Find Entitlements
Find entitlements in the identity store. The command uses the PV_ENTITLEMENTS public view to find data. Any filters passed should apply to this public view.
GET https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements
Request
Parameters
| findEntitlements | |
| format | properties - (Default) Returns the response as key=value pairs. When multiple objects are returned, values are comma-delimited: key=value1,value2,value3.json - Returns the response as JSON.csv - Returns the response as comma-separated values.tsv - Returns the response as tab-separated values.xml - Returns the response as XML. |
| delimiter | The delimiter to use between values for csv and properties formats |
| returnColumns | The names of the columns to return. |
| returnMaxRows | The maximum number of objects to return |
| distinct | true, false Returns only distinct values, equivalent to the distinct keyword in SQL. |
| sortByColumns | The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified. Refer to Columns table below. |
| sortDirection | Determines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used. |
| includeHeaderRow | true, false Include column headers when the return format is csv or tsv. (Default) true |
| ignoreCase | true, false Returns case-insensitive search results for specified filter parameters. (Default) false |
Filter Parameters
Any column listed in the Columns table can be passed as a filter parameter to narrow results. Filters are matched against the PV_ENTITLEMENTS public view.
Query logic
| Scenario | Behavior |
|---|---|
Two different parameters: application_name=Aveksa&ent_type=ent | AND. Returns entitlements from Aveksa that have type ent. |
Same parameter repeated: ent_type=ent&ent_type=group | OR within that field. Returns entitlements with type ent or group. |
Mixed: application_name=Aveksa&ent_type=ent&ent_type=group | (application is Aveksa) AND (type is ent or group) |
A single API call cannot return entitlements where application_name=Aveksa OR ent_type=group. OR logic between different filter parameters is not supported.
Workaround: Make separate requests for each filter condition. Merge and deduplicate the results client-side.
Columns
| id | [Primary Key] Unique entitlement identifier |
| name | Entitlement name |
| alt_name | Alternate display name for the entitlement |
| action_name | Action name component of the entitlement |
| unique_id | External unique identifier for the entitlement |
| ent_type | Type of entitlement. Common values: ent, group, app-role, global-role |
| all_ent_type | All entitlement types including inherited types |
| short_desc | Short description of the entitlement |
| long_desc | Long description of the entitlement |
| url_ref | URL reference for more information |
| canrequest | 1, 0 Whether this entitlement is available for access request |
| exclude_from_normal_add_access | N, Y Whether this entitlement is excluded from normal add-access workflows |
| activity_owners | Users assigned as activity owners for this entitlement |
| application_id | [Foreign Key referencing APPLICATION.ID] Application this entitlement belongs to |
| application_name | Name of the application this entitlement belongs to |
| application_raw_name | Raw (unformatted) name of the application |
| app_description | Description of the parent application |
| app_decommissioning_date | Date the parent application is or was decommissioned |
| app_is_active | Whether the parent application is currently active |
| app_backup_business_owner | Backup business owner of the parent application |
| app_backup_technical_owner | Backup technical owner of the parent application |
| directory_id | [Foreign Key referencing DIRECTORY.ID] Directory this entitlement is loaded from |
| resource_id | [Foreign Key referencing RESOURCE.ID] Resource this entitlement belongs to |
| resource_name | Name of the resource grouping for this entitlement |
| owner_id | [Foreign Key referencing USERS.ID] User ID of the entitlement owner |
| business_owner | [Foreign Key referencing USERS.ID] User ID of the business owner |
| technical_owner | [Foreign Key referencing USERS.ID] User ID of the technical owner |
| exception_manager | [Foreign Key referencing USERS.ID] User ID of the exception manager |
| business_unit_id | [Foreign Key referencing BUSINESS_UNIT.ID] Business unit for this entitlement |
| ent_external_id | External identifier from the source system |
| approle_description | Description when entitlement is an application role |
| approle_external_id | External ID when entitlement is an application role |
| approle_display_name | Display name when entitlement is an application role |
| approle_type | Role type when entitlement is an application role |
| group_description | Description when entitlement is a group |
| group_type | Type when entitlement is a group |
| group_technical_location | Technical location (e.g., DN) when entitlement is a group |
| group_external_id | External ID when entitlement is a group |
| group_backup_owner | Backup owner when entitlement is a group |
Headers
Bearer token | |
| Accept | application/json |
| Content-Type | application/json |
Response
Parameters
The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.
