Check Access

Check if a user or account is supposed to have access to a particular entitlement, if there are change requests related to the entitlement and if the entitlement violates a policy.

GET https://instance.securid.com/aveksa/command.submit?cmd=about

Request

Parameters

Common
command	checkAccess
format	`properties` - (Default) `key=value`. most useful when requesting a single object. If multiple objects are returned, values is a csv. ie `key=value1,value2,value3` where value1 is the value for the first object, value2 is the value for the 2nd object, etc. `json` - Useful format for parsing into javascript or other languages. See www.json.org for details.
checkOption	Indicates to check access or validate access grants. `checkAccess` (default) `validateRuleOnly` `validateCROnly` `validateCRAndRule`
ignoreUserMapping	`true, false` Boolean flag to ignore checking of access for users mapped to the specified account. (Default) `false`
Accounts
accountBS	This specifies the name of the business source, such as an application or directory, associated with the account. It should be used in conjunction with the accountName parameter
accountName	The account name and must be used along with accountName parameter
userId	User id or login id
uniqueId	User unique id
email	User email address
Entitlements
entitlementBS	The application, directory, or role set name for the entitlement
appRole	Application role name
resource	The name of the entitlement resource, which must be used in conjunction with the action parameter
role	Role name
group	Group name

Response

Parameters

`type`	Executed command name
`result`	The user or account has access to the entitlement, or if access grant is permitted `true`, or not `false`
`crState`	allowed / denied / notCheckCR
`violations`	Returns the names of rules if there are any rule violations; otherwise, indicates `noViolations`

Errors

400 If the user / account / business source / entitlement cannot be found, an error message will be returned in the response body

Examples

Request

Curl

curl -X GET -G "https://instance.securid.com/aveksa/command.submit" \
-d "cmd=checkAccess" \
-d "userId=my_account_id" \
-d "format=json" \
-d "entitlementBS=Aveksa" \
-d "appRole=System%20Administrator" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

200
400 No Account

{
    "data": {
        "type": "checkAccess",
        "result": "true"
    }
}

<html>
  <head>
    <title>Error</title>
  </head>
  <body>
    could not find user or account Query
    String=cmd=checkAccess&amp;userId=user1&amp;format=json&amp;entitlementBS=Aveksa&amp;appRole=System%20Administrator
  </body>
</html>

Request​

Parameters​

Response​

Parameters​

Errors​

Examples​

Request​

Response​

Request

Parameters

Response

Parameters

Errors

Examples

Request

Response