Execute a policy dry run against a specific identity to preview actions without performing them
POST /api/private/lifecycle_management/policies/{policy_id}/identities/{identity_id}:dry_runExecute a policy dry run against a specific identity to preview what actions would be taken without actually performing them. This is essential for testing policy configurations, validating conditions, and understanding policy behavior before activation.
Use this endpoint to:
Test new policies before activating them
Validate policy changes against specific users
Debug why policies are or aren't executing for certain identities
Demonstrate policy behavior to stakeholders
curl -X POST "https://your-tenant.vezacloud.com/api/private/lifecycle_management/policies/policy-123e4567-e89b-12d3-a456-426614174000/identities/identity-456:dry_run" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"policy_id": "policy-123e4567-e89b-12d3-a456-426614174000",
"id": "identity-456",
"version_number": 2,
"state": "NEW"
}'{
"workflows_matched": [
"Active Employees"
],
"access_profile_ids": [
"3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
"ead4616a-7f0e-45ad-a721-375320e15cfd"
],
"job_requests": [
{
"job_id": "fd7624af-cc5f-4b7e-87ef-e21fa9868d87",
"data_source": {
"id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
"name": "Workday HRIS",
"type": "workday"
},
"input_entities": [
{
"entity_id": "employee_12345",
"entity_type": "WorkdayWorker",
"attributes": {
"employment_status": "ACTIVE",
"work_location": "US",
"department": "Sales",
"manager": true
}
}
],
"action_type": "SYNC_IDENTITIES",
"action_config": {
"@type": "type.googleapis.com/lifecyclemanagement.v1.SyncIdentitiesJobConfig",
"attributes_to_sync": {
"email": "work_email",
"name": "full_name",
"department": "department_name"
},
"create_allowed": true,
"continuous_sync_allowed": true,
"attributes_not_to_continuous_sync": ["manager_approval_date"]
},
"action_job_id": "d55fda69-0720-4742-a963-f22bd8fd1b57",
"action_name": "SyncADIdentities"
},
{
"job_id": "f6b68999-43d8-49ae-8027-94e8985eafd8",
"data_source": {
"id": "ad-connector-001",
"name": "Active Directory",
"type": "active_directory"
},
"input_entities": [
{
"entity_id": "employee_12345",
"entity_type": "ActiveDirectoryUser"
}
],
"action_type": "MANAGE_RELATIONSHIPS",
"action_config": {
"@type": "type.googleapis.com/lifecyclemanagement.v1.ManageRelationshipsJobConfig",
"relationships_to_create": [
{
"entity_type": "ActiveDirectoryGroup",
"entity_id": "366db2d0-6c4e-47fe-9c57-1a8dc4916da4"
},
{
"entity_type": "ActiveDirectoryGroup",
"entity_id": "cbb024a6-e227-4aaf-b893-f61478d45f8a"
}
]
},
"action_job_id": "09b61164-d50f-4dbe-bcfc-bfff31530438",
"action_name": "UsActiveDirectoryGroups"
}
],
"messages": [
"Policy would execute for identity with email: [email protected]",
"2 job requests generated",
"Access profiles affected: 2"
]
}workflows_matched
Array of workflow names that matched the dry run criteria
job_requests
Array of job request objects that would be created
messages
Array of informational messages about the dry run execution
access_profile_ids
Array of access profile IDs that were found in the dry run
OK
Default error response
OK
Default error response
{
"workflows_matched": [
"text"
],
"job_requests": [
{
"job_id": "text",
"data_source": {
"id": "text",
"external_id": "text",
"agent_type": "text",
"data_provider_id": "text",
"data_source_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"data_provider_type": 1,
"data_provider_secret_refs": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
]
},
"input_entities": [
{
"table": "text",
"primary_key": [
"text"
],
"constraints": [
{
"type": 1,
"field_names": [
"text"
]
}
]
}
],
"action_type": 1,
"action_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"action_job_id": "text",
"action_name": "text",
"identity_id": "text",
"stop_on_error": true,
"ttl": "text"
}
],
"messages": [
"text"
],
"access_profile_ids": [
"text"
],
"job_request_workflow_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}{
"workflows_matched": [
"text"
],
"job_requests": [
{
"job_id": "text",
"data_source": {
"id": "text",
"external_id": "text",
"agent_type": "text",
"data_provider_id": "text",
"data_source_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"data_provider_type": 1,
"data_provider_secret_refs": [
{
"id": "text",
"secret_id": "text",
"vault_id": "text",
"vault": {
"id": "text",
"name": "text",
"vault_provider": "text",
"insight_point_id": "text",
"deleted": true
}
}
]
},
"input_entities": [
{
"table": "text",
"primary_key": [
"text"
],
"constraints": [
{
"type": 1,
"field_names": [
"text"
]
}
]
}
],
"action_type": 1,
"action_config": {
"@type": "text",
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"action_job_id": "text",
"action_name": "text",
"identity_id": "text",
"stop_on_error": true,
"ttl": "text"
}
],
"messages": [
"text"
],
"access_profile_ids": [
"text"
],
"job_request_workflow_names": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:dry_run HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 61
{
"policy_id": "text",
"id": "text",
"version_number": 1,
"state": 1
}POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:dry_run HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 61
{
"policy_id": "text",
"id": "text",
"version_number": 1,
"state": 1
}