SETRISKCONFIGURATION()`¶

About SetRiskConfiguration¶

Configures threat protection for a user pool or app client. Sets configuration for the following.

Responses to risks with adaptive authentication
Responses to vulnerable passwords with compromised-credentials detection
Notifications to users who have had risky activity detected
IP-address denylist and allowlist

To set the risk configuration for the user pool to defaults, send this request with only the UserPoolId parameter. To reset the threat protection settings of an app client to be inherited from the user pool, send UserPoolId and ClientId parameters only. To change threat protection to audit-only or off, update the value of UserPoolAddOns in an UpdateUserPool request. To activate this setting, your user pool must be on the Plus tier.

Method Signature¶

IMPORTING¶

Required arguments:¶

`iv_userpoolid` `TYPE /AWS1/CGPUSERPOOLIDTYPE` `/AWS1/CGPUSERPOOLIDTYPE`¶

The ID of the user pool where you want to set a risk configuration. If you include UserPoolId in your request, don't include ClientId. When the client ID is null, the same risk configuration is applied to all the clients in the userPool. When you include both ClientId and UserPoolId, Amazon Cognito maps the configuration to the app client only.

Optional arguments:¶

`iv_clientid` `TYPE /AWS1/CGPCLIENTIDTYPE` `/AWS1/CGPCLIENTIDTYPE`¶

The ID of the app client where you want to set a risk configuration. If ClientId is null, then the risk configuration is mapped to UserPoolId. When the client ID is null, the same risk configuration is applied to all the clients in the userPool.

When you include a ClientId parameter, Amazon Cognito maps the configuration to the app client. When you include both ClientId and UserPoolId, Amazon Cognito maps the configuration to the app client only.

`io_compromisedcredsriskconf` `TYPE REF TO /AWS1/CL_CGPCOMPROMISEDCREDS00` `/AWS1/CL_CGPCOMPROMISEDCREDS00`¶

The configuration of automated reactions to detected compromised credentials. Includes settings for blocking future sign-in requests and for the types of password-submission events you want to monitor.

`io_accounttakeoverriskconf` `TYPE REF TO /AWS1/CL_CGPACTAKEOVERRISKCO00` `/AWS1/CL_CGPACTAKEOVERRISKCO00`¶

The settings for automated responses and notification templates for adaptive authentication with threat protection.

`io_riskexceptionconf` `TYPE REF TO /AWS1/CL_CGPRISKEXCONFTYPE` `/AWS1/CL_CGPRISKEXCONFTYPE`¶

A set of IP-address overrides to threat protection. You can set up IP-address always-block and always-allow lists.

RETURNING¶

`oo_output` `TYPE REF TO /aws1/cl_cgpsetriskconfrsp` `/AWS1/CL_CGPSETRISKCONFRSP`¶

