Skip to main content
POST
/
api
/
v1
/
access_review_template
Create
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.AccessReviewTemplate.Create(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.AccessReviewTemplateServiceCreateResponse != nil {
        // handle response
    }
}
{
  "accessReviewTemplate": {
    "accessReviewDuration": "<string>",
    "autoCloseCampaign": true,
    "autoGenerateReport": true,
    "autoStartCampaign": true,
    "columnConfig": {
      "columns": []
    },
    "createdAt": "2023-11-07T05:31:56Z",
    "deletedAt": "2023-11-07T05:31:56Z",
    "description": "<string>",
    "displayName": "<string>",
    "exemptCertifiedAccessConflicts": true,
    "id": "<string>",
    "inclusionScope": {
      "appUserStatuses": [],
      "appUserTypes": [],
      "managerIds": [
        "<string>"
      ],
      "multiUserProfileAttributes": {},
      "noAccountOwners": true,
      "userIds": [
        "<string>"
      ],
      "userStatuses": []
    },
    "isCampaignScheduleEnabled": true,
    "nextScheduledCampaignAt": "2023-11-07T05:31:56Z",
    "notificationConfig": {
      "sendClose": true,
      "sendKickoff": true,
      "sendReminders": true
    },
    "occurrences": 123,
    "policyId": "<string>",
    "recurrenceRule": {
      "endDate": "2023-11-07T05:31:56Z",
      "interval": 123,
      "occurrences": 123,
      "startDate": "2023-11-07T05:31:56Z"
    },
    "reviewInstructions": "<string>",
    "scope": {
      "accountCelExpression": {
        "expression": "<string>"
      },
      "accountCriteria": {
        "accountTypes": [],
        "appUserStatuses": [],
        "noAccountOwner": true
      },
      "allAccessConflicts": {},
      "allAccounts": {},
      "allGrants": {},
      "allUsers": {},
      "appAccess": {},
      "appSelectionCriteria": {
        "complianceFrameworkAttributeValueIds": [
          "<string>"
        ],
        "riskLevelAttributeValueIds": [
          "<string>"
        ]
      },
      "celExpression": {
        "expression": "<string>"
      },
      "grantsByCriteria": {
        "accessProfileFilter": {
          "excludedAccessProfileIds": [
            "<string>"
          ],
          "includedAccessProfileIds": [
            "<string>"
          ]
        },
        "daysSinceAdded": "<string>",
        "daysSinceLastUsed": "<string>",
        "daysSinceReviewed": "<string>",
        "grantsAddedBetween": {
          "endDate": "2023-11-07T05:31:56Z",
          "startDate": "2023-11-07T05:31:56Z"
        }
      },
      "resourceSelection": {},
      "resourceTypeSelections": {},
      "selectedUsers": {
        "userIds": [
          "<string>"
        ]
      },
      "specificAccessConflicts": {},
      "specificResources": {},
      "userCriteria": {
        "groupAppEntitlementsRef": [
          {
            "appId": "<string>",
            "id": "<string>"
          }
        ],
        "managerUserIds": [
          "<string>"
        ],
        "multiUserProfileAttributes": {},
        "userStatus": []
      }
    },
    "signatureConfig": {
      "meaningOfSignature": "<string>",
      "requireSignature": true,
      "stepUpProviderId": "<string>",
      "tspUrl": "<string>"
    },
    "slackChannel": {
      "description": "<string>",
      "name": "<string>"
    },
    "updatedAt": "2023-11-07T05:31:56Z",
    "usePolicyOverride": true
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Body

application/json

The AccessReviewTemplateServiceCreateRequest message.

accessReviewDuration
string<duration>
accuracyIssueAction
enum<string>

The accuracyIssueAction field.

Available options:
ACCURACY_ISSUE_ACTION_UNSPECIFIED,
ACCURACY_ISSUE_ACTION_CONTINUE,
ACCURACY_ISSUE_ACTION_WAIT
autoCloseCampaign
boolean

The autoCloseCampaign field.

autoCloseDecision
enum<string>

The autoCloseDecision field.

Available options:
CLOSE_DECISION_UNSPECIFIED,
CLOSE_DECISION_REVOKED,
CLOSE_DECISION_SKIP,
CLOSE_DECISION_NO_ACTION
autoGenerateReport
boolean

auto generate report when campaign is closed

autoStartCampaign
boolean

The autoStartCampaign field.

columnConfig
Access Review Column Config · object

Configuration for which columns are visible in the reviewer task list.

defaultView
enum<string>

The defaultView field.

Available options:
ACCESS_REVIEW_VIEW_TYPE_UNSPECIFIED,
ACCESS_REVIEW_VIEW_TYPE_BY_APP,
ACCESS_REVIEW_VIEW_TