Access Certification Campaign Type REST Endpoint

Last modified 13 Mar 2024 13:32 +01:00

Description

Here we are describing the Access Certification Campaign object type in relation to midPoints REST API. The Access Certification Campaign objects are a part of the REST API web resources.

Endpoint
accessCertificationCampaigns/

Operations And Examples

The Access Certification Campaign Type endpoint operations and examples.

In our examples we are authenticating with the credentials, name "administrator" and password "y0uR_P455woR*d" on a localhost instance running on port 8080.

For some help regarding the REST examples please see this link:

Get Access Certification Campaign Type Objects

Get operation for fetching a single specific object.

Get Access Certification Campaign Type object
curl --user administrator:y0uR_P455woR*d \
-H "Accept: application/json" \
-X GET http://localhost:8080/midpoint/ws/rest/accessCertificationCampaigns/3a0fb4a2-ffbd-4e72-bbff-47327df054c4?options=raw \
-v

The response is an HTTP 200 code in case of success with a response body containing the queried item.

Example Output of "Get Access Certification Campaign Type object" example

The example is simplified, some properties were removed to keep the example output "short". This example does not contain all possible properties of this object type.

{
	"accessCertificationCampaign": {
		"oid": "3a0fb4a2-ffbd-4e72-bbff-47327df054c4",
		"version": "0",
		"name": "User's assignemnts according to the manager 1",
		"description": "Certifies all users' assignments. Everything is certified by the administrator.",
		"iteration": 1,
		"definitionRef": {
			"oid": "8f37ee15-9945-4872-8b90-8cb75f304b41",
			"relation": "org:default",
			"type": "c:AccessCertificationDefinitionType"
		},
		"ownerRef": {
			"oid": "00000000-0000-0000-0000-000000000002",
			"relation": "org:default",
			"type": "c:UserType"
		},
		"handlerUri": "http://midpoint.evolveum.com/xml/ns/public/certification/handlers-3#direct-assignment",
		"scopeDefinition": {
			"@type": "c:AccessCertificationAssignmentReviewScopeType",
			"objectType": "#UserType",
			"searchFilter": {
				"org": {
					"@ns": "http://prism.evolveum.com/xml/ns/public/query-3",
					"path": "parentOrgRef",
					"orgRef": {
						"oid": "7d1e7065-455c-48d5-a469-1734fd255739",
						"scope": "SUBTREE"
					}
				}
			},
			"itemSelectionExpression": {
				"script": [
					{
						"code": "\nimport com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType\nlog.info(\"####### assignment: \" + assignment)\nif (assignment.targetRef.type.localPart.equals('RoleType')) \n{log.info(\"#### not a OrgType: \" + assignment.targetRef.type.localPart)\nrole = midpoint.resolveReferenceIfExists(assignment.targetRef)\nlog.info(\"##### role: \" + role)\nlog.info(\"##### role type: \" + role.subtype)\nreturn role != null && role.requestable}\norg = midpoint.resolveReferenceIfExists(assignment.targetRef)\nlog.info(\"##### org: \" + org)\nlog.info(\"##### org type: \" + org.subtype)\nreturn org != null && org.subtype[0] == 'access'\n\n                "
					}
				]
			},
			"includeRoles": true,
			"includeOrgs": true,
			"includeResources": false
		},
		"remediationDefinition": {
			"style": "automated"
		},
		"stageDefinition": {
			"@id": 1,
			"number": 1,
			"name": "Manager's review",
			"description": "In this stage, the manager has to review all the assignments of users belonging to his org unit.",
			"duration": "P14D",
			"notifyBeforeDeadline": [
				"PT48H",
				"PT12H"
			],
			"notifyOnlyWhenNoDecision": true,
			"reviewerSpecification": {
				"useObjectManager": {
					"allowSelf": false
				}
			},
			"timedActions": {
				"@id": 2,
				"time": {
					"value": [
						"P7D"
					]
				},
				"actions": {
					"escalate": {
						"approverRef": {
							"oid": "00000000-0000-0000-0000-000000000002",
							"relation": "org:default",
							"type": "c:UserType"
						},
						"delegationMethod": "addAssignees",
						"escalationLevelName": "Level1"
					}
				}
			}
		},
		"state": "created",
		"stageNumber": 0
	}
}

Search for Access Certification Campaign Type Objects

Search operation usable for fetching the full list of objects or a list based on filter.