Examples
All columns
Omit returnColumns to return every field for each entitlement.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findEntitlements",
"format": "json",
"returnMaxRows": "2"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findEntitlements",
format: "json",
returnMaxRows: "2"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findEntitlements": [
{
"id": "1",
"action_name": "Admin",
"activity_owners": "",
"all_ent_type": "ent",
"alt_name": "Role Collector : Admin",
"application_id": "1",
"application_name": "Aveksa",
"application_raw_name": "Aveksa",
"app_description": "The Aveksa application security",
"business_owner": "",
"business_unit_id": "",
"canrequest": "1",
"directory_id": "1",
"ent_type": "ent",
"exception_manager": "",
"exclude_from_normal_add_access": "N",
"long_desc": "Manage access plus create role collectors. Run all role collectors.",
"name": "Role Collector : Admin",
"owner_id": "",
"resource_id": "25",
"resource_name": "Role Collector",
"short_desc": "",
"technical_owner": "",
"unique_id": "ent1",
"url_ref": "",
"app_decommissioning_date": "",
"app_is_active": "",
"app_backup_business_owner": "",
"app_backup_technical_owner": "",
"approle_description": "",
"approle_external_id": "",
"approle_display_name": "",
"approle_type": "",
"ent_external_id": "",
"group_description": "",
"group_type": "",
"group_technical_location": "",
"group_external_id": "",
"group_backup_owner": ""
},
{
"id": "2",
"action_name": "Edit All",
"activity_owners": "",
"all_ent_type": "ent",
"alt_name": "Role Collector : Edit All",
"application_id": "1",
"application_name": "Aveksa",
"application_raw_name": "Aveksa",
"app_description": "The Aveksa application security",
"business_owner": "",
"business_unit_id": "",
"canrequest": "1",
"directory_id": "1",
"ent_type": "ent",
"exception_manager": "",
"exclude_from_normal_add_access": "N",
"long_desc": "View access plus edit role collectors. Run role collectors.",
"name": "Role Collector : Edit All",
"owner_id": "",
"resource_id": "25",
"resource_name": "Role Collector",
"short_desc": "",
"technical_owner": "",
"unique_id": "ent2",
"url_ref": "",
"app_decommissioning_date": "",
"app_is_active": "",
"app_backup_business_owner": "",
"app_backup_technical_owner": "",
"approle_description": "",
"approle_external_id": "",
"approle_display_name": "",
"approle_type": "",
"ent_external_id": "",
"group_description": "",
"group_type": "",
"group_technical_location": "",
"group_external_id": "",
"group_backup_owner": ""
}
]
}
Specific columns
Use returnColumns to limit the response to the fields you need.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=json&returnMaxRows=3&returnColumns=id,name,application_name,ent_type,resource_name,canrequest" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findEntitlements",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,application_name,ent_type,resource_name,canrequest"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findEntitlements",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,application_name,ent_type,resource_name,canrequest"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
- 412 Invalid column
{
"findEntitlements": [
{
"id": "1",
"name": "Role Collector : Admin",
"application_name": "Aveksa",
"ent_type": "ent",
"resource_name": "Role Collector",
"canrequest": "1"
},
{
"id": "2",
"name": "Role Collector : Edit All",
"application_name": "Aveksa",
"ent_type": "ent",
"resource_name": "Role Collector",
"canrequest": "1"
},
{
"id": "3",
"name": "Role Set : Edit All",
"application_name": "Aveksa",
"ent_type": "ent",
"resource_name": "Role Set",
"canrequest": "1"
}
]
}
<html>
<head><title>Error</title></head>
<body>The parameter returncolumns contains an invalid column - `invalid_col`.
Query String=cmd=findEntitlements&format=json&returnMaxRows=2&returnColumns=id,invalid_col</body>
</html>
Filter by a single value
Pass any column name as a query parameter to filter results. The example returns entitlements where application_name is Aveksa.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=json&returnMaxRows=3&returnColumns=id,name,application_name,ent_type&application_name=Aveksa" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findEntitlements",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,application_name,ent_type",
"application_name": "Aveksa"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findEntitlements",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,application_name,ent_type",
application_name: "Aveksa"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findEntitlements": [
{
"id": "1",
"name": "Role Collector : Admin",
"application_name": "Aveksa",
"ent_type": "ent"
},
{
"id": "2",
"name": "Role Collector : Edit All",
"application_name": "Aveksa",
"ent_type": "ent"
},
{
"id": "3",
"name": "Role Set : Edit All",
"application_name": "Aveksa",
"ent_type": "ent"
}
]
}
Filter with OR logic
Repeat the same parameter with different values to match any of them. The example returns entitlements where ent_type is ent or group.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=json&returnMaxRows=3&returnColumns=id,name,application_name,ent_type&ent_type=ent&ent_type=group" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = [
("cmd", "findEntitlements"),
("format", "json"),
("returnMaxRows", "3"),
("returnColumns", "id,name,application_name,ent_type"),
("ent_type", "ent"),
("ent_type", "group")
]
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
const params = new URLSearchParams();
params.append('cmd', 'findEntitlements');
params.append('format', 'json');
params.append('returnMaxRows', '3');
params.append('returnColumns', 'id,name,application_name,ent_type');
params.append('ent_type', 'ent');
params.append('ent_type', 'group');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params,
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findEntitlements": [
{
"id": "1",
"name": "Role Collector : Admin",
"application_name": "Aveksa",
"ent_type": "ent"
},
{
"id": "2",
"name": "Role Collector : Edit All",