Domain /AWS1/RT_ACCOUNT_ID

Primitive Type NUMC

Examples¶

Syntax Example¶

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->/aws1/if_cgp~setriskconfiguration(
  io_accounttakeoverriskconf = new /aws1/cl_cgpactakeoverriskco00(
    io_actions = new /aws1/cl_cgpactakeoveracttype(
      io_highaction = new /aws1/cl_cgpactakeoveracttyp00(
        iv_eventaction = |string|
        iv_notify = ABAP_TRUE
      )
      io_lowaction = new /aws1/cl_cgpactakeoveracttyp00(
        iv_eventaction = |string|
        iv_notify = ABAP_TRUE
      )
      io_mediumaction = new /aws1/cl_cgpactakeoveracttyp00(
        iv_eventaction = |string|
        iv_notify = ABAP_TRUE
      )
    )
    io_notifyconfiguration = new /aws1/cl_cgpnotifyconftype(
      io_blockemail = new /aws1/cl_cgpnotifyemailtype(
        iv_htmlbody = |string|
        iv_subject = |string|
        iv_textbody = |string|
      )
      io_mfaemail = new /aws1/cl_cgpnotifyemailtype(
        iv_htmlbody = |string|
        iv_subject = |string|
        iv_textbody = |string|
      )
      io_noactionemail = new /aws1/cl_cgpnotifyemailtype(
        iv_htmlbody = |string|
        iv_subject = |string|
        iv_textbody = |string|
      )
      iv_from = |string|
      iv_replyto = |string|
      iv_sourcearn = |string|
    )
  )
  io_compromisedcredsriskconf = new /aws1/cl_cgpcompromisedcreds00(
    io_actions = new /aws1/cl_cgpcompromisedcreds01( |string| )
    it_eventfilter = VALUE /aws1/cl_cgpeventfilterstype_w=>tt_eventfilterstype(
      ( new /aws1/cl_cgpeventfilterstype_w( |string| ) )
    )
  )
  io_riskexceptionconf = new /aws1/cl_cgpriskexconftype(
    it_blockediprangelist = VALUE /aws1/cl_cgpblkediprangelstt00=>tt_blockediprangelisttype(
      ( new /aws1/cl_cgpblkediprangelstt00( |string| ) )
    )
    it_skippediprangelist = VALUE /aws1/cl_cgpskippediprangels00=>tt_skippediprangelisttype(
      ( new /aws1/cl_cgpskippediprangels00( |string| ) )
    )
  )
  iv_clientid = |string|
  iv_userpoolid = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lo_riskconfigurationtype = lo_result->get_riskconfiguration( ).
  IF lo_riskconfigurationtype IS NOT INITIAL.
    lv_userpoolidtype = lo_riskconfigurationtype->get_userpoolid( ).
    lv_clientidtype = lo_riskconfigurationtype->get_clientid( ).
    lo_compromisedcredentialsr = lo_riskconfigurationtype->get_compromisedcredsriskconf( ).
    IF lo_compromisedcredentialsr IS NOT INITIAL.
      LOOP AT lo_compromisedcredentialsr->get_eventfilter( ) into lo_row.
        lo_row_1 = lo_row.
        IF lo_row_1 IS NOT INITIAL.
          lv_eventfiltertype = lo_row_1->get_value( ).
        ENDIF.
      ENDLOOP.
      lo_compromisedcredentialsa = lo_compromisedcredentialsr->get_actions( ).
      IF lo_compromisedcredentialsa IS NOT INITIAL.
        lv_compromisedcredentialse = lo_compromisedcredentialsa->get_eventaction( ).
      ENDIF.
    ENDIF.
    lo_accounttakeoverriskconf = lo_riskconfigurationtype->get_accounttakeoverriskconf( ).
    IF lo_accounttakeoverriskconf IS NOT INITIAL.
      lo_notifyconfigurationtype = lo_accounttakeoverriskconf->get_notifyconfiguration( ).
      IF lo_notifyconfigurationtype IS NOT INITIAL.
        lv_stringtype = lo_notifyconfigurationtype->get_from( ).
        lv_stringtype = lo_notifyconfigurationtype->get_replyto( ).
        lv_arntype = lo_notifyconfigurationtype->get_sourcearn( ).
        lo_notifyemailtype = lo_notifyconfigurationtype->get_blockemail( ).
        IF lo_notifyemailtype IS NOT INITIAL.
          lv_emailnotificationsubjec = lo_notifyemailtype->get_subject( ).
          lv_emailnotificationbodyty = lo_notifyemailtype->get_htmlbody( ).
          lv_emailnotificationbodyty = lo_notifyemailtype->get_textbody( ).
        ENDIF.
        lo_notifyemailtype = lo_notifyconfigurationtype->get_noactionemail( ).
        IF lo_notifyemailtype IS NOT INITIAL.
          lv_emailnotificationsubjec = lo_notifyemailtype->get_subject( ).
          lv_emailnotificationbodyty = lo_notifyemailtype->get_htmlbody( ).
          lv_emailnotificationbodyty = lo_notifyemailtype->get_textbody( ).
        ENDIF.
        lo_notifyemailtype = lo_notifyconfigurationtype->get_mfaemail( ).
        IF lo_notifyemailtype IS NOT INITIAL.
          lv_emailnotificationsubjec = lo_notifyemailtype->get_subject( ).
          lv_emailnotificationbodyty = lo_notifyemailtype->get_htmlbody( ).
          lv_emailnotificationbodyty = lo_notifyemailtype->get_textbody( ).
        ENDIF.
      ENDIF.
      lo_accounttakeoveractionst = lo_accounttakeoverriskconf->get_actions( ).
      IF lo_accounttakeoveractionst IS NOT INITIAL.
        lo_accounttakeoveractionty = lo_accounttakeoveractionst->get_lowaction( ).
        IF lo_accounttakeoveractionty IS NOT INITIAL.
          lv_accounttakeoveractionno = lo_accounttakeoveractionty->get_notify( ).
          lv_accounttakeovereventact = lo_accounttakeoveractionty->get_eventaction( ).
        ENDIF.
        lo_accounttakeoveractionty = lo_accounttakeoveractionst->get_mediumaction( ).
        IF lo_accounttakeoveractionty IS NOT INITIAL.
          lv_accounttakeoveractionno = lo_accounttakeoveractionty->get_notify( ).
          lv_accounttakeovereventact = lo_accounttakeoveractionty->get_eventaction( ).
        ENDIF.
        lo_accounttakeoveractionty = lo_accounttakeoveractionst->get_highaction( ).
        IF lo_accounttakeoveractionty IS NOT INITIAL.
          lv_accounttakeoveractionno = lo_accounttakeoveractionty->get_notify( ).
          lv_accounttakeovereventact = lo_accounttakeoveractionty->get_eventaction( ).
        ENDIF.
      ENDIF.
    ENDIF.
    lo_riskexceptionconfigurat = lo_riskconfigurationtype->get_riskexceptionconf( ).
    IF lo_riskexceptionconfigurat IS NOT INITIAL.
      LOOP AT lo_riskexceptionconfigurat->get_blockediprangelist( ) into lo_row_2.
        lo_row_3 = lo_row_2.
        IF lo_row_3 IS NOT INITIAL.
          lv_stringtype = lo_row_3->get_value( ).
        ENDIF.
      ENDLOOP.
      LOOP AT lo_riskexceptionconfigurat->get_skippediprangelist( ) into lo_row_4.
        lo_row_5 = lo_row_4.
        IF lo_row_5 IS NOT INITIAL.
          lv_stringtype = lo_row_5->get_value( ).
        ENDIF.
      ENDLOOP.
    ENDIF.
    lv_datetype = lo_riskconfigurationtype->get_lastmodifieddate( ).
  ENDIF.
ENDIF.

/AWS1/IF_CGP=>SETRISKCONFIGURATION()¶