package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.AccessReviewSetupEntitlement.SetCampaignScopeAndEntitlements(ctx, operations.C1APIAccessreviewV1AccessReviewSetupEntitlementServiceSetCampaignScopeAndEntitlementsRequest{
AccessReviewID: "<id>",
})
if err != nil {
log.Fatal(err)
}
if res.AccessReviewSetupEntitlementAndScopeServiceSetResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.accessReviewSetupEntitlement.setCampaignScopeAndEntitlements({
accessReviewId: "<id>",
});
console.log(result);
}
run();curl --request POST \
--url https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"entitlements": [
{
"appEntitlementId": "<string>",
"appId": "<string>"
}
],
"expandMask": {
"paths": [
"<string>"
]
},
"scopeV2": {
"accountCelExpression": {
"expression": "<string>"
},
"accountCriteria": {
"accountTypes": [],
"appUserStatuses": [],
"noAccountOwner": true
},
"allAccessConflicts": {},
"allAccounts": {},
"allGrants": {},
"allUsers": {},
"appAccess": {},
"appSelectionCriteria": {
"complianceFrameworkAttributeValueIds": [
"<string>"
],
"riskLevelAttributeValueIds": [
"<string>"
]
},
"celExpression": {
"expression": "<string>"
},
"grantsByCriteria": {
"accessProfileFilter": {
"excludedAccessProfileIds": [
"<string>"
],
"includedAccessProfileIds": [
"<string>"
]
},
"daysSinceAdded": "<string>",
"daysSinceLastUsed": "<string>",
"daysSinceReviewed": "<string>",
"grantsAddedBetween": {
"endDate": "2023-11-07T05:31:56Z",
"startDate": "2023-11-07T05:31:56Z"
}
},
"resourceSelection": {},
"resourceTypeSelections": {},
"selectedUsers": {
"userIds": [
"<string>"
]
},
"specificAccessConflicts": {},
"specificResources": {},
"userCriteria": {
"groupAppEntitlementsRef": [
{
"appId": "<string>",
"id": "<string>"
}
],
"managerUserIds": [
"<string>"
],
"multiUserProfileAttributes": {},
"userStatus": []
}
}
}
'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements"
payload = {
"entitlements": [
{
"appEntitlementId": "<string>",
"appId": "<string>"
}
],
"expandMask": { "paths": ["<string>"] },
"scopeV2": {
"accountCelExpression": { "expression": "<string>" },
"accountCriteria": {
"accountTypes": [],
"appUserStatuses": [],
"noAccountOwner": True
},
"allAccessConflicts": {},
"allAccounts": {},
"allGrants": {},
"allUsers": {},
"appAccess": {},
"appSelectionCriteria": {
"complianceFrameworkAttributeValueIds": ["<string>"],
"riskLevelAttributeValueIds": ["<string>"]
},
"celExpression": { "expression": "<string>" },
"grantsByCriteria": {
"accessProfileFilter": {
"excludedAccessProfileIds": ["<string>"],
"includedAccessProfileIds": ["<string>"]
},
"daysSinceAdded": "<string>",
"daysSinceLastUsed": "<string>",
"daysSinceReviewed": "<string>",
"grantsAddedBetween": {
"endDate": "2023-11-07T05:31:56Z",
"startDate": "2023-11-07T05:31:56Z"
}
},
"resourceSelection": {},
"resourceTypeSelections": {},
"selectedUsers": { "userIds": ["<string>"] },
"specificAccessConflicts": {},
"specificResources": {},
"userCriteria": {
"groupAppEntitlementsRef": [
{
"appId": "<string>",
"id": "<string>"
}
],
"managerUserIds": ["<string>"],
"multiUserProfileAttributes": {},
"userStatus": []
}
}
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
entitlements: [{appEntitlementId: '<string>', appId: '<string>'}],
expandMask: {paths: ['<string>']},
scopeV2: {
accountCelExpression: {expression: '<string>'},
accountCriteria: {accountTypes: [], appUserStatuses: [], noAccountOwner: true},
allAccessConflicts: {},
allAccounts: {},
allGrants: {},
allUsers: {},
appAccess: {},
appSelectionCriteria: {
complianceFrameworkAttributeValueIds: ['<string>'],
