT"
],
"grant_start": "2017-01-01T15:05:05Z",
"grant_end": "2017-01-01T15:05:05Z",
"floating_length": 24,
"max_floating_duration": 48,
"max_time_restricted_duration": 15,
"requested_grant_type": "PERMANENT",
"requested_grant_start": "2017-01-01T15:05:05Z",
"requested_grant_end": "2017-01-01T15:05:05Z",
"requested_floating_length": 24,
"target_user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_roles": [
{
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
}
],
"workflow": "5bf77342-221c-11ee-be56-0242ac120002",
"action": "GRANT",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"name": "An example workflow",
"status": "WAITING",
"comment": "A comment",
"approver_can_revoke": true,
"target_role_revoked": true,
"target_role_revoked_by": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"target_role_revocation_time": "2017-01-01T15:05:05Z",
"can_bypass_revoke_workflow": true,
"steps": [
{
"name": "string",
"match": "ALL",
"approvers": [
{
"role": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"name": "string",
"deleted": true
},
"decision": "WAITING",
"user": {
"id": "5bf77342-221c-11ee-be56-0242ac120002",
"display_name": "string"
},
"decision_time": "2017-01-01T15:05:05Z",
"comment": "string"
}
]
}
]
}
]
}
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}
error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
- MATCHING_WORKFLOW_NOT_FOUND
- MULTIPLE_MATCHING_WORKFLOWS
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivecount
int
items
array[object]
object
Description of a complete workflow. Used both in workflow templates and in requests - depending on the usage, different properties are editable. Workflow-template properties are indicated with a [T] and request properties with [R].
id
string
uuid
The UUID of the returned object, unique to a workflow template and a request. [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
requester
object (requester)
The ID & display name of the user making the request [R]
id
string
uuid
display_name
string
requested_role
object (requested_role)
The ID and display name of the requested role. Display name stored for posterity.
id
string
uuid
The ID of the requested role [R]
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
request_justification
string
Justification for the request [R]
grant_type
string
Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_types
array[string]
List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. [T]
string
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
grant_start
string
date-time
Date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
grant_end
string
date-time
Date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
floating_length
int
Time in hours how long the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
max_floating_duration
int
Time in hours how long the grant should not exceed after initial connection. [T]
- Example
- 48
max_time_restricted_duration
int
Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration. [T]
- Example
- 15
requested_grant_type
string
Requested grant type, is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window. Can be overriden in decision phase. [R]
- Enum
-
- PERMANENT
- TIME_RESTRICTED
- FLOATING
requested_grant_start
string
date-time
Requested date & time after which the role is granted to the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_grant_end
string
date-time
Requested date & time after which the role is removed from the user. Can be overriden in decision phase. [R]
- Example
- "2017-01-01T15:05:05Z"
requested_floating_length
int
Requested time in hours for which the grant should last after initial connection. Can be overriden in decision phase. [R]
- Example
- 24
target_user
object (target_user)
The ID of the user the request is made for [R]
id
string
uuid
display_name
string
target_roles
array[object]
A list of roles this workflow targets [TR]
object
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
workflow
string
uuid
The ID of the workflow the request is based on [TR]
action
string
Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template. [TR]
- Enum
-
- GRANT
- REMOVE
- BOTH
created
string
date-time
When the object was created [TR]
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was updated [TR]
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object [TR]
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
name
string
required
Name of the workflow [T]
- Min Length
- 4
- Max Length
- 4096
- Example
- "An example workflow"
status
string
Computed status for the instance of the workflow - based on step statuses [R]
- Default
- "WAITING"
- Enum
-
- WAITING
- APPROVED
- DENIED
comment
string
A comment describing the object [TR]
- Example
- "A comment"
approver_can_revoke
boolean
A flag used to determine if approvers can revoke a role from target user [R]
- Default
- false
target_role_revoked
boolean
Is set to true only when the target role has been revoked via the request by one of the approvers [R]
- Default
- false
target_role_revoked_by
object (target_role_revoked_by)
User object of who revoked the target role [R]
id
string
uuid
display_name
string
target_role_revocation_time
string
date-time
Date and time of revocation [R]
- Example
- "2017-01-01T15:05:05Z"
can_bypass_revoke_workflow
boolean
A flag used to determine if approvers can bypass the revoke workflow to revoke a role [T]
- Default
- false
steps
array[object]
required
Array of steps [TR]
object
Approval step in the workflow. These are read-only for requests. [TR]
name
string
required
Workflow-step name
match
string
required
All approvers must approve or any approver can approve
- Enum
-
- ALL
- ANY
approvers
array[object]
required
Who are the approvers in this step
object
Approver within a workflow step. Can be a role or a principal [TR]
role
object (role)
required
Approving role's ID and display name
id
string
uuid
name
string
deleted
boolean
It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.
decision
string
required
Approver's decision
- Enum
-
- WAITING
- APPROVED
- DENIED
user
object (user)
User who made the decision for the step
id
string
uuid
display_name
string
decision_time
string
date-time
When the decision was made [R]
- Example
- "2017-01-01T15:05:05Z"
comment
string
A comment accompanying the decision
Was this page helpful?