AccessCertificationCampaignPolicy
This object defines sets of reviewers. Campaigns are created for one of the defined set only. The default policy always exists.
Properties
| Property | Details |
|---|---|
| DisplayName_L1 required | Type String Description Display name of the campaign policy in language 1 (up to 16). |
| Identifier required | Type String Description Policy identifier |
AccessCertificationDataFilter
When running an Access Certification Campaign, this object defines the scope of assignments of entitlements to certify for a given Access Certification Campaign. It filters based on the specific entitlements attributes.
Properties
| Property | Details |
|---|---|
| Campaign required | Type Int64 Description The associated campaign. |
| Category optional | Type Int64 Description Specifies the category targeted by the filter. |
| IncludeCompositeRoles default value: false | Type Boolean Description true to include the composite roles in the certification. |
| IncludeDeniedPermissions default value: true | Type Boolean Description Filters items with denied permissions from Access Certification Campaign. |
| IncludeDoubleValidation default value: true | Type Boolean Description true to include the assignments of entitlements with two validations in the certification. |
| IncludeManualAssignmentNotAllowed default value: true | Type Boolean Description true to include in the certification the resources that cannot be requested manually, i.e. those from resource types with ApprovalWorkflowType set to ManualAssignmentNotAllowed. |
| IncludeNestedCategories default value: false | Type Boolean Description When a category is used as filter, all its nested categories are also included in the campaign. |
| IncludeNoValidation default value: true | Type Boolean Description true to include the assignments of entitlements without validation in the certification. |
| IncludeResourceNavigations default value: false | Type Boolean Description true to include the resource navigations in the certification. |
| IncludeResourceScalars default value: false | Type Boolean Description true to include the resource scalars in the certification. |
| IncludeResourceTypes default value: false | Type Boolean Description true to include the resource types in the certification. |
| IncludeSimpleValidation default value: true | Type Boolean Description true to include the assignments of entitlements with one validation in the certification. |
| IncludeSingleRoles default value: false | Type Boolean Description true to include the single roles in the certification. |
| IncludeTripleValidation default value: true | Type Boolean Description true to include the assignments of entitlements with three validations in the certification. |
| IncludeWorkflowStateApproved default value: true | Type Boolean Description true to include the manually approved assignments of entitlements in the certification. |
| IncludeWorkflowStateFound default value: true | Type Boolean Description true to include the reconciled assignments of entitlements in the certification. |
| IncludeWorkflowStateHistory default value: true | Type Boolean Description true to include the preexisting approved assignments of entitlements in the certification. |
| IncludeWorkflowStatePolicyApproved default value: true | Type Boolean Description true to include the automatically approved assignments of entitlements in the certification. |
| LatestCertifiedLimitDate optional | Type DateTime Description If specified, only assignments of entitlements not certified since. |
| ResourceType optional | Type Int64 Description Specifies the resource type targeted by the filter. |
| Tags optional | Type String Description Tags of the roles targeted by the campaign filter. The tag separator is �. |
| TargetedRisk optional | Type Int64 Description If set, filters on the owner risk. |
AccessCertificationOwnerFilter
When running an Access Certification Campaign, this object defines the scope of assignments of entitlements to certify for a given Access Certification Campaign. It filters based on the attributes of entitlements owner.
Properties
| Property | Details |
|---|---|
| Campaign required | Type Int64 Description The associated campaign. |
| D0 optional | Type Int64 Description Identifier of the dimension 0 (up to 3V in base32hex) that filters the owners targeted by the access certification campaign. |
| IndividualOwner optional | Type Int64 Description If set, filters on the owner. |
| L0 default value: false | Type Boolean Description true to include all the hierarchy beneath the dimension 0. Note: this setting can be used only if the corresponding dimension was declared with IsHierarchical set to true and with a ParentProperty. |
| MinimalRiskScore optional | Type Int32 Description If set, filters only owners above given risk. |
| OwnerLastModificationDate optional | Type DateTime Description Date such that the identities to be certified will be those for which the value of the OwnerLastModificationDateBinding property was modified since then. Note: must be set together with OwnerLastModificationDateBinding. |
| OwnerLastModificationDateBinding optional | Type Int64 Description Binding of the property whose owner will be part of the campaign's targets, if the property's value was modified since OwnerLastModificationDate. Note: must be set together with OwnerLastModificationDate. Note: the properties calculated by Usercube cannot be used. |
| TargetedRisk optional | Type Int64 Description If set, filters on the owner risk. |