riskLevelAttributeValueIds: ['<string>']
},
celExpression: {expression: '<string>'},
grantsByCriteria: {
accessProfileFilter: {excludedAccessProfileIds: ['<string>'], includedAccessProfileIds: ['<string>']},
daysSinceAdded: '<string>',
daysSinceLastUsed: '<string>',
daysSinceReviewed: '<string>',
grantsAddedBetween: {endDate: '2023-11-07T05:31:56Z', startDate: '2023-11-07T05:31:56Z'}
},
resourceSelection: {},
resourceTypeSelections: {},
selectedUsers: {userIds: ['<string>']},
specificAccessConflicts: {},
specificResources: {},
userCriteria: {
groupAppEntitlementsRef: [{appId: '<string>', id: '<string>'}],
managerUserIds: ['<string>'],
multiUserProfileAttributes: {},
userStatus: []
}
}
})
};
fetch('https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'entitlements' => [
[
'appEntitlementId' => '<string>',
'appId' => '<string>'
]
],
'expandMask' => [
'paths' => [
'<string>'
]
],
'scopeV2' => [
'accountCelExpression' => [
'expression' => '<string>'
],
'accountCriteria' => [
'accountTypes' => [
],
'appUserStatuses' => [
],
'noAccountOwner' => true
],
'allAccessConflicts' => [
],
'allAccounts' => [
],
'allGrants' => [
],
'allUsers' => [
],
'appAccess' => [
],
'appSelectionCriteria' => [
'complianceFrameworkAttributeValueIds' => [
'<string>'
],
'riskLevelAttributeValueIds' => [
'<string>'
]
],
'celExpression' => [
'expression' => '<string>'
],
'grantsByCriteria' => [
'accessProfileFilter' => [
'excludedAccessProfileIds' => [
'<string>'
],
'includedAccessProfileIds' => [
'<string>'
]
],
'daysSinceAdded' => '<string>',
'daysSinceLastUsed' => '<string>',
'daysSinceReviewed' => '<string>',
'grantsAddedBetween' => [
'endDate' => '2023-11-07T05:31:56Z',
'startDate' => '2023-11-07T05:31:56Z'
]
],
'resourceSelection' => [
],
'resourceTypeSelections' => [
],
'selectedUsers' => [
'userIds' => [
'<string>'
]
],
'specificAccessConflicts' => [
],
'specificResources' => [
],
'userCriteria' => [
'groupAppEntitlementsRef' => [
[
'appId' => '<string>',
'id' => '<string>'
]
],
'managerUserIds' => [
'<string>'
],
'multiUserProfileAttributes' => [
],
'userStatus' => [
]
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.post("https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"entitlements\": [\n {\n \"appEntitlementId\": \"<string>\",\n \"appId\": \"<string>\"\n }\n ],\n \"expandMask\": {\n \"paths\": [\n \"<string>\"\n ]\n },\n \"scopeV2\": {\n \"accountCelExpression\": {\n \"expression\": \"<string>\"\n },\n \"accountCriteria\": {\n \"accountTypes\": [],\n \"appUserStatuses\": [],\n \"noAccountOwner\": true\n },\n \"allAccessConflicts\": {},\n \"allAccounts\": {},\n \"allGrants\": {},\n \"allUsers\": {},\n \"appAccess\": {},\n \"appSelectionCriteria\": {\n \"complianceFrameworkAttributeValueIds\": [\n \"<string>\"\n ],\n \"riskLevelAttributeValueIds\": [\n \"<string>\"\n ]\n },\n \"celExpression\": {\n \"expression\": \"<string>\"\n },\n \"grantsByCriteria\": {\n \"accessProfileFilter\": {\n \"excludedAccessProfileIds\": [\n \"<string>\"\n ],\n \"includedAccessProfileIds\": [\n \"<string>\"\n ]\n },\n \"daysSinceAdded\": \"<string>\",\n \"daysSinceLastUsed\": \"<string>\",\n \"daysSinceReviewed\": \"<string>\",\n \"grantsAddedBetween\": {\n \"endDate\": \"2023-11-07T05:31:56Z\",\n \"startDate\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"resourceSelection\": {},\n \"resourceTypeSelections\": {},\n \"selectedUsers\": {\n \"userIds\": [\n \"<string>\"\n ]\n },\n \"specificAccessConflicts\": {},\n \"specificResources\": {},\n \"userCriteria\": {\n \"groupAppEntitlementsRef\": [\n {\n \"appId\": \"<string>\",\n \"id\": \"<string>\"\n }\n ],\n \"managerUserIds\": [\n \"<string>\"\n ],\n \"multiUserProfileAttributes\": {},\n \"userStatus\": []\n }\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"entitlements\": [\n {\n \"appEntitlementId\": \"<string>\",\n \"appId\": \"<string>\"\n }\n ],\n \"expandMask\": {\n \"paths\": [\n \"<string>\"\n ]\n },\n \"scopeV2\": {\n \"accountCelExpression\": {\n \"expression\": \"<string>\"\n },\n \"accountCriteria\": {\n \"accountTypes\": [],\n \"appUserStatuses\": [],\n \"noAccountOwner\": true\n },\n \"allAccessConflicts\": {},\n \"allAccounts\": {},\n \"allGrants\": {},\n \"allUsers\": {},\n \"appAccess\": {},\n \"appSelectionCriteria\": {\n \"complianceFrameworkAttributeValueIds\": [\n \"<string>\"\n ],\n \"riskLevelAttributeValueIds\": [\n \"<string>\"\n ]\n },\n \"celExpression\": {\n \"expression\": \"<string>\"\n },\n \"grantsByCriteria\": {\n \"accessProfileFilter\": {\n \"excludedAccessProfileIds\": [\n \"<string>\"\n ],\n \"includedAccessProfileIds\": [\n \"<string>\"\n ]\n },\n \"daysSinceAdded\": \"<string>\",\n \"daysSinceLastUsed\": \"<string>\",\n \"daysSinceReviewed\": \"<string>\",\n \"grantsAddedBetween\": {\n \"endDate\": \"2023-11-07T05:31:56Z\",\n \"startDate\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"resourceSelection\": {},\n \"resourceTypeSelections\": {},\n \"selectedUsers\": {\n \"userIds\": [\n \"<string>\"\n ]\n },\n \"specificAccessConflicts\": {},\n \"specificResources\": {},\n \"userCriteria\": {\n \"groupAppEntitlementsRef\": [\n {\n \"appId\": \"<string>\",\n \"id\": \"<string>\"\n }\n ],\n \"managerUserIds\": [\n \"<string>\"\n ],\n \"multiUserProfileAttributes\": {},\n \"userStatus\": []\n }\n }\n}"
response = http.request(request)
puts response.read_body{
"expanded": [
{
"@type": "<string>"
}
],
"list": [
{
"accessReviewEntitlement": {
"accessReviewId": "<string>",
"appEntitlementId": "<string>",
"appId": "<string>",
"appResourceId": "<string>",
"appResourceTypeId": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"customPolicyId": "<string>",
"deletedAt": "2023-11-07T05:31:56Z",
"policyId": "<string>",
"tenantId": "<string>",
"updatedAt": "2023-11-07T05:31:56Z"
},
"appPath": "<string>",
"entitlementPath": "<string>",
"policyPath": "<string>"
}
],
"scopeV2": {
"accountCelExpression": {
"expression": "<string>"
},
"accountCriteria": {
"accountTypes": [],
"appUserStatuses": [],
"noAccountOwner": true
},
"allAccessConflicts": {},
"allAccounts": {},
"allGrants": {},
"allUsers": {},
"appAccess": {},
"appSelectionCriteria": {
"complianceFrameworkAttributeValueIds": [
"<string>"
],
"riskLevelAttributeValueIds": [
"<string>"
]
},
"celExpression": {
"expression": "<string>"
},
"grantsByCriteria": {
"accessProfileFilter": {
"excludedAccessProfileIds": [
"<string>"
],
"includedAccessProfileIds": [
"<string>"
]
},
"daysSinceAdded": "<string>",
"daysSinceLastUsed": "<string>",
"daysSinceReviewed": "<string>",
"grantsAddedBetween": {
"endDate": "2023-11-07T05:31:56Z",
"startDate": "2023-11-07T05:31:56Z"
}
},
"resourceSelection": {},
"resourceTypeSelections": {},
"selectedUsers": {
"userIds": [
"<string>"
]
},
"specificAccessConflicts": {},
"specificResources": {},
"userCriteria": {
"groupAppEntitlementsRef": [
{
"appId": "<string>",
"id": "<string>"
}
],
"managerUserIds": [
"<string>"
],
"multiUserProfileAttributes": {},
"userStatus": []
}
}
}Set Campaign Scope And Entitlements
SetCampaignScopeAndEntitlements replaces the scope configuration and selected entitlements for an access review campaign.
