Skip to main content
Version: On prem: 15.0.5

Changelog

Version 3.4

  • We have added the following fields to the IdentityFilterPropertyType and ResourceFilterPropertyType:

    • DefaultValue: Default value of the property.
    • DefaultValueName: Name of te default value.
note

Those fields define the default value property filter in the Access request when applicable.

  • RevokeAssignmentInputType: RevokeOn field is now optional.

Version 3.3

  • Added trustedSystems which indicates the systems trusted by this system.

Version 3.2

  • Added options argument (of type AccessApprovalStatusOptionsInputType) to the accessApprovalWorkflowStatus query for more flexible status retrieval.
  • Added ReasonMaxLength field to specify the maximum length of the reason field in Access request configuration.
  • Added field Default that indicates if the reason is set as the default reason for Access request.

Version 3.1

  • Added areResourcesVisibleToIdentities which given a list of identities and resources, returns the resources that are visible to all of the specified identities regarding eligibility.
  • Added resourceFilterPropertyIds and resourceFilterPropertyValues to configure the filters of Access request.

Version 3.0

  • Updated handling of hidden form fields:

    The behavior of form fields configured as hidden client-side or hidden server-side has been clarified and standardized.

    Client-side hidden fields are now included in form definitions and form-data responses, but are marked as "hidden": true in the form metadata. Server-side hidden fields are fully excluded from both form definitions and form-data responses.

    This update ensures consistency with customer expectations: server-side hidden fields are not exposed through the API, while client-side hidden fields remain available for scenarios that require them but are visually hidden in the UI.

  • Updated the API response code for error conditions from Bad request (400) to OK (200) in internal processing errors that previously returned a 400 status code inappropriately.

    note

    Please review your error-handling implementations and adjust any logic that specifically checks for a 400 response in affected API calls.

  • Updated the logic for the Reason field in the access request configuration type from a simple Boolean (required/not required) to a more flexible enum-based configuration with three possible values:

    • Required: Field is shown and validation is enforced.
    • Optional: Field is shown but not validated.
    • Hidden: Field is not shown and not validated.

    To manage this setting, go to: Setup > Forms > Request access (ed2) - Submit form > Design form > Specify a reason.

    To make the field optional, deselect both Requires value and Hidden (clientside). This way, you will be able to submit the form without selecting a reason, introducing an optional state in the access request flow.

    Design of Request access form

  • Before, if a resource assignment had no violations, it was possible to map this value to NoOverride. This has been fixed so that now, if a resource assignment has no violations, it will correctly have NoViolation assigned as its violation status.

  • Updated the isContextRequired field in the access request configuration type form to an enumeration type with three possible values defining access request flow behavior for business context:

    • Required: Field is visible and validated.
    • Optional: Field is visible but not validated (the field is automatically populated, but can be left empty).
    • Hidden: Field is not visible and not validated.

Version 2.20

  • Added accessApprovalWorkflowStatus query used to get the workflow steps and status for the given survey objects.

    • Added AccessApprovalWorkflowStatusType with fields:

      • UId: unique identifier for the workflow step status, represents the activity UID.
      • DisplayName: The workflow step Display Name.
      • Name: The workflow step Name.
      • Active: The state of the step (True: active / False: inactive).
      • CompleteTime: The time when the step was completed.
      • SurveyObjectKey: Uid of the surveyObject.
      • ApprovalStatus: approval status of the workflow step, using AccessApprovalDecision (None, Approve, Reject).
      • Asignees: List of ids of the asignees of the workflowstep.

  • IdentitiesInputType:

    • Added Properties filter for identities.

Version 2.19

  • Added extendAccess mutation for extending a resource assignments validity.

    • Added ExtendAccessInputType with fields:
      • ResourceAssignmentId: UID of the resource assignment to extend.
      • Reason: Reason for extension.
      • ValidTo: New valid to of the resource assignment.

  • ResourceType:

    • Added maxValidity field for resources.

  • AccessApprovalConfigurationType:

    • Added RejectReasonRequired field.

  • AccessApprovalSurveyQuestionFilterInputType:

    • Added requestType filter to filter between Access request and Extend access requests.

  • AccessApprovalSurveyQuestionsSortProperty:

    • Added REQUEST_TYPE sorting.

  • CalculatedAssignmentFilterInputType:

    • Added multipleIdentityIds filter.

Version 2.18

  • AccessApprovalSurveyQuestionsType:

    • Added secondSorting argument for survey questions.

  • CalculatedAssignmentSortProperty:

    • Added DISABLED and VIOLATION_STATUS sort properties.

  • AccessApprovalWorkflowStepQuestionsCountType:

    • Added WorkflowStepTitle field.

Version 2.17

  • Added cancelResourceAssignmentRequest mutation.

    • Added CancelResourceAssignmentRequestInputType with fields:
      • ResourceAssignmentIds: List of resource assignments UIDs to cancel.

  • AccessApprovalStatusEnum:

    • Added canceled status.

  • AccessRequestComponentsType:

    • Added strictModeContexts field for strict eligibility filtering.

  • AccessApprovalConfigurationType:

    • Added EligibilityFilteringModes field.

  • CalculatedAssignmentFilterInputType:

    • Added isApplicationAccountsSystemVisible filter.

  • AccessApprovalResourceAssignmentIds:

    • Added resourceAssignmentIds argument for filtering resource assignment by their UID,

Version 2.16

  • Added revokeAssignment query used to Revoke RoPE calculated assignments by their UIDs.

