Skip to main content

Find Change Request Items

Find change request items. The command uses the PV_CHANGE_REQUEST_DETAIL public view to find data. Any filters passed should be passed on this public view.

GET https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems

Request

Parameters

findChangeRequestItems
formatproperties - (Default) Returns the response as key=value pairs. When multiple objects are returned, values are comma-delimited: key=value1,value2,value3.

json - Returns the response as JSON.

csv - Returns the response as comma-separated values.

tsv - Returns the response as tab-separated values.

xml - Returns the response as XML.
delimiterThe delimiter to use between values for csv and properties formats
returnColumns

The names of the columns to return. returnColumns may be a CSV list of multiple column names. The returnColumns parameter may also be listed multiple times (ie returnColumns=col1,col2&returnColumns=col3,col4)

Refer to Columns table below.
returnMaxRowsThe maximum number of objects to return
distincttrue, false Returns only distinct values, equivalent to the distinct keyword in SQL.
sortByColumns

The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified.

Refer to Columns table below.
sortDirectionDetermines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used.
includeHeaderRowtrue, false Include column headers when the return format is csv or tsv. (Default) true
ignoreCasetrue, false Returns case-insensitive search results for specified filter parameters. (Default) false

Filter Parameters

Any column listed in the Columns table can be passed as a filter parameter to narrow results. Filters are matched against the PV_CHANGE_REQUEST_DETAIL public view.

Query logic

ScenarioBehavior
Two different parameters: type=Role&state=OpenAND. Returns items where type is Role and state is Open.
Same parameter repeated: state=Open&state=PendingApprovalsOR within that field. Returns items where state is Open or PendingApprovals.
Mixed: type=Role&state=Open&state=PendingApprovals(type is Role) AND (state is Open or PendingApprovals)
OR logic across different parameters is not supported

A single API call cannot return items matching one filter OR another filter on a different parameter. OR logic between different filter parameters is not supported.

Workaround: Make separate requests for each filter value. Merge and deduplicate the results client-side.

Columns

id[Primary Key] Unique change request item identifier
change_request_id[Foreign Key referencing CHANGE_REQUESTS.ID] The change request this item belongs to
request_typeType of the parent change request
typeType of the change request item
stateCurrent state of the change request item
change_data_descriptionDescription of the data change for this item
operand_typeType of the entity being acted upon
operand_id[Foreign Key] ID of the operand entity
value_typeType of the value being applied or revoked
value_id[Foreign Key] ID of the value entity
parent_id[Foreign Key] ID of the parent change request item
derived_typeDerived classification of the change request item
descriptionDescription of this change request item
source_typeSource that originated this change request item
operand_nameDisplay name of the operand entity
value_nameDisplay name of the value entity
resource_nameName of the resource associated with this item
action_nameName of the action to be performed
operand_business_source_id[Foreign Key] Business source ID of the operand
operand_app_id[Foreign Key] Application ID of the operand
value_business_source_id[Foreign Key] Business source ID of the value
value_app_id[Foreign Key] Application ID of the value
affected_user_id[Foreign Key referencing USERS.ID] ID of the user affected by this change request item

Headers

Bearer token
Acceptapplication/json
Content-Typeapplication/json

Response

Parameters

The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.

Examples

All columns

Omit returnColumns to return all fields for each item. This is useful when exploring the data for the first time.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>"

Response

{
"findChangeRequestItems": [
{
"id": "110",
"change_request_id": "102",
"request_type": "Create",
"type": "CreateAccount",
"state": "Cancelled",
"change_data_description": "XXX \"${User.AD_Login}${User.Domain}\" YYY \"Bachar, Gil\"",
"operand_type": "Account",
"operand_id": "100042",
"value_type": "User",
"value_id": "24",
"parent_id": "",
"derived_type": "Direct",
"description": "New account creation for Bachar, Gil triggered automatically by a dependent change item",
"source_type": "ExplicitAccess",
"operand_name": "${User.AD_Login}${User.Domain}",
"value_name": "Bachar, Gil",
"resource_name": "",
"action_name": "",
"operand_business_source_id": "32",
"operand_app_id": "32",
"value_business_source_id": "32",
"value_app_id": "32",
"affected_user_id": "24"
},
{
"id": "105",
"change_request_id": "102",
"request_type": "Create",
"type": "RequestForm",
"state": "Cancelled",
"change_data_description": "XXX \"Default Directory Form\" YYY \"Bachar, Gil\"",
"operand_type": "RF",
"operand_id": "4",
"value_type": "User",
"value_id": "24",
"parent_id": "",
"derived_type": "Direct",
"description": "",
"source_type": "ExplicitAccess",
"operand_name": "Default Directory Form",
"value_name": "Bachar, Gil",
"resource_name": "",
"action_name": "",
"operand_business_source_id": "",
"operand_app_id": "",
"value_business_source_id": "",
"value_app_id": "",
"affected_user_id": "24"
}
]
}

