Skip to main content
POST
/
api
/
v1
/
access_review
Create
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.AccessReview.Create(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.AccessReviewServiceCreateResponse != nil {
        // handle response
    }
}
{
  "accessReview": {
    "accessReview": {
      "accessReviewTemplateId": "<string>",
      "accuracyIssueAction": "ACCURACY_ISSUE_ACTION_UNSPECIFIED",
      "autoCloseCampaign": true,
      "autoCloseDecision": "CLOSE_DECISION_UNSPECIFIED",
      "autoGenerateReport": true,
      "autoResolve": true,
      "autoStartCampaign": true,
      "bindings": {},
      "campaignHealth": {
        "checkedAt": "2023-11-07T05:31:56Z",
        "phantomLockedCount": 123
      },
      "campaignInsights": {
        "markdown": "<string>"
      },
      "closedAt": "2023-11-07T05:31:56Z",
      "columnConfig": {
        "columns": [
          "ACCESS_REVIEW_TASK_COLUMN_UNSPECIFIED"
        ]
      },
      "completionDate": "2023-11-07T05:31:56Z",
      "connectorSourcesFrozenAt": "2023-11-07T05:31:56Z",
      "createdAt": "2023-11-07T05:31:56Z",
      "createdById": "<string>",
      "defaultView": "ACCESS_REVIEW_VIEW_TYPE_UNSPECIFIED",
      "description": "<string>",
      "displayName": "<string>",
      "errorState": "ACCESS_REVIEW_ERROR_STATE_UNSPECIFIED",
      "exclusionScope": {
        "appUserStatuses": [
          "APP_USER_STATUS_UNSPECIFIED"
        ],
        "appUserTypes": [
          "APP_USER_TYPE_UNSPECIFIED"
        ]
      },
      "exemptCertifiedAccessConflicts": true,
      "expectedTicketCount": 123,
      "hasAccuracySupport": true,
      "id": "<string>",
      "inclusionScope": {
        "appUserStatuses": [
          "APP_USER_STATUS_UNSPECIFIED"
        ],
        "appUserTypes": [
          "APP_USER_TYPE_UNSPECIFIED"
        ],
        "managerIds": [
          "<string>"
        ],
        "multiUserProfileAttributes": {},
        "noAccountOwners": true,
        "userIds": [
          "<string>"
        ],
        "userStatuses": [
          "USER_UNKNOWN"
        ]
      },
      "multiApp": {
        "appEntitlementDetails": {},
        "appEntitlements": {}
      },
      "notificationConfig": {
        "sendClose": true,
        "sendKickoff": true,
        "sendReminders": true
      },
      "policyId": "<string>",
      "reviewInstructions": "<string>",
      "scheduledStartDate": "2023-11-07T05:31:56Z",
      "scope": {
        "appUserStatuses": [
          "APP_USER_STATUS_UNSPECIFIED"
        ],
        "appUserTypes": [
          "APP_USER_TYPE_UNSPECIFIED"
        ]
      },
      "scopeType": "ACCESS_REVIEW_SCOPE_TYPE_UNSPECIFIED",
      "scopeV2": {
        "accountCelExpression": {
          "expression": "<string>"
        },
        "accountCriteria": {
          "accountDomain": "APP_USER_DOMAIN_UNSPECIFIED",
          "accountTypes": [
            "APP_USER_TYPE_UNSPECIFIED"
          ],
          "appUserStatuses": [
            "APP_USER_STATUS_UNSPECIFIED"
          ],
          "noAccountOwner": true
        },
        "allAccessConflicts": {},
        "allAccounts": {},
        "allGrants": {},
        "allUsers": {},
        "appAccess": {},
        "appSelectionCriteria": {
          "complianceFrameworkAttributeValueIds": [
            "<string>"
          ],
          "riskLevelAttributeValueIds": [
            "<string>"
          ]
        },
        "celExpression": {
          "expression": "<string>"
        },
        "grantsByCriteria": {
          "accessProfileFilter": {
            "excludedAccessProfileIds": [
              "<string>"
            ],
            "filterType": "ACCESS_PROFILE_FILTER_TYPE_UNSPECIFIED",
            "includedAccessProfileIds": [
              "<string>"
            ]
          },
          "daysSinceAdded": "<string>",
          "daysSinceLastUsed": "<string>",
          "daysSinceReviewed": "<string>",
          "grantsAddedBetween": {
            "endDate": "2023-11-07T05:31:56Z",
            "startDate": "2023-11-07T05:31:56Z"
          },
          "sourceFilter": "GRANT_SOURCE_FILTER_UNSPECIFIED",
          "typeFilter": "GRANT_FILTER_TYPE_UNSPECIFIED"
        },
        "resourceSelection": {},
        "resourceTypeSelections": {},
        "selectedUsers": {
          "userIds": [
            "<string>"
          ]
        },
        "specificAccessConflicts": {},
        "specificResources": {},
        "userCriteria": {
          "groupAppEntitlementsRef": [
            {
              "appId": "<string>",
              "id": "<string>"
            }
          ],
          "managerUserIds": [
            "<string>"
          ],
          "multiUserProfileAttributes": {},
          "userStatus": [
            "UNKNOWN"
          ]
        }
      },
      "scopingVersion": "<string>",
      "signatureConfig": {
        "meaningOfSignature": "<string>",
        "requireSignature": true,
        "stepUpProviderId": "<string>",
        "tspUrl": "<string>"
      },
      "singleApp": {
        "appId": "<string>"
      },
      "startedAt": "2023-11-07T05:31:56Z",
      "state": "ACCESS_REVIEW_STATE_UNSPECIFIED",
      "updatedAt": "2023-11-07T05:31:56Z",
      "usePolicyOverride": true
    },
    "createdByUserPath": "<string>",
    "objectPermissions": {
      "delete": true,
      "edit": true,
      "extra": {},
      "read": true
    },
    "policyPath": "<string>"
  },
  "expanded": [
    {
      "@type": "<string>"
    }
  ]
}

