Create Access Request Policy

Create policies that control access request approval workflows

Overview

Creates an access request policy that defines JIT access, approval workflows, and expiration settings.

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

descriptionstringOptional

Responses

200

application/json

default

Default error response

application/json

post

/api/private/lifecycle_management/access_request_policies

POST /api/private/lifecycle_management/access_request_policies HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1092

{
  "name": "text",
  "description": "text",
  "jit_definition": {
    "allow_unlimited": true,
    "min_duration_in_seconds": 1,
    "max_duration_in_seconds": 1,
    "allow_requestor_to_set": true,
    "allow_approver_to_modify": true
  },
  "approver_definition": {
    "auto_approve": true,
    "steps": [
      {
        "categories": [
          1
        ],
        "other_approver_user_ids": [
          "text"
        ],
        "category_entities": {
          "ANY_ADDITIONAL_PROPERTY": {
            "category": 1,
            "entities": [
              {
                "entity_type": "text",
                "entity_id": "text",
                "attributes": {
                  "ANY_ADDITIONAL_PROPERTY": "text"
                },
                "assigned_to_entity_type": "text",
                "assigned_to_entity_id": "text",
                "entity_name": "text",
                "error_message": "text",
                "unique_identifiers": [
                  "text"
                ],
                "datasource_id": "text"
              }
            ]
          }
        },
        "other_approver_group_ids": [
          "text"
        ],
        "skip_inactive_approvers": true,
        "dynamic_approval_setting_id": "text"
      }
    ],
    "dynamic_approval_attributes": {
      "ANY_ADDITIONAL_PROPERTY": "text"
    }
  },
  "expiration_definition": {
    "time_to_expire_in_seconds": 1,
    "action_on_expiration": 1,
    "escalate_admin": true,
    "escalate_app_owner": true,
    "escalate_profile_owner": true,
    "escalate_approver_manager_level1": true,
    "escalate_approver_manager_level2": true,
    "escalate_users": [
      "text"
    ],
    "escalate_groups": [
      "text"
    ]
  }
}

{
  "value": {
    "id": "text",
    "name": "text",
    "description": "text",
    "current_version_number": 1,
    "draft_version_number": 1,
    "state": 1,
    "require_approval_to_start": true,
    "used_by": [
      {
        "type": 1,
        "id": "text"
      }
    ],
    "created_by": "text",
    "created_at": "2026-02-06T21:03:28.549Z",
    "updated_at": "2026-02-06T21:03:28.549Z",
    "rbac_id": "text"
  },
  "version": {
    "policy_id": "text",
    "version_number": 1,
    "state": 1,
    "jit_definition": {
      "allow_unlimited": true,
      "min_duration_in_seconds": 1,
      "max_duration_in_seconds": 1,
      "allow_requestor_to_set": true,
      "allow_approver_to_modify": true
    },
    "approval_definition": {
      "auto_approve": true,
      "steps": [
        {
          "categories": [
            1
          ],
          "other_approver_user_ids": [
            "text"
          ],
          "category_entities": {
            "ANY_ADDITIONAL_PROPERTY": {
              "category": 1,
              "entities": [
                {
                  "entity_type": "text",
                  "entity_id": "text",
                  "attributes": {
                    "ANY_ADDITIONAL_PROPERTY": "text"
                  },
                  "assigned_to_entity_type": "text",
                  "assigned_to_entity_id": "text",
                  "entity_name": "text",
                  "error_message": "text",
                  "unique_identifiers": [
                    "text"
                  ],
                  "datasource_id": "text"
                }
              ]
            }
          },
          "other_approver_group_ids": [
            "text"
          ],
          "skip_inactive_approvers": true,
          "dynamic_approval_setting_id": "text"
        }
      ],
      "dynamic_approval_attributes": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      }
    },
    "expiration_definition": {
      "time_to_expire_in_seconds": 1,
      "action_on_expiration": 1,
      "escalate_admin": true,
      "escalate_app_owner": true,
      "escalate_profile_owner": true,
      "escalate_approver_manager_level1": true,
      "escalate_approver_manager_level2": true,
      "escalate_users": [
        "text"
      ],
      "escalate_groups": [
        "text"
      ]
    },
    "created_by": "text",
    "created_at": "2026-02-06T21:03:28.549Z",
    "updated_at": "2026-02-06T21:03:28.549Z",
    "published_by": "text",
    "published_at": "2026-02-06T21:03:28.549Z",
    "rbac_id": "text"
  }
}

Examples

Policy with Auto-Approval

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/access_request_policies" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Development Team Auto-Approve",
    "description": "Auto-approve access requests for development resources",
    "approver_definition": {
      "auto_approve": true,
      "steps": []
    }
  }'