package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.AccessReviewSetupEntitlement.SetCampaignScopeAndEntitlements(ctx, operations.C1APIAccessreviewV1AccessReviewSetupEntitlementServiceSetCampaignScopeAndEntitlementsRequest{
AccessReviewID: "<id>",
})
if err != nil {
log.Fatal(err)
}
if res.AccessReviewSetupEntitlementAndScopeServiceSetResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.accessReviewSetupEntitlement.setCampaignScopeAndEntitlements({
accessReviewId: "<id>",
});
console.log(result);
}
run();curl --request POST \
--url https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"entitlements": [
{
"appEntitlementId": "<string>",
"appId": "<string>"
}
],
"expandMask": {
"paths": [
"<string>"
]
},
"scopeV2": {
"accountCelExpression": {
"expression": "<string>"
},
"accountCriteria": {
"accountTypes": [],
"appUserStatuses": [],
"noAccountOwner": true
},
"allAccessConflicts": {},
"allAccounts": {},
"allGrants": {},
"allUsers": {},
"appAccess": {},
"appSelectionCriteria": {
"complianceFrameworkAttributeValueIds": [
"<string>"
],
"riskLevelAttributeValueIds": [
"<string>"
]
},
"celExpression": {
"expression": "<string>"
},
"grantsByCriteria": {
"accessProfileFilter": {
"excludedAccessProfileIds": [
"<string>"
],
"includedAccessProfileIds": [
"<string>"
]
},
"daysSinceAdded": "<string>",
"daysSinceLastUsed": "<string>",
"daysSinceReviewed": "<string>",
"grantsAddedBetween": {
"endDate": "2023-11-07T05:31:56Z",
"startDate": "2023-11-07T05:31:56Z"
}
},
"resourceSelection": {},
"resourceTypeSelections": {},
"selectedUsers": {
"userIds": [
"<string>"
]
},
"specificAccessConflicts": {},
"specificResources": {},
"userCriteria": {
"groupAppEntitlementsRef": [
{
"appId": "<string>",
"id": "<string>"
}
],
"managerUserIds": [
"<string>"
],
"multiUserProfileAttributes": {},
"userStatus": []
}
}
}
'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements"
payload = {
"entitlements": [
{
"appEntitlementId": "<string>",
"appId": "<string>"
}
],
"expandMask": { "paths": ["<string>"] },
"scopeV2": {
"accountCelExpression": { "expression": "<string>" },
"accountCriteria": {
"accountTypes": [],
"appUserStatuses": [],
"noAccountOwner": True
},
"allAccessConflicts": {},
"allAccounts": {},
"allGrants": {},
"allUsers": {},
"appAccess": {},
"appSelectionCriteria": {
"complianceFrameworkAttributeValueIds": ["<string>"],
"riskLevelAttributeValueIds": ["<string>"]
},
"celExpression": { "expression": "<string>" },
"grantsByCriteria": {
"accessProfileFilter": {
"excludedAccessProfileIds": ["<string>"],
"includedAccessProfileIds": ["<string>"]
},
"daysSinceAdded": "<string>",
"daysSinceLastUsed": "<string>",
"daysSinceReviewed": "<string>",
"grantsAddedBetween": {
"endDate": "2023-11-07T05:31:56Z",
"startDate": "2023-11-07T05:31:56Z"
}
},
"resourceSelection": {},
"resourceTypeSelections": {},
"selectedUsers": { "userIds": ["<string>"] },
"specificAccessConflicts": {},
"specificResources": {},
"userCriteria": {
"groupAppEntitlementsRef": [
{
"appId": "<string>",
"id": "<string>"
}
],
"managerUserIds": ["<string>"],
"multiUserProfileAttributes": {},
"userStatus": []
}
}
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
entitlements: [{appEntitlementId: '<string>', appId: '<string>'}],
