Get Policy

Get Policy returns a policy by ID and version

Path Parameters

id string required

version int64 required

Responses

A successful response.

application/json

Schema

Example (from schema)

Schema

policy object

id string

Policy unique identifier

version int64

Policy version. Auto-incremented when policy is updated

description string

steps object[]

Sequence of approval steps. Each step can have different approval strategy and approvers

Array [

name string required

Approval step identifier

description string

Approval step description

allowFailed boolean

If set true, and current step is rejected, it will mark the appeal status as skipped instead of rejected

when string

Determines whether the step should be evaluated or it can be skipped. If it evaluates to be falsy, the step will automatically skipped. Otherwise, step become pending/blocked (normal).

strategy string required

Execution behaviour of the step. Possible values are auto or manual

approveIf string

Determines the automatic resolution of current step when strategy is auto. Required when strategy is auto

approvers string[]

List of email or Expression string. The Expression is expected to return an email address or list of email addresses. Required when strategy is manual

rejectionReason string

This fills Approval.Reason if current approval step gets rejected based on ApproveIf expression. If strategy is manual, this field ignored.

]

labels object

property name* string

createdAt date-time

Policy creation timestamp

updatedAt date-time

Policy last update timestamp

requirements object[]

Array [

on object required

Requirement trigger. If the trigger is matched, the requirement will be evaluated

providerType string

Criteria for the provider type of the current appeal's selected resource. Regex supported

providerUrn string

Criteria for the provider URN of the current appeal's selected resource. Regex supported

resourceType string

Criteria for the resource type of the current appeal's selected resource. Regex supported

resourceUrn string

Criteria for the resource URN of the current appeal's selected resource. Regex supported

role string

Criteria for the role of the current appeal. Regex supported

conditions object[]

Array [

field string

match object

]

expression string

appeals object[]

Array [

resource object

providerType string

providerUrn string

type string

urn string

id string

role string

options object

expirationDate date-time

duration string

policy object

id string

version int32

]

iam object

provider string required

Identity manager type. Supported types are http and frontier

config required

Client configuration according to the provider type

schema object

User (appeal creator) profile details schema to be shown in the creator field in an appeal

property name* string

appeal object

durationOptions object[]

List of duration options

Array [

name string required

Name of the duration option

value string required

Actual value of duration such as 24h, 72h. value will be 0h in case of permanent duration. Valid time units are ns, us (or µs). Reference: ParseDuration

]

allowOnBehalf boolean

allowPermanentAccess boolean

Set this to true if you want to allow users to have permanent access to the resources. Default is false

allowActiveAccessExtensionIn string

Duration before the access expiration date when the user allowed to create appeal to the same resource (extend their current access). Valid time units are ns, us (or µs), ms, s, m, h

questions object[]

List of questions to be asked to the appeal creator

Array [

key string required

Unique key of the question

question string required

Question to be asked to the appeal creator

required boolean required

Whether the question is required or not

description string

The description to be shown to the appeal creator

]

allowCreatorDetailsFailure boolean

{
  "policy": {
    "id": "f4b7a3c0-9f9b-4b9b-9b0a-9e4b1a1b1b1b",
    "version": 1,
    "description": "string",
    "steps": [
      {
        "name": "Step 1",
        "description": "Step 1 description",
        "allowFailed": true,
        "when": "string",
        "strategy": "auto",
        "approveIf": "string",
        "approvers": [
          "string"
        ],
        "rejectionReason": "string"
      }
    ],
    "labels": {},
    "createdAt": "2023-06-07T05:39:56.961Z",
    "updatedAt": "2023-06-07T05:39:56.961Z",
    "requirements": [
      {
        "on": {
          "providerType": "string",
          "providerUrn": "string",
          "resourceType": "string",
          "resourceUrn": "string",
          "role": "string",
          "conditions": [
            {
              "field": "string",
              "match": {
                "eq": {}
              }
            }
          ],
          "expression": "string"
        },
        "appeals": [
          {
            "resource": {
              "providerType": "string",
              "providerUrn": "string",
              "type": "string",
              "urn": "string",
              "id": "string"
            },
            "role": "string",
            "options": {
              "expirationDate": "2023-10-24T20:41:02.822Z",
              "duration": "string"
            },
            "policy": {
              "id": "string",
              "version": 0
            }
          }
        ]
      }
    ],
    "iam": {
      "provider": "bigquery",
      "schema": {}
    },
    "appeal": {
      "durationOptions": [
        {
          "name": "string",
          "value": "string"
        }
      ],
      "allowOnBehalf": true,
      "allowPermanentAccess": true,
      "allowActiveAccessExtensionIn": "string",
      "questions": [
        {
          "key": "string",
          "question": "string",
          "required": true,
          "description": "string"
        }
      ],
      "allowCreatorDetailsFailure": true
    }
  }
}

Bad Request - The request was malformed or contained invalid parameters.

application/json

Schema

Example (from schema)

Schema

code int32

message string

details object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Unauthorized - Authentication is required

application/json

Schema

Example (from schema)

Schema

code int32

message string

details object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Forbidden - User does not have permission to access the resource

application/json

Schema

Example (from schema)

Schema

code int32

message string

details object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Not Found - The requested resource was not found

application/json

Schema

Example (from schema)

Schema

code int32

message string

details object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Internal Server Error. Returned when theres is something wrong with Frontier server.

application/json

Schema

Example (from schema)

Schema

code int32

message string

details object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json

Schema

Example (from schema)

Schema

code int32

message string

details object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Get Policy​

Get Policy