"application_name": "Aveksa",
"ent_type": "ent"
},
{
"id": "3",
"name": "Role Set : Edit All",
"application_name": "Aveksa",
"ent_type": "ent"
}
]
}
Case-insensitive filter
Filters are case-sensitive by default. Set ignoreCase=true to match regardless of case. The example passes ent_type=ENT in uppercase and still returns records with the stored value ent.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=json&returnMaxRows=3&returnColumns=id,name,application_name,ent_type&ent_type=ENT&ignoreCase=true" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findEntitlements",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,application_name,ent_type",
"ent_type": "ENT",
"ignoreCase": "true"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findEntitlements",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,application_name,ent_type",
ent_type: "ENT",
ignoreCase: "true"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findEntitlements": [
{
"id": "1",
"name": "Role Collector : Admin",
"application_name": "Aveksa",
"ent_type": "ent"
},
{
"id": "2",
"name": "Role Collector : Edit All",
"application_name": "Aveksa",
"ent_type": "ent"
},
{
"id": "3",
"name": "Role Set : Edit All",
"application_name": "Aveksa",
"ent_type": "ent"
}
]
}
Sort ascending
Use sortByColumns with a column name and sortDirection=asc to sort results from lowest to highest. The example sorts by id.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=json&returnMaxRows=3&returnColumns=id,name,application_name,ent_type&sortByColumns=id&sortDirection=asc" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findEntitlements",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,application_name,ent_type",
"sortByColumns": "id",
"sortDirection": "asc"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findEntitlements",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,application_name,ent_type",
sortByColumns: "id",
sortDirection: "asc"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findEntitlements": [
{
"id": "1",
"name": "Role Collector : Admin",
"application_name": "Aveksa",
"ent_type": "ent"
},
{
"id": "2",
"name": "Role Collector : Edit All",
"application_name": "Aveksa",
"ent_type": "ent"
},
{
"id": "3",
"name": "Role Set : Edit All",
"application_name": "Aveksa",
"ent_type": "ent"
}
]
}
Sort descending
Set sortDirection=desc to reverse the order.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=json&returnMaxRows=3&returnColumns=id,name,application_name,ent_type&sortByColumns=id&sortDirection=desc" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findEntitlements",
"format": "json",
"returnMaxRows": "3",
"returnColumns": "id,name,application_name,ent_type",
"sortByColumns": "id",
"sortDirection": "desc"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.json())
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findEntitlements",
format: "json",
returnMaxRows: "3",
returnColumns: "id,name,application_name,ent_type",
sortByColumns: "id",
sortDirection: "desc"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
{
"findEntitlements": [
{
"id": "51592",
"name": "People Intelligence Incubator-ProjectTeam",
"application_name": "Entra ID",
"ent_type": "group"
},
{
"id": "51591",
"name": "BDLingo_PROD_BD_Excellence_Office",
"application_name": "Entra ID",
"ent_type": "group"
},
{
"id": "51590",
"name": "Windows - Application - Global Protect VPN 6.3.3 C1016 - NonChina - PILOT",
"application_name": "Entra ID",
"ent_type": "group"
}
]
}
CSV with custom delimiter
Set format=csv for a comma-separated response. Use delimiter to change the separator character.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=csv&returnMaxRows=3&returnColumns=id,name,application_name,ent_type&delimiter=~" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findEntitlements",
"format": "csv",
"returnMaxRows": "3",
"returnColumns": "id,name,application_name,ent_type",
"delimiter": "~"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.text)
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findEntitlements",
format: "csv",
returnMaxRows: "3",
returnColumns: "id,name,application_name,ent_type",
delimiter: "~"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
id~name~application_name~ent_type
1~Role Collector : Admin~Aveksa~ent
2~Role Collector : Edit All~Aveksa~ent
3~Role Set : Edit All~Aveksa~ent
CSV without header row
Set includeHeaderRow=false when your downstream system expects raw data rows without a header.
Request
- Curl
- Python
- Node.js
curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findEntitlements&format=csv&returnMaxRows=3&returnColumns=id,name,application_name,ent_type&includeHeaderRow=false" \
-H "Authorization: Bearer <token>"
import requests
url = "https://instance.securid.com/aveksa/command.submit"
params = {
"cmd": "findEntitlements",
"format": "csv",
"returnMaxRows": "3",
"returnColumns": "id,name,application_name,ent_type",
"includeHeaderRow": "false"
}
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, params=params, headers=headers)
print(response.text)
const axios = require('axios');
axios.get("https://instance.securid.com/aveksa/command.submit", {
params: {
cmd: "findEntitlements",
format: "csv",
returnMaxRows: "3",
returnColumns: "id,name,application_name,ent_type",
includeHeaderRow: "false"
},
headers: { Authorization: "Bearer <token>" }
}).then(r => console.log(r.data));
Response
- 200
1,Role Collector : Admin,Aveksa,ent
2,Role Collector : Edit All,Aveksa,ent
3,Role Set : Edit All,Aveksa,ent
Error responses
A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column name that does not exist in the PV_ENTITLEMENTS public view.
- 401 Invalid token
- 412 Invalid column
<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findEntitlements'. Token is invalid or expired</body>
</html>
<html>
<head><title>Error</title></head>
<body>The parameter returncolumns contains an invalid column - `invalid_col`.
Query String=cmd=findEntitlements&format=json&returnMaxRows=2&returnColumns=id,invalid_col</body>
</html>
Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.