expandMask: {paths: ['<string>']},
scopeV2: {
accountCelExpression: {expression: '<string>'},
accountCriteria: {accountTypes: [], appUserStatuses: [], noAccountOwner: true},
allAccessConflicts: {},
allAccounts: {},
allGrants: {},
allUsers: {},
appAccess: {},
appSelectionCriteria: {
complianceFrameworkAttributeValueIds: ['<string>'],
riskLevelAttributeValueIds: ['<string>']
},
celExpression: {expression: '<string>'},
grantsByCriteria: {
accessProfileFilter: {excludedAccessProfileIds: ['<string>'], includedAccessProfileIds: ['<string>']},
daysSinceAdded: '<string>',
daysSinceLastUsed: '<string>',
daysSinceReviewed: '<string>',
grantsAddedBetween: {endDate: '2023-11-07T05:31:56Z', startDate: '2023-11-07T05:31:56Z'}
},
resourceSelection: {},
resourceTypeSelections: {},
selectedUsers: {userIds: ['<string>']},
specificAccessConflicts: {},
specificResources: {},
userCriteria: {
groupAppEntitlementsRef: [{appId: '<string>', id: '<string>'}],
managerUserIds: ['<string>'],
multiUserProfileAttributes: {},
userStatus: []
}
}
})
};
fetch('https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'entitlements' => [
[
'appEntitlementId' => '<string>',
'appId' => '<string>'
]
],
'expandMask' => [
'paths' => [
'<string>'
]
],
'scopeV2' => [
'accountCelExpression' => [
'expression' => '<string>'
],
'accountCriteria' => [
'accountTypes' => [
],
'appUserStatuses' => [
],
'noAccountOwner' => true
],
'allAccessConflicts' => [
],
'allAccounts' => [
],
'allGrants' => [
],
'allUsers' => [
],
'appAccess' => [
],
'appSelectionCriteria' => [
'complianceFrameworkAttributeValueIds' => [
'<string>'
],
'riskLevelAttributeValueIds' => [
'<string>'
]
],
'celExpression' => [
'expression' => '<string>'
],
'grantsByCriteria' => [
'accessProfileFilter' => [
'excludedAccessProfileIds' => [
'<string>'
],
'includedAccessProfileIds' => [
'<string>'
]
],
'daysSinceAdded' => '<string>',
'daysSinceLastUsed' => '<string>',
'daysSinceReviewed' => '<string>',
'grantsAddedBetween' => [
'endDate' => '2023-11-07T05:31:56Z',
'startDate' => '2023-11-07T05:31:56Z'
]
],
'resourceSelection' => [
],
'resourceTypeSelections' => [
],
'selectedUsers' => [
'userIds' => [
'<string>'
]
],
'specificAccessConflicts' => [
],
'specificResources' => [
],
'userCriteria' => [
'groupAppEntitlementsRef' => [
[
'appId' => '<string>',
'id' => '<string>'
]
],
'managerUserIds' => [
'<string>'
],
'multiUserProfileAttributes' => [
],
'userStatus' => [
]
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.post("https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"entitlements\": [\n {\n \"appEntitlementId\": \"<string>\",\n \"appId\": \"<string>\"\n }\n ],\n \"expandMask\": {\n \"paths\": [\n \"<string>\"\n ]\n },\n \"scopeV2\": {\n \"accountCelExpression\": {\n \"expression\": \"<string>\"\n },\n \"accountCriteria\": {\n \"accountTypes\": [],\n \"appUserStatuses\": [],\n \"noAccountOwner\": true\n },\n \"allAccessConflicts\": {},\n \"allAccounts\": {},\n \"allGrants\": {},\n \"allUsers\": {},\n \"appAccess\": {},\n \"appSelectionCriteria\": {\n \"complianceFrameworkAttributeValueIds\": [\n \"<string>\"\n ],\n \"riskLevelAttributeValueIds\": [\n \"<string>\"\n ]\n },\n \"celExpression\": {\n \"expression\": \"<string>\"\n },\n \"grantsByCriteria\": {\n \"accessProfileFilter\": {\n \"excludedAccessProfileIds\": [\n \"<string>\"\n ],\n \"includedAccessProfileIds\": [\n \"<string>\"\n ]\n },\n \"daysSinceAdded\": \"<string>\",\n \"daysSinceLastUsed\": \"<string>\",\n \"daysSinceReviewed\": \"<string>\",\n \"grantsAddedBetween\": {\n \"endDate\": \"2023-11-07T05:31:56Z\",\n \"startDate\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"resourceSelection\": {},\n \"resourceTypeSelections\": {},\n \"selectedUsers\": {\n \"userIds\": [\n \"<string>\"\n ]\n },\n \"specificAccessConflicts\": {},\n \"specificResources\": {},\n \"userCriteria\": {\n \"groupAppEntitlementsRef\": [\n {\n \"appId\": \"<string>\",\n \"id\": \"<string>\"\n }\n ],\n \"managerUserIds\": [\n \"<string>\"\n ],\n \"multiUserProfileAttributes\": {},\n \"userStatus\": []\n }\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/access_review/{access_review_id}/scope_and_entitlements")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"entitlements\": [\n {\n \"appEntitlementId\": \"<string>\",\n \"appId\": \"<string>\"\n }\n ],\n \"expandMask\": {\n \"paths\": [\n \"<string>\"\n ]\n },\n \"scopeV2\": {\n \"accountCelExpression\": {\n \"expression\": \"<string>\"\n },\n \"accountCriteria\": {\n \"accountTypes\": [],\n \"appUserStatuses\": [],\n \"noAccountOwner\": true\n },\n \"allAccessConflicts\": {},\n \"allAccounts\": {},\n \"allGrants\": {},\n \"allUsers\": {},\n \"appAccess\": {},\n \"appSelectionCriteria\": {\n \"complianceFrameworkAttributeValueIds\": [\n \"<string>\"\n ],\n \"riskLevelAttributeValueIds\": [\n \"<string>\"\n ]\n },\n \"celExpression\": {\n \"expression\": \"<string>\"\n },\n \"grantsByCriteria\": {\n \"accessProfileFilter\": {\n \"excludedAccessProfileIds\": [\n \"<string>\"\n ],\n \"includedAccessProfileIds\": [\n \"<string>\"\n ]\n },\n \"daysSinceAdded\": \"<string>\",\n \"daysSinceLastUsed\": \"<string>\",\n \"daysSinceReviewed\": \"<string>\",\n \"grantsAddedBetween\": {\n \"endDate\": \"2023-11-07T05:31:56Z\",\n \"startDate\": \"2023-11-07T05:31:56Z\"\n }\n },\n \"resourceSelection\": {},\n \"resourceTypeSelections\": {},\n \"selectedUsers\": {\n \"userIds\": [\n \"<string>\"\n ]\n },\n \"specificAccessConflicts\": {},\n \"specificResources\": {},\n \"userCriteria\": {\n \"groupAppEntitlementsRef\": [\n {\n \"appId\": \"<string>\",\n \"id\": \"<string>\"\n }\n ],\n \"managerUserIds\": [\n \"<string>\"\n ],\n \"multiUserProfileAttributes\": {},\n \"userStatus\": []\n }\n }\n}"
response = http.request(request)
puts response.read_body{
"expanded": [
{
"@type": "<string>"
}
],
"list": [
{
"accessReviewEntitlement": {
"accessReviewId": "<string>",
"appEntitlementId": "<string>",
"appId": "<string>",
"appResourceId": "<string>",
"appResourceTypeId": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"customPolicyId": "<string>",
"deletedAt": "2023-11-07T05:31:56Z",
"policyId": "<string>",
"tenantId": "<string>",
"updatedAt": "2023-11-07T05:31:56Z"
},
"appPath": "<string>",
"entitlementPath": "<string>",
"policyPath": "<string>"
}
],
"scopeV2": {
"accountCelExpression": {
"expression": "<string>"
},
"accountCriteria": {
"accountTypes": [],
"appUserStatuses": [],
"noAccountOwner": true
},
"allAccessConflicts": {},
"allAccounts": {},
