Skip to main content
POST
/
api
/
v1
/
access_review_template
/
{access_review_template_id}
/
scope_and_entitlements
SetScopeAndEntitlements
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.AccessReviewTemplateSetupEntitlement.SetScopeAndEntitlements(ctx, operations.C1APIAccessreviewV1AccessReviewTemplateSetupEntitlementServiceSetScopeAndEntitlementsRequest{
        AccessReviewTemplateID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.AccessReviewTemplateSetupEntitlementServiceSetResponse != nil {
        // handle response
    }
}
{
  "expanded": [
    {
      "@type": "<string>"
    }
  ],
  "list": [
    {
      "accessReviewTemplateEntitlement": {
        "accessReviewTemplateId": "<string>",
        "appEntitlementId": "<string>",
        "appId": "<string>",
        "appResourceId": "<string>",
        "appResourceTypeId": "<string>",
        "createdAt": "2023-11-07T05:31:56Z",
        "customPolicyId": "<string>",
        "deletedAt": "2023-11-07T05:31:56Z",
        "policyId": "<string>",
        "tenantId": "<string>",
        "updatedAt": "2023-11-07T05:31:56Z"
      },
      "appPath": "<string>",
      "entitlementPath": "<string>",
      "policyPath": "<string>"
    }
  ],
  "scope": {
    "accountCelExpression": {
      "expression": "<string>"
    },
    "accountCriteria": {
      "accountDomain": "APP_USER_DOMAIN_UNSPECIFIED",
      "accountTypes": [
        "APP_USER_TYPE_UNSPECIFIED"
      ],
      "appUserStatuses": [
        "APP_USER_STATUS_UNSPECIFIED"
      ],
      "noAccountOwner": true
    },
    "allAccessConflicts": {},
    "allAccounts": {},
    "allGrants": {},
    "allUsers": {},
    "appAccess": {},
    "appSelectionCriteria": {
      "complianceFrameworkAttributeValueIds": [
        "<string>"
      ],
      "riskLevelAttributeValueIds": [
        "<string>"
      ]
    },
    "celExpression": {
      "expression": "<string>"
    },
    "grantsByCriteria": {
      "accessProfileFilter": {
        "excludedAccessProfileIds": [
          "<string>"
        ],
        "filterType": "ACCESS_PROFILE_FILTER_TYPE_UNSPECIFIED",
        "includedAccessProfileIds": [
          "<string>"
        ]
      },
      "daysSinceAdded": "<string>",
      "daysSinceLastUsed": "<string>",
      "daysSinceReviewed": "<string>",
      "grantsAddedBetween": {
        "endDate": "2023-11-07T05:31:56Z",
        "startDate": "2023-11-07T05:31:56Z"
      },
      "sourceFilter": "GRANT_SOURCE_FILTER_UNSPECIFIED",
      "typeFilter": "GRANT_FILTER_TYPE_UNSPECIFIED"
    },
    "resourceSelection": {},
    "resourceTypeSelections": {},
    "selectedUsers": {
      "userIds": [
        "<string>"
      ]
    },
    "specificAccessConflicts": {},
    "specificResources": {},
    "userCriteria": {
      "groupAppEntitlementsRef": [
        {
          "appId": "<string>",
          "id": "<string>"
        }
      ],
      "managerUserIds": [
        "<string>"
      ],
      "multiUserProfileAttributes": {},
      "userStatus": [
        "UNKNOWN"
      ]
    }
  }
}

Documentation Index

Fetch the complete documentation index at: https://conductorone-groman-network-requirements-updates.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

access_review_template_id
string
required

The ID of the access review template to configure.

Body

application/json

The AccessReviewTemplateSetupEntitlementServiceSetRequest message.

entitlements
Access Review Template Setup Entitlement Input · object[] | null

The entitlements to include in the template. Replaces all previously selected entitlements.

expandMask
Access Review Template Setup Entitlement Expand Mask · object

The AccessReviewTemplateSetupEntitlementExpandMask message.

scope
Access Review Scope V 2 · object

The AccessReviewScopeV2 message.

This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time:

  • appAccess
  • specificResources
  • appSelectionCriteria
  • resourceTypeSelections

This message contains a oneof named users_scope. Only a single field of the following list may be set at a time:

  • allUsers
  • selectedUsers
  • userCriteria
  • celExpression

This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time:

  • allAccounts
  • accountCriteria
  • accountCelExpression

This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time:

  • allGrants
  • grantsByCriteria

This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time:

  • allAccessConflicts
  • specificAccessConflicts

This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time:

  • resourceSelection

Response

200 - application/json

Successful response

The AccessReviewTemplateSetupEntitlementServiceSetResponse message.

expanded
object[] | null

Related objects requested via the expand mask.

list
Access Review Template Setup Entitlement View · object[] | null

The current list of setup entitlements for the template.

scope
Access Review Scope V 2 · object

The AccessReviewScopeV2 message.

This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time:

  • appAccess
  • specificResources
  • appSelectionCriteria
  • resourceTypeSelections

This message contains a oneof named users_scope. Only a single field of the following list may be set at a time:

  • allUsers
  • selectedUsers
  • userCriteria
  • celExpression

This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time:

  • allAccounts
  • accountCriteria
  • accountCelExpression

This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time:

  • allGrants
  • grantsByCriteria

This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time:

  • allAccessConflicts
  • specificAccessConflicts

This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time:

  • resourceSelection