Documentation Index

Fetch the complete documentation index at: https://conductorone-groman-network-requirements-updates.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Body

application/json

The AccessReviewServiceCreateRequest message.

completionDate
string<date-time>
description
string

An optional description providing context about the campaign.

displayName
string

The display name for the new campaign.

duplicateFrom
string

The ID of an existing campaign to copy scope and entitlement configuration from. Optional.

expandMask
Access Review Expand Mask · object

The AccessReviewExpandMask message.

notificationConfig
Notification Config · object

Controls which email notifications are sent during the access review lifecycle.

ownerIds
string[] | null

The IDs of the users who own and manage this campaign. At least one owner is required.

policyId
string

The ID of the review policy that governs task assignment and resolution.

scopeType
enum<string>

The type of scoping method for the campaign (e.g., by entitlements, by access conflicts, or by resource).

Available options:
ACCESS_REVIEW_SCOPE_TYPE_UNSPECIFIED,
ACCESS_REVIEW_SCOPE_TYPE_BY_ENTITLEMENTS,
ACCESS_REVIEW_SCOPE_TYPE_BY_ACCESS_CONFLICTS,
ACCESS_REVIEW_SCOPE_TYPE_BY_RESOURCE,
ACCESS_REVIEW_SCOPE_TYPE_BY_INHERITANCE
scopeV2
Access Review Scope V 2 · object

The AccessReviewScopeV2 message.

This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time:

  • appAccess
  • specificResources
  • appSelectionCriteria
  • resourceTypeSelections

This message contains a oneof named users_scope. Only a single field of the following list may be set at a time:

  • allUsers
  • selectedUsers
  • userCriteria
  • celExpression

This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time:

  • allAccounts
  • accountCriteria
  • accountCelExpression

This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time:

  • allGrants
  • grantsByCriteria

This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time:

  • allAccessConflicts
  • specificAccessConflicts

This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time:

  • resourceSelection

Response

200 - application/json

Successful response

The AccessReviewServiceCreateResponse message.

accessReview
Access Review View · object

The AccessReviewView message.

expanded
object[] | null

Related objects requested via the expand mask.