Principal Access represent a summary of user access for a resource
See Entitlement Management for more information.
Application Administratorokta.governance.entitlements.readRetrieves the current state of principal access for a specific resource. API shows if user has permanent or timed based access to the application along with what entitlements are assigned to that user.
| filter required | string <scim-filter> Apply various filters by using supported principal access filtering properties. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" AND targetPrincipal.externalId eq "00ub0oNGTSWTBKOLGLNR" AND targetPrincipal.type eq "OKTA_USER" filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22%20AND%20targetPrincipal.externalId%20eq%20%2200ub0oNGTSWTBKOLGLNR%22%20AND%20targetPrincipal.type%20eq%20%22OKTA_USER%22Query param: ?filter=parentResourceOrn eq "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ" AND targetPrincipalOrn eq "orn:okta:directory:00o11edPwGqbUrsDm0g4:users:00ub0oNGTSWTBKOLGLNR" filter=parentResourceOrn%20eq%20%22orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ%22%20AND%20targetPrincipalOrn%20eq%20%22orn:okta:directory:00o11edPwGqbUrsDm0g4:users:00ub0oNGTSWTBKOLGLNR%22 |
Principal access for a specific resource.
An invalid list request
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Principal access data with base (POLICY or CUSTOM) and any additional entitlements
{- "targetPrincipalOrn": "orn:okta:directory:00o11edPwGqbUrsDm0g4:users:00ub0oNGTSWTBKOLGLNR",
- "targetPrincipal": {
- "externalId": "00ub0oNGTSWTBKOLGLNR",
- "type": "OKTA_USER"
}, - "parentResourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "parent": {
- "externalId": "0oafxqCAJWWGELFTYASJ",
- "type": "APPLICATION"
}, - "expirationTime": "2024-05-31T23:59:59Z",
- "timeZone": "America/Toronto",
- "base": {
- "grantType": "POLICY",
- "grantMethod": "POLICY",
- "expirationTime": "2024-05-31T23:59:59Z",
- "grant": {
- "id": "grab0oNGTSWTBKOLGLNR",
- "_links": {
}
}, - "entitlements": [
- {
- "id": "espfxqCAJWWGELFTYASJ",
- "name": "Figma",
- "externalValue": "figma",
- "description": "This is a Figma entitlement",
- "multiValue": true,
- "required": false,
- "dataType": "string",
- "values": [
- {
- "id": "entfxqCAJWWGELFTYAAA",
- "name": "Read access",
- "externalValue": "read"
}
]
}
]
}, - "additional": [
- {
- "grantType": "ENTITLEMENT-BUNDLE",
- "grantMethod": "ACCESS_REQUEST",
- "startTime": "2024-03-15T00:00:00Z",
- "expirationTime": "2024-04-30T23:59:59Z",
- "timeZone": "America/Toronto",
- "grant": {
- "id": "grab0oNGTSWTBKOLGLNQ",
}, - "bundle": {
- "id": "enb4aHwGLtZBsLSf40g2",
- "name": "Bundle1"
}, - "entitlements": [
- {
- "id": "espfxqCAJWWGELFTYASI",
- "name": "Figma",
- "externalValue": "figma",
- "description": "This is a Figma entitlement",
- "multiValue": true,
- "required": false,
- "dataType": "string",
- "values": [
- {
- "id": "entfxqCAJWWGELFTYAAB",
- "name": "Write access",
- "externalValue": "write"
}
]
}
]
}
]
}