Skip to main content
Version: v41

workflows

countinteger
items object[]
  • Array [
    • idstring<uuid>

    The UUID of the returned object, unique to a workflow template.

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    requester object

    The ID & display name of the user making the request.

    idstring<uuid>
    display_namestring
    deletedboolean

    It indicates whether a user is present in the system or not.

    requested_role object

    The ID and display name of the requested role. Display name stored for posterity.

    idstring<uuid>

    The ID of the requested role.

    namestring
    deletedboolean

    It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.

    request_justificationstring

    Justification for the request.

    grant_typesstring[]

    List of role granting types. Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window.

    Possible values: [PERMANENT, TIME_RESTRICTED, FLOATING]

    grant_startstring<date-time>

    Date & time after which the role is granted to the user. Can be overriden in decision phase.

    Example: 2017-01-01T15:05:05Z
    grant_endstring<date-time>

    Date & time after which the role is removed from the user. Can be overriden in decision phase.

    Example: 2017-01-01T15:05:05Z
    floating_lengthinteger

    Time in hours how long the grant should last after initial connection. Can be overriden in decision phase.

    Example: 24
    max_active_requestsintegerrequired

    Maximum number of concurrent open requests a user can have per target role. Set to -1 to allow an unlimited number of open requests. Assumed 1 if not specified.

    Example: 1
    max_floating_durationinteger

    Time in hours how long the grant should not exceed after initial connection.

    Example: 48
    max_time_restricted_durationinteger

    Maximum time in days where duration between start-date and end-date of role request must not exceeded this duration.

    Example: 15
    target_user object

    The ID of the user the request is made for.

    idstring<uuid>
    display_namestring
    deletedboolean

    It indicates whether a user is present in the system or not.

    target_roles object[]required

    A list of roles this workflow targets.

  • Array [
    • idstring<uuid>
    namestring
    deletedboolean

    It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.

  • ]
    • actionstringrequired

    Does the workflow GRANT or REMOVE the user from the role. Workflow engine needs to check that the requested action matches allowed actions defined in the template.

    Possible values: [GRANT, REMOVE, BOTH]

    createdstring<date-time>

    When the object was created.

    Example: 2017-01-01T15:05:05Z
    updatedstring<date-time>

    When the object was updated.

    Example: 2017-01-01T15:05:05Z
    updated_bystring<uuid>

    ID of the user who updated the object.

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    authorstring<uuid>

    ID of the user who originally authored the object.

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    namestringrequired

    Name of the workflow.

    Possible values: >= 4 characters and <= 4096 characters

    Example: An example workflow
    statusstring

    Computed status for the instance of the workflow - based on step statuses.

    Possible values: [WAITING, APPROVED, DENIED]

    Default value: WAITING
    commentstring

    A comment describing the object.

    Example: A comment
    can_bypass_revoke_workflowboolean

    A flag used to determine if approvers can bypass the revoke workflow to revoke a role.

    Default value: false
    requires_justificationboolean

    A flag used to determine if requesters can bypass the justification on role requests.

    Default value: false
    steps object[]required

    Array of steps.

  • Array [
    • namestringrequired

    Workflow-step name

    matchstringrequired

    All approvers must approve or any approver can approve. When enabled, AUTO steps means that these will be automatically approved.

    Possible values: [ALL, ANY, AUTO]

    approvers object[]required

    Who are the approvers in this step

  • Array [
    • role objectrequired

    Approving role's ID and display name

    idstring<uuid>
    namestring
    deletedboolean

    It indicates whether a role is present in the system or not. Create/Update workflow/request operations doesn't need to pass any value to this attribute. This field is not read during the Write operations.

  • ]
  • ]
  • ]
    • workflows
    {
      "count": 0,
      "items": [
        {
          "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
          "requester": {
            "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
            "display_name": "string",
            "deleted": true
          },
          "requested_role": {
            "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
            "name": "string",
            "deleted": true
          },
          "request_justification": "string",
          "grant_types": [
            "PERMANENT"
          ],
          "grant_start": "2017-01-01T15:05:05Z",
          "grant_end": "2017-01-01T15:05:05Z",
          "floating_length": 24,
          "max_active_requests": 1,
          "max_floating_duration": 48,
          "max_time_restricted_duration": 15,
          "target_user": {
            "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
            "display_name": "string",
            "deleted": true
          },
          "target_roles": [
            {
              "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
              "name": "string",
              "deleted": true
            }
          ],
          "action": "GRANT",
          "created": "2017-01-01T15:05:05Z",
          "updated": "2017-01-01T15:05:05Z",
          "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
          "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
          "name": "An example workflow",
          "status": "WAITING",
          "comment": "A comment",
          "can_bypass_revoke_workflow": false,
          "requires_justification": false,
          "steps": [
            {
              "name": "string",
              "match": "ALL",
              "approvers": [
                {
                  "role": {
                    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
                    "name": "string",
                    "deleted": true
                  }
                }
              ]
            }
          ]
        }
      ]
    }