Skip to content

/AWS1/IF_SHB=>GETRECOMMENDEDPOLICYV2()

About GetRecommendedPolicyV2

Retrieves the recommended policy to remediate a Security Hub finding. GetRecommendedPolicyV2 only supports findings for unused permissions.

Method Signature

METHODS /AWS1/IF_SHB~GETRECOMMENDEDPOLICYV2
  IMPORTING
    !IV_METADATAUID TYPE /AWS1/SHBNONEMPTYSTRING OPTIONAL
    !IV_NEXTTOKEN TYPE /AWS1/SHBNEXTTOKEN OPTIONAL
    !IV_MAXRESULTS TYPE /AWS1/SHBMAXRESULTS OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_shbgetrecdpolicyv2rsp
  RAISING
    /AWS1/CX_SHBACCESSDENIEDEX
    /AWS1/CX_SHBINTERNALSERVEREX
    /AWS1/CX_SHBINVALIDINPUTEX
    /AWS1/CX_SHBRESOURCENOTFOUNDEX
    /AWS1/CX_SHBTHROTTLINGEX
    /AWS1/CX_SHBVALIDATIONEX
    /AWS1/CX_SHBCLIENTEXC
    /AWS1/CX_SHBSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_metadatauid TYPE /AWS1/SHBNONEMPTYSTRING /AWS1/SHBNONEMPTYSTRING

The unique identifier (ID) of Security Hub OCSF findings found under the metadata.uid field of the finding.

Optional arguments:

iv_nexttoken TYPE /AWS1/SHBNEXTTOKEN /AWS1/SHBNEXTTOKEN

The token used to paginate the RecommendationSteps list returned. On your first call to GetRecommendedPolicyV2, omit this parameter or set it to NULL. For subsequent calls, use the NextToken value returned in the previous response to retrieve the next page of results.

iv_maxresults TYPE /AWS1/SHBMAXRESULTS /AWS1/SHBMAXRESULTS

The maximum number of recommendation steps to return.

RETURNING

oo_output TYPE REF TO /aws1/cl_shbgetrecdpolicyv2rsp /AWS1/CL_SHBGETRECDPOLICYV2RSP

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->getrecommendedpolicyv2(
  iv_maxresults = 123
  iv_metadatauid = |string|
  iv_nexttoken = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_nexttoken = lo_result->get_nexttoken( ).
  lv_recommendationtype = lo_result->get_recommendationtype( ).
  LOOP AT lo_result->get_recommendationsteps( ) into lo_row.
    lo_row_1 = lo_row.
    IF lo_row_1 IS NOT INITIAL.
      lo_unusedpermissionsrecomm = lo_row_1->get_unusedpermissions( ).
      IF lo_unusedpermissionsrecomm IS NOT INITIAL.
        lv_nonemptystring = lo_unusedpermissionsrecomm->get_recommendedaction( ).
        lv_nonemptystring = lo_unusedpermissionsrecomm->get_existingpolicy( ).
        lv_nonemptystring = lo_unusedpermissionsrecomm->get_existingpolicyid( ).
        lv_timestamp = lo_unusedpermissionsrecomm->get_policyupdatedat( ).
        lv_nonemptystring = lo_unusedpermissionsrecomm->get_recommendedpolicy( ).
      ENDIF.
    ENDIF.
  ENDLOOP.
  lo_recommendationerror = lo_result->get_error( ).
  IF lo_recommendationerror IS NOT INITIAL.
    lv_nonemptystring = lo_recommendationerror->get_code( ).
    lv_nonemptystring = lo_recommendationerror->get_message( ).
  ENDIF.
  lv_recommendationstatus = lo_result->get_status( ).
  lv_nonemptystring = lo_result->get_resourcearn( ).
ENDIF.