Check Access
Check whether a user or account has access to a specific entitlement. Optionally validate whether the access grant would violate a rule or change request policy.
GET https://instance.securid.com/aveksa/command.submit?cmd=checkAccess
Request
Parameters
| Common | |
| checkAccess | |
| format | properties - (Default) Returns the response as key=value pairs.json - Returns the response as JSON. |
| checkOption | Controls what is checked. Values:
|
| ignoreUserMapping | When true, skips checking access for users mapped to the specified account. Default: false |
| Accounts | |
| accountBS | The name of the business source associated with the account. Must be used with accountName. |
| accountName | The account name. Must be used with accountBS. |
| userId | The user login ID. |
| uniqueId | The user unique ID. |
| The user email address. | |
| Entitlements | |
| entitlementBS | The application, directory, or role set name for the entitlement. |
| appRole | Application role name. |
| resource | The entitlement resource name. Must be used with action. |
| action | The action on the resource. Must be used with resource. |
| role | Role name. |
| group | Group name. |
Headers
Bearer token | |
| Accept | application/json |
| Content-Type | application/json |
Response
Parameters
result | true if the user or account has access, false if not. |
crState | The change request state. Values: allowed denied notCheckCR. Returned for all checkOption values other than checkAccess. |
violations | Rule violations detected. Returns noViolation if none. Returned for all checkOption values other than checkAccess. |
Examples
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=checkAccess&format=json&userId=<user-id>&entitlementBS=<bs-name>&role=<role-name>" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "checkAccess",
"format": "json",
"userId": "<user-id>",
"entitlementBS": "<bs-name>",
"role": "<role-name>"
}
headers = {
'Authorization': 'Bearer <token>'
}
response = requests.get(url, params=params, headers=headers)
if response.status_code == 200:
data = response.json()
print(data)
else:
print(f"Request failed with status code {response.status_code}")
const axios = require('axios');
const url = "https://instance.securid.com/aveksa/command.submit";
const params = {
cmd: "checkAccess",
format: "json",
userId: "<user-id>",
entitlementBS: "<bs-name>",
role: "<role-name>"
};
const headers = {
'Authorization': 'Bearer <token>'
};
axios.get(url, { params, headers })
.then(response => {
if (response.status === 200) {
console.log(response.data);
} else {
console.log(`Request failed with status code ${response.status}`);
}
})
.catch(error => {
console.error('Error:', error);
});
Response
- 200 checkAccess
- 200 validateRuleOnly
- 200 validateCROnly
- 400 User Not Found
- 400 Entitlement Not Found
- 400 Business Source Not Found
- 401 Invalid Token
Returns result only. checkOption defaults to checkAccess when omitted.
{
"data": {
"type": "checkAccess",
"result": "false"
}
}
Returns result, violations, and crState. Use checkOption=validateRuleOnly.
{
"data": {
"type": "checkAccess",
"result": "true",
"violations": "noViolation",
"crState": "notCheckCR"
}
}
Returns result, violations, and crState. Use checkOption=validateCROnly.
{
"data": {
"type": "checkAccess",
"result": "false",
"violations": "noViolation",
"crState": "denied"
}
}
Returned when the user or account cannot be found.
<html>
<head>
<title>Error</title>
</head>
<body>could not find user or account
Query String=cmd=checkAccess&format=json&userId=invalid&entitlementBS=AveksaRoles&role=Test+Role</body>
</html>
Returned when the entitlement name cannot be found.
<html>
<head>
<title>Error</title>
</head>
<body>could not find entitlement
Query String=cmd=checkAccess&format=json&userId=user1&entitlementBS=AveksaRoles&role=InvalidRole</body>
</html>
Returned when the entitlement business source cannot be found.
<html>
<head>
<title>Error</title>
</head>
<body>could not find entitlement business source
Query String=cmd=checkAccess&format=json&userId=user1&entitlementBS=InvalidBS&role=Test+Role</body>
</html>
<html>
<head>
<title>Error</title>
</head>
<body>The token is not valid for the command 'checkAccess'. Token is invalid or expired</body>
</html>
Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.