Search all Access Certification Campaign Type
curl --user administrator:y0uR_P455woR*d \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-X POST http://localhost:8080/midpoint/ws/rest/accessCertificationCampaigns/search?options=resolveNames \
-v \
--data-binary @./samples/rest/query-all.json
Show data source example for "Search for all" | GitHub
{
  "query" : ""
}

The response is an HTTP 200 code in case of success with a response body containing the queried items.

Example Output is a list of objects.

The example is simplified, some parts were removed for the purpose of this example.

{
	"@ns": "http://prism.evolveum.com/xml/ns/public/types-3",
	"object": {
		"@type": "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3#ObjectListType",
		"object": [
			{
				"@type": "c:AccessCertificationCampaignType",
				"oid": "3a0fb4a2-ffbd-4e72-bbff-47327df054c4",
				"version": "0",
				"name": "User's assignemnts according to the manager 1",
				"description": "Certifies all users' assignments. Everything is certified by the administrator.",
				"iteration": 1,
				"definitionRef": {
					"oid": "8f37ee15-9945-4872-8b90-8cb75f304b41",
					"relation": "org:default",
					"type": "c:AccessCertificationDefinitionType",
					"targetName": "User's assignemnts according to the manager"
				},
				"ownerRef": {
					"oid": "00000000-0000-0000-0000-000000000002",
					"relation": "org:default",
					"type": "c:UserType",
					"targetName": "administrator"
				},
				"handlerUri": "http://midpoint.evolveum.com/xml/ns/public/certification/handlers-3#direct-assignment",
				"scopeDefinition": {
					"@type": "c:AccessCertificationAssignmentReviewScopeType",
					"objectType": "#UserType",
					"searchFilter": {
						"org": {
							"@ns": "http://prism.evolveum.com/xml/ns/public/query-3",
							"path": "parentOrgRef",
							"orgRef": {
								"oid": "7d1e7065-455c-48d5-a469-1734fd255739",
								"scope": "SUBTREE"
							}
						}
					},
					"itemSelectionExpression": {
						"script": []
					},
					"includeRoles": true,
					"includeOrgs": true,
					"includeResources": false
				},
				"remediationDefinition": {
					"style": "automated"
				},
				"stageDefinition": {
					"@id": 1,
					"number": 1,
					"name": "Manager's review",
					"description": "In this stage, the manager has to review all the assignments of users belonging to his org unit.",
					"duration": "P14D",
					"notifyBeforeDeadline": [
						"PT48H",
						"PT12H"
					],
					"notifyOnlyWhenNoDecision": true,
					"reviewerSpecification": {
						"useObjectManager": {
							"allowSelf": false
						}
					},
					"timedActions": {
						"@id": 2,
						"time": {
							"value": [
								"P7D"
							]
						},
						"actions": {
							"escalate": {
								"approverRef": {
									"oid": "00000000-0000-0000-0000-000000000002",
									"relation": "org:default",
									"type": "c:UserType",
									"targetName": "administrator"
								},
								"delegationMethod": "addAssignees",
								"escalationLevelName": "Level1"
							}
						}
					}
				},
				"state": "created",
				"stageNumber": 0
			}
		]
	}
}
Show data source example for "Search for all" | GitHub
{
  "query" : ""
}

The response is an HTTP 200 code in case of success with a response body containing the queried items.

Example Output is a list of objects.
{
  "@ns" : "http://prism.evolveum.com/xml/ns/public/types-3",
  "object" : {
    "@type" : "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3#ObjectListType",
    "object" : [ {
      "@type" : "",
      "oid" : "",
      "version" : "",
      "name" : "",
      "metadata" : {},
      "operationExecution": {},
      "indestructible": ,
      "iteration" : ,
      "iterationToken" : "",
      "archetypeRef": {},
      "roleMembershipRef": {},
      "activation": {}
    }, {
      "@type" : "",
      "oid" : "",
      "version" : "",
      "name" : "",
      "metadata" : {},
      "operationExecution": {},
      "indestructible": ,
      "iteration" : ,
      "iterationToken" : "",
      "archetypeRef": {},
      "roleMembershipRef": {},
      "activation": {}
    } ]
  }
}

