Skip to main content

Check Access

Check whether a user or account has access to a specific entitlement. Optionally validate whether the access grant would violate a rule or change request policy.

GET https://instance.securid.com/aveksa/command.submit?cmd=checkAccess

Request

Parameters

Common
checkAccess
formatproperties - (Default) Returns the response as key=value pairs.

json - Returns the response as JSON.
checkOptionControls what is checked. Values:
  • checkAccess (Default): returns result only
  • validateRuleOnly: returns result, violations, crState
  • validateCROnly: returns result, violations, crState
  • validateCRAndRule: returns result, violations, crState
ignoreUserMappingWhen true, skips checking access for users mapped to the specified account. Default: false
Accounts
accountBSThe name of the business source associated with the account. Must be used with accountName.
accountNameThe account name. Must be used with accountBS.
userIdThe user login ID.
uniqueIdThe user unique ID.
emailThe user email address.
Entitlements
entitlementBSThe application, directory, or role set name for the entitlement.
appRoleApplication role name.
resourceThe entitlement resource name. Must be used with action.
actionThe action on the resource. Must be used with resource.
roleRole name.
groupGroup name.

Headers

Bearer token
Acceptapplication/json
Content-Typeapplication/json

Response

Parameters

resulttrue if the user or account has access, false if not.
crStateThe change request state. Values: allowed denied notCheckCR. Returned for all checkOption values other than checkAccess.
violationsRule violations detected. Returns noViolation if none. Returned for all checkOption values other than checkAccess.

Examples

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=checkAccess&format=json&userId=<user-id>&entitlementBS=<bs-name>&role=<role-name>" \
-H "Authorization: Bearer <token>"

Response

Returns result only. checkOption defaults to checkAccess when omitted.

{
"data": {
"type": "checkAccess",
"result": "false"
}
}

Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.