--- title: Access Control description: The following are Ping Autonomous Identity access control endpoints: component: autonomous-identity version: 2022.11.12 page_id: autonomous-identity:api-guide:chap-access-control-api canonical_url: https://docs.pingidentity.com/autonomous-identity/2022.11.12/api-guide/chap-access-control-api.html section_ids: get_apiuserdetailsdecisions: GET /api/userDetails/decisions post_apiuserdetailsdecisions: POST /api/userDetails/decisions post_apirulesdecision: POST /api/rules/decision --- # Access Control The following are Ping Autonomous Identity access control endpoints: ## GET /api/userDetails/decisions * GET /api/userDetails/decisions Get the current entitlement decisions for the user. \[Supervisor, Ent Owner, App Owner, Admin] Endpoint ``` /api/userDetails/decisions ``` Authorization ``` OR ``` Param ``` user=john.doe ``` **Query Parameters** | Parameter | Type | Description | | --------- | ------ | ------------------------------------------- | | user | string | User ID (required) | | filter | object | Filter to add (single property shown below) | **Filter Query Object Properties** | Parameter | Type | Description | | ------------------- | ------ | ---------------------------------------- | | datasinkStatus | string | Datasink status filter ('ack' or 'nack') | | timestampThresholds | | Timestamp threshold object | **timestampThresholds Object Properties** | Parameter | Type | Description | | --------- | ------ | -------------------------------------------------------------------------------------------------- | | gt | string | Greater than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with **gte**. | | gte | string | Greater than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with **gt**. | | lt | string | Less than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with **lte**. | | lte | string | Less than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with **le**. | Example Request (DatasinkStatus Filter) ``` curl -k -X GET \ 'datasinkStatus=nack' \ -H 'Authorization: Bearer ' \ -H 'X-API-KEY: ' \ -H 'Content-Type: application/json' ``` Example Response (DatasinkStatus Filter) ``` { "decisions": [ { "user": "john.doe", "entitlement": "ent_1", "is_certified": false, "is_revoked": false, "is_processed": false, "is_archived": false, "author": "jane.smith", "author_name": "Jane Smith", "author_type": "Zoran Admin", "reason": null, "last_updated": "2022-01-11T19:48:17.195Z", "datasink_status": "nack", "usr_name": "John Doe", "ent_name": "Entitlement 1", "app_id": "Gateway", "app_name": "Gateway", "usr_manager_id": "john.smith", "conf": 0.75, "freq": 4, "freqUnion": 3 } ] } ``` ## POST /api/userDetails/decisions * POST /api/userDetails/decisions Update entitlement decisions for users. \[Supervisor, Ent Owner, App Owner, Admin] Endpoint ``` /api/userDetails/decisions ``` Authorization ``` OR <API-KEY> ``` **Request Body Parameters** | Parameter | Type | Description | | ---------------- | --------------------------- | ------------------------------------------------------------------------------------------ | | assignments | array of assignment objects | List of assignments affected by the decision (available properties listed below)(required) | | is\_certified | boolean | Certification decision | | is\_revoked | boolean | Revoke decision | | is\_requested | boolean | Decision is processed | | reason | string | Reason for decision | | datasink\_status | string | Datasink status ('ack' or 'nack') | **Assignments Object Properties** | Parameter | Type | Description | | ------------ | ------------ | ----------------------------------- | | user | string | User ID (required) | | entitlements | string array | List of entitlement ID's (required) | Body ``` { "assignments": [ { "user": "string", "entitlements": [ "string" ] } ], "is_certified": true, "is_revoked": true, "is_requested": true, "is_processed": true, "reason": "string", "datasink_status": "nack" } ``` Example Request ``` curl --request POST "https://autoid-api.forgerock.com/api/userDetails/decisions" \ -H "accept: /" -H "Content-Type: application/json" \ --data-raw '{ "assignments": [ { "user": "string", "entitlements": [ "string" ] } ], "is_certified": true, "is_revoked": true, "is_requested": true, "is_processed": true, "reason": "string", "datasink_status": "nack" }' ``` Example Response ``` { "status": 200 } ``` ## POST /api/rules/decision * POST /api/rules/decision Update rule decisions. \[Supervisor, Ent Owner, App Owner, Admin] Endpoint ``` /api/rules/decision ``` Authorization ``` ``` **Request Body Parameters** | Parameter | Type | Description | | ------------------- | ---------------------- | ------------------------------------------------------------------------------------ | | rules | array of rules objects | List of rules affected by the decision (available properties listed below)(required) | | is\_autocertify | boolean | Auto-Certification decision (required) | | is\_autorequest | boolean | Auto-Request decision (required) | | autocertify\_reason | boolean | Auto-Certification reason (required) | | autorequest\_reason | boolean | Auto-Request reason (required) | | datasink\_status | string | Datasink status ('ack' or 'nack') | **Rule Object Properties** | Parameter | Type | Description | | ------------- | ------------ | ------------------------------------- | | entitlement | string | Entitlement ID (required) | | justification | string array | List of raw justifications (required) | Body ``` { "rules": [ { "entitlement": "string", "justification": [ "string" ] } ], "is_autocertify": true, "is_autorequest": true, "autocertify_reason": "string", "autorequest_reason": "string" } ``` Example Request ``` curl -k -X POST \ "https://autoid-api.forgerock.com/api/rules/decision" \ -H 'Authorization: Bearer ' \ -H "accept: /" -H "Content-Type: application/json" \ --data-raw '{ "rules": [ { "entitlement": "Ent_1", "justification": [ "0C_CHIEF_YES_NO_Yes", "0C_JOBCODE_NAME_Service Representitive II", "0C_MANAGER_NAME_John_Doe", "0C_USR_EMP_TYPE_Non-Employee" ] } ], "is_autocertify": true, "is_autorequest": false, "autocertify_reason": "Goodbye, world.", "autorequest_reason": "Hello, world." }' ``` Example Response ``` Status 204: No Content ```