Policy with Manual Approval Steps

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/access_request_policies" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Access Approval",
    "description": "Require security team approval for production access",
    "approver_definition": {
      "auto_approve": false,
      "steps": [
        {
          "categories": ["ADMIN"],
          "other_approver_user_ids": ["user-123", "user-456"],
          "other_approver_group_ids": [],
          "category_entities": {},
          "skip_inactive_approvers": false
        }
      ]
    }
  }'

Policy with JIT Access

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/access_request_policies" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Temporary Admin Access",
    "description": "Allow time-limited admin access",
    "jit_definition": {
      "allow_unlimited": false,
      "min_duration_in_seconds": 3600,
      "max_duration_in_seconds": 86400,
      "allow_requestor_to_set": true,
      "allow_approver_to_modify": true
    },
    "approver_definition": {
      "auto_approve": false,
      "steps": [
        {
          "categories": ["ADMIN"]
        }
      ]
    }
  }'

Policy with Expiration Settings

curl -X POST "https://your-instance.vezacloud.com/api/private/lifecycle_management/access_request_policies" \
  -H "authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Access with Auto-Reject",
    "description": "Reject requests that are not approved within 48 hours",
    "expiration_definition": {
      "time_to_expire_in_seconds": 172800,
      "action_on_expiration": "REJECT"
    },
    "approver_definition": {
      "auto_approve": false,
      "steps": [
        {
          "categories": ["APP_OWNER"]
        }
      ]
    }
  }'

Response

{
  "value": {
    "id": "policy-123456",
    "name": "Production Access Approval",
    "description": "Require security team approval for production access",
    "current_version_number": 1,
    "draft_version_number": 1,
    "state": "INITIAL",
    "require_approval_to_start": false,
    "used_by": [],
    "created_by": "user-123",
    "created_at": "2025-08-22T10:30:00Z",
    "updated_at": "2025-08-22T10:30:00Z",
    "rbac_id": "policy-rbac-123456"
  },
  "version": {
    "policy_id": "policy-123456",
    "version_number": 1,
    "state": "DRAFT",
    "approval_definition": {
      "auto_approve": false,
      "steps": [
        {
          "categories": ["ADMIN"],
          "other_approver_user_ids": ["user-123", "user-456"],
          "other_approver_group_ids": [],
          "category_entities": {},
          "skip_inactive_approvers": false
        }
      ]
    },
    "created_by": "user-123",
    "created_at": "2025-08-22T10:30:00Z",
    "updated_at": "2025-08-22T10:30:00Z",
    "rbac_id": "version-rbac-123456"
  }
}

PreviousManage Global Settings NextCreate Policy Identity Access Request

Last updated 6 days ago

Was this helpful?

{ "value": { "id": "text", "name": "text", "description": "text", "current_version_number": 1, "draft_version_number": 1, "state": 1, "require_approval_to_start": true, "used_by": [ { "type": 1, "id": "text" } ], "created_by": "text", "created_at": "2026-02-06T21:03:28.549Z", "updated_at": "2026-02-06T21:03:28.549Z", "rbac_id": "text" }, "version": { "policy_id": "text", "version_number": 1, "state": 1, "jit_definition": { "allow_unlimited": true, "min_duration_in_seconds": 1, "max_duration_in_seconds": 1, "allow_requestor_to_set": true, "allow_approver_to_modify": true }, "approval_definition": { "auto_approve": true, "steps": [ { "categories": [ 1 ], "other_approver_user_ids": [ "text" ], "category_entities": { "ANY_ADDITIONAL_PROPERTY": { "category": 1, "entities": [ { "entity_type": "text", "entity_id": "text", "attributes": { "ANY_ADDITIONAL_PROPERTY": "text" }, "assigned_to_entity_type": "text", "assigned_to_entity_id": "text", "entity_name": "text", "error_message": "text", "unique_identifiers": [ "text" ], "datasource_id": "text" } ] } }, "other_approver_group_ids": [ "text" ], "skip_inactive_approvers": true, "dynamic_approval_setting_id": "text" } ], "dynamic_approval_attributes": { "ANY_ADDITIONAL_PROPERTY": "text" } }, "expiration_definition": { "time_to_expire_in_seconds": 1, "action_on_expiration": 1, "escalate_admin": true, "escalate_app_owner": true, "escalate_profile_owner": true, "escalate_approver_manager_level1": true, "escalate_approver_manager_level2": true, "escalate_users": [ "text" ], "escalate_groups": [ "text" ] }, "created_by": "text", "created_at": "2026-02-06T21:03:28.549Z", "updated_at": "2026-02-06T21:03:28.549Z", "published_by": "text", "published_at": "2026-02-06T21:03:28.549Z", "rbac_id": "text" } }

hashtagOverview

hashtagExamples

hashtagPolicy with Auto-Approval

hashtagPolicy with Manual Approval Steps

hashtagPolicy with JIT Access

hashtagPolicy with Expiration Settings

hashtagResponse