Specific columns

Use returnColumns to limit the response to the fields you need. This keeps the payload small and the mapping work simple.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=json&returnMaxRows=2&returnColumns=id,change_request_id,type,state,operand_name,value_name,affected_user_id" \
-H "Authorization: Bearer <token>"

Response

{
"findChangeRequestItems": [
{
"id": "110",
"change_request_id": "102",
"type": "CreateAccount",
"state": "Cancelled",
"operand_name": "${User.AD_Login}${User.Domain}",
"value_name": "Bachar, Gil",
"affected_user_id": "24"
},
{
"id": "105",
"change_request_id": "102",
"type": "RequestForm",
"state": "Cancelled",
"operand_name": "Default Directory Form",
"value_name": "Bachar, Gil",
"affected_user_id": "24"
}
]
}

Filter by a single value

Pass any column name as a query parameter to filter results. Only items that match the value are returned. The example below returns items where state is Completed.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=json&returnMaxRows=2&returnColumns=id,change_request_id,type,state&state=Completed" \
-H "Authorization: Bearer <token>"

Response

{
"findChangeRequestItems": [
{
"id": "111",
"change_request_id": "102",
"type": "AddAppRoleToAccount",
"state": "Completed"
},
{
"id": "112",
"change_request_id": "102",
"type": "AddAppRoleToAccount",
"state": "Completed"
}
]
}

Filter with OR logic

Repeat the same parameter with different values to match any of them. The example returns items where state is Completed or Cancelled.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=json&returnMaxRows=2&returnColumns=id,change_request_id,type,state&state=Completed&state=Cancelled" \
-H "Authorization: Bearer <token>"

Response

{
"findChangeRequestItems": [
{
"id": "110",
"change_request_id": "102",
"type": "CreateAccount",
"state": "Cancelled"
},
{
"id": "105",
"change_request_id": "102",
"type": "RequestForm",
"state": "Cancelled"
}
]
}

Filter with AND logic

Pass two different parameters to return only items that satisfy both conditions. The example returns items where type is AddAppRoleToAccount and state is Completed.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=json&returnMaxRows=2&returnColumns=id,change_request_id,type,state&type=AddAppRoleToAccount&state=Completed" \
-H "Authorization: Bearer <token>"

Response

{
"findChangeRequestItems": [
{
"id": "111",
"change_request_id": "102",
"type": "AddAppRoleToAccount",
"state": "Completed"
},
{
"id": "112",
"change_request_id": "102",
"type": "AddAppRoleToAccount",
"state": "Completed"
}
]
}

Case-insensitive filter

Filters are case-sensitive by default. Set ignoreCase=true to match regardless of case. The example passes state=completed in lowercase and still returns Completed records.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=json&returnMaxRows=2&returnColumns=id,change_request_id,type,state&state=completed&ignoreCase=true" \
-H "Authorization: Bearer <token>"

Response

{
"findChangeRequestItems": [
{
"id": "111",
"change_request_id": "102",
"type": "AddAppRoleToAccount",
"state": "Completed"
},
{
"id": "112",
"change_request_id": "102",
"type": "AddAppRoleToAccount",
"state": "Completed"
}
]
}

Sort ascending

Use sortByColumns with a column name and sortDirection=asc to sort results from lowest to highest.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=json&returnMaxRows=2&returnColumns=id,change_request_id,type,state&sortByColumns=id&sortDirection=asc" \
-H "Authorization: Bearer <token>"

Response

{
"findChangeRequestItems": [
{
"id": "105",
"change_request_id": "102",
"type": "RequestForm",
"state": "Cancelled"
},
{
"id": "110",
"change_request_id": "102",
"type": "CreateAccount",
"state": "Cancelled"
}
]
}

Sort descending

Set sortDirection=desc to reverse the order.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=json&returnMaxRows=2&returnColumns=id,change_request_id,type,state&sortByColumns=id&sortDirection=desc" \
-H "Authorization: Bearer <token>"

Response

{
"findChangeRequestItems": [
{
"id": "262",
"change_request_id": "221",
"type": "AddAppRoleToAccount",
"state": "Completed"
},
{
"id": "242",
"change_request_id": "201",
"type": "AddAppRoleToAccount",
"state": "Completed"
}
]
}

CSV with custom delimiter

Set format=csv for a comma-separated response. Use delimiter to change the separator character.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=csv&returnMaxRows=2&returnColumns=id,change_request_id,type,state&delimiter=~" \
-H "Authorization: Bearer <token>"

Response

id~change_request_id~type~state
110~102~CreateAccount~Cancelled
105~102~RequestForm~Cancelled

CSV without header row

Set includeHeaderRow=false when your downstream system expects raw data rows without a header.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findChangeRequestItems&format=csv&returnMaxRows=2&returnColumns=id,change_request_id,type,state&includeHeaderRow=false" \
-H "Authorization: Bearer <token>"

Response

110,102,CreateAccount,Cancelled
105,102,RequestForm,Cancelled

Error responses

A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column name that does not exist in the PV_CHANGE_REQUEST_DETAIL public view.

<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findChangeRequestItems'. Token is invalid or expired</body>
</html>

Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.