    • Added RevokeAssignmentInputType with fields:
      • AssignmentsUId: List of RoPE calculated assignments UIds to be revoked.
      • RevokeOn: Date when the resource assignment will be revoked.
      • VerdictComment: Optional comment to add to the verdict.

  • AccessApprovalSurveyQuestionsType:

    • Added WorkflowStepTitle field.

  • IdentitiesInputType:

    • Added identityType filter for identities.

  • ResourcesInputType:

    • Added resourceCategories filter for resources.

  • AccessApprovalStatusEnum:

    • Added approvalSurveyLaunchFailed status.

Version 2.15

  • Added logs query to retrieve logs.

    • Added LogsType with fields:
      • IdentityId

  • EligibilityFilterInputType:

    • Added identityContexts field for filtering resources by identity-context pairs.

  • CalculatedAssignmentFilterInputType:

    • Added systemName filter for calculated assignments.

Version 2.14

  • Added new query identityContexts
  • Added new contextID field at the resource level for the accessRequestPolicyChecks query. This new field enables the specification of unique contexts for each resource. If the contextId is not provided for all resources included in the query, the API will automatically attempt to utilize the context field from the root level of the query.

Version 2.13

  • Added new filter eligibilityFilter to query resources
  • Added new field to AccessRequestStatus: AccessApprovalStatusEnum

Version 2.12

  • Added new query accessApprovalResourceAssignmentIds
  • Added new field to AccessApprovalConfiguration: MassEditEnabled
  • Added new field to PeerReviewAccessPolicyCheckResult ResourceAssignment
  • Added new field to SAPPolicyCheckResult ResourceAssignment
  • Added new field to SoDPolicyCheckResult ResourceAssignment

Version 2.11

  • Added new query accessApprovalWorkflowStepsQuestionCount
  • Added new query accessApprovalReassignmentUsers
  • Added new mutation reassignSurveyQuestions
  • Added new field to SystemCategory: Content
  • Added new field to AccessApprovalConfiguration: ReassignmentEnabled
  • Added new field to CalculatedAssignmentFilterInput identityIds
  • Added new field to ResourceType: autoCreateAccounts
  • Added new field to System: autoCreateAccounts

Version 2.10

We have added a new field to System:

  • SystemCategory

Version 2.9

We have included new fields to AccessRequestStatus:

  • ViolationStatus
  • ViolationStatusText
  • ProvisioningStatus
  • ProvisioningStatusText

Version 2.8

We have included a new query calculatedAssignments. This query is designed to retrieve all calculated assignments data associated with a specific system, based on the provided systemID.

We have enhanced the accessRequests/childAssignments to now include all data points that are available through the calculatedAssignments query.

Version 2.7

We have included the CreateTime field and the CreatedBy object on the following types:

  • Resource
  • Identity
  • System
  • ResourceAssignment
  • Account
  • ResourceFolder
  • ResourceType

Added new policyCheckConfiguration query. This field returns True if any policy and risk checks in the Enterprise Server are configured as active, not hidden in the Access approval survey and the Mode is not set to Calculation.

Added new accessApprovalPolicyChecks query that can be used to execute a policy and risk check for the question assigned to the active user in the Access approval survey. The query comprises three fields:

  • SoDPolicyCheck: contains the results of an SoD (Segregation of Duties) policy check. Returns null if the policy check is disabled.

  • SAPPolicyCheck: contains the result of the SAP GRC policy and risk check. Returns null if the policy check is disabled.

  • PeerReviewAccessPolicyCheck: contains the result of the Peer access analysis policy check. Returns null if the policy check is disabled.

  • accessApprovalPolicyChecks: the query can be used for performing simulated policy checks of assignments pending approval.

  • Version 2.6

    • Added new accessApprovalSurveyConfiguration query
    • Added new filter workflowStep filter in the accessRequestApprovalSurveyQuestions query

  • Version 2.5

New queries under accessRequestComponents:

  • resourceTypes

  • contexts

  • configuration

  • Version 2.4

    • New query accessRequestApprovalSurveyQuestions
    • New mutation SubmitRequestQuestions
    • New riskLevel fields to:
      • ResourceType
      • IdentityType

  • Version 2.3

    • Changed all DateTimes fields to return their values in UTC format
    • New query userSettings

  • Version 2.2

New query extendAccessRequests

  • Version 2.1

New queries under accessRequestComponents:

  • identitiesCanRequestResource
  • extendableResourceAssignments

New mutation extendAccess

All queries which supports pagination and accessRequests have been wrapped into a new type, paginationListType, with new fields:

  • Data
  • Total
  • Pages

New types: identityResourcesInputType

Changes to:

  • accessRequestAsResourcesInputType: reason has been made nullable, added identityResources
  • accessRequestAsTextInputType: reason has been made nullable
  • accessRequestType: validFrom and validTo has been made nullable, added reason and resourceAssignmentId
  • contextType: has been renamed to displayName

New fields to:

  • resourceType: resourceCategory, resourceType, resourceFolder and accountTypes
  • accessRequestConfigurationType: isAccountRequired, isReasonRequired and defaultAccountType

New fields to:

  • IdentityType: IdentityType and accounts

  • ResourceInputType: AccountInfo

  • Version 2.0

  • accessRequest query renamed to accessRequestComponents

New queries:

  • textBasedAccessRequest

  • textBasedAccessRequestsByIds

  • accessRequestsByIds There is a bug in this version when requesting access to a resource that contains child resources. The data is not loading, and an exception is being recorded in the event log.

  • Version 1.1

Added support of Attributes in the Resource type.

  • Version 1.0

Initial release of the API