"allGrants": {},
"allUsers": {},
"appAccess": {},
"appSelectionCriteria": {
"complianceFrameworkAttributeValueIds": [
"<string>"
],
"riskLevelAttributeValueIds": [
"<string>"
]
},
"celExpression": {
"expression": "<string>"
},
"grantsByCriteria": {
"accessProfileFilter": {
"excludedAccessProfileIds": [
"<string>"
],
"includedAccessProfileIds": [
"<string>"
]
},
"daysSinceAdded": "<string>",
"daysSinceLastUsed": "<string>",
"daysSinceReviewed": "<string>",
"grantsAddedBetween": {
"endDate": "2023-11-07T05:31:56Z",
"startDate": "2023-11-07T05:31:56Z"
}
},
"resourceSelection": {},
"resourceTypeSelections": {},
"selectedUsers": {
"userIds": [
"<string>"
]
},
"specificAccessConflicts": {},
"specificResources": {},
"userCriteria": {
"groupAppEntitlementsRef": [
{
"appId": "<string>",
"id": "<string>"
}
],
"managerUserIds": [
"<string>"
],
"multiUserProfileAttributes": {},
"userStatus": []
}
}
}Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.
Path Parameters
The ID of the access review campaign to configure.
Body
The AccessReviewSetupEntitlementAndScopeServiceSetRequest message.
The entitlements to include in the campaign. Replaces all previously selected entitlements.
Show child attributes
Show child attributes
The AccessReviewSetupEntitlementExpandMask message.
Show child attributes
Show child attributes
The AccessReviewScopeV2 message.
This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time:
- appAccess
- specificResources
- appSelectionCriteria
- resourceTypeSelections
This message contains a oneof named users_scope. Only a single field of the following list may be set at a time:
- allUsers
- selectedUsers
- userCriteria
- celExpression
This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time:
- allAccounts
- accountCriteria
- accountCelExpression
This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time:
- allGrants
- grantsByCriteria
This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time:
- allAccessConflicts
- specificAccessConflicts
This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time:
- resourceSelection
Show child attributes
Show child attributes
Response
Successful response
The AccessReviewSetupEntitlementAndScopeServiceSetResponse message.
Related objects requested via the expand mask.
Show child attributes
Show child attributes
The current list of setup entitlements for the campaign.
Show child attributes
Show child attributes
The AccessReviewScopeV2 message.
This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time:
- appAccess
- specificResources
- appSelectionCriteria
- resourceTypeSelections
This message contains a oneof named users_scope. Only a single field of the following list may be set at a time:
- allUsers
- selectedUsers
- userCriteria
- celExpression
This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time:
- allAccounts
- accountCriteria
- accountCelExpression
This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time:
- allGrants
- grantsByCriteria
This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time:
- allAccessConflicts
- specificAccessConflicts
This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time:
- resourceSelection
Show child attributes
Show child attributes
Was this page helpful?