Delegation Request String

Components

The request string for a delegation request must be a JSON string that adheres to the following information:

Property

Value

Required

Details

Property

Value

Required

Details

Timestamp

When to process the request

Yes

Must be an ISO 8601 extended format date and time in UTC and may be set to a value in the future to schedule the request.

  • Example: 2024-01-02T03:04:05.006Z

Type

The type of request

Yes

Must be a string with the following value: Delegation

Action

Action for the request

Yes

Must be one of the following approved verbs: Grant, Revoke

Path

OU targetted by the request

Yes

Must be an OU under the Department OU of the department.

  • Example: OU=Computers,OU=EXAMPLE,OU=Departments,DC=austin,DC=utexas,DC=edu

Principal

AD group in the delegation

Yes

Must be an Active Directory security group.

  • Example: EXAMPLE-ComputerAdmins

  • Example: EXAMPLE-GroupMemberManagers

Delegation

Permissions for request

Yes

Must be one of the supported delegations (see: Supported Delegations) and must not contain any white space.

  • Example: Computers

  • Example: GroupMembership

RequestedBy

User submitting the request

Yes

Must be the department administrator submitting the request. Validated against the Administrators group for the department.

  • Example: EXAMPLE-abcd1234

Notes

Additional information

No

Text field to store information about the delegation request.

Examples

The following JSON string is an example of a valid request string:

{ "Timestamp":"2024-01-02T03:04:05.006Z", "Type":"Delegation", "Action":"Grant", "Path":"OU=Computers,OU=EXAMPLE,OU=Departments,DC=austin,DC=utexas,DC=edu", "Principal":"EXAMPLE-ComputerAdmins", "Delegation":"Computers", "RequestedBy":"EXAMPLE-abcd1234", "Notes":"This is a test delegation" }

Â