Modify Access Certification Campaign Type Objects

Modify Attribute Access Certification Campaigns
curl --user administrator:y0uR_P455woR*d \
-H "Content-Type: application/json" \
-X PATCH http://localhost:8080/midpoint/ws/rest/accessCertificationCampaigns/3a0fb4a2-ffbd-4e72-bbff-47327df054c4 \
-v \
--data-binary @./samples/rest/modify-attribute-gen.json

Delete Access Certification Campaign Type Objects

Delete a Resource type object
curl --user administrator:y0uR_P455woR*d \
-v \
-X DELETE http://localhost:8080/midpoint/ws/rest/accessCertificationCampaigns/3a0fb4a2-ffbd-4e72-bbff-47327df054c4

The response is an HTTP 204 code in case of success without a response body.

Generate and Validate Operations for Access Certification Campaign Type Objects

Operations to generate or validate values.

JSON Example

Example output of information regarding a specific Access Certification Campaign object. Metadata is usually a part of the output, yet it was removed for the purpose of the example.

Show JSON Example
{
	"accessCertificationCampaign": {
		"oid": "3a0fb4a2-ffbd-4e72-bbff-47327df054c4",
		"version": "0",
		"name": "User's assignemnts according to the manager 1",
		"description": "Certifies all users' assignments. Everything is certified by the administrator.",
		"iteration": 1,
		"definitionRef": {
			"oid": "8f37ee15-9945-4872-8b90-8cb75f304b41",
			"relation": "org:default",
			"type": "c:AccessCertificationDefinitionType"
		},
		"ownerRef": {
			"oid": "00000000-0000-0000-0000-000000000002",
			"relation": "org:default",
			"type": "c:UserType"
		},
		"handlerUri": "http://midpoint.evolveum.com/xml/ns/public/certification/handlers-3#direct-assignment",
		"scopeDefinition": {
			"@type": "c:AccessCertificationAssignmentReviewScopeType",
			"objectType": "#UserType",
			"searchFilter": {
				"org": {
					"@ns": "http://prism.evolveum.com/xml/ns/public/query-3",
					"path": "parentOrgRef",
					"orgRef": {
						"oid": "7d1e7065-455c-48d5-a469-1734fd255739",
						"scope": "SUBTREE"
					}
				}
			},
			"itemSelectionExpression": {
				"script": [
					{
						"code": "\nimport com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType\nlog.info(\"####### assignment: \" + assignment)\nif (assignment.targetRef.type.localPart.equals('RoleType')) \n{log.info(\"#### not a OrgType: \" + assignment.targetRef.type.localPart)\nrole = midpoint.resolveReferenceIfExists(assignment.targetRef)\nlog.info(\"##### role: \" + role)\nlog.info(\"##### role type: \" + role.subtype)\nreturn role != null && role.requestable}\norg = midpoint.resolveReferenceIfExists(assignment.targetRef)\nlog.info(\"##### org: \" + org)\nlog.info(\"##### org type: \" + org.subtype)\nreturn org != null && org.subtype[0] == 'access'\n\n                "
					}
				]
			},
			"includeRoles": true,
			"includeOrgs": true,
			"includeResources": false
		},
		"remediationDefinition": {
			"style": "automated"
		},
		"stageDefinition": {
			"@id": 1,
			"number": 1,
			"name": "Manager's review",
			"description": "In this stage, the manager has to review all the assignments of users belonging to his org unit.",
			"duration": "P14D",
			"notifyBeforeDeadline": [
				"PT48H",
				"PT12H"
			],
			"notifyOnlyWhenNoDecision": true,
			"reviewerSpecification": {
				"useObjectManager": {
					"allowSelf": false
				}
			},
			"timedActions": {
				"@id": 2,
				"time": {
					"value": [
						"P7D"
					]
				},
				"actions": {
					"escalate": {
						"approverRef": {
							"oid": "00000000-0000-0000-0000-000000000002",
							"relation": "org:default",
							"type": "c:UserType"
						},
						"delegationMethod": "addAssignees",
						"escalationLevelName": "Level1"
					}
				}
			}
		},
		"state": "created",
		"stageNumber": 0
	}
}
Was this page helpful?
YES NO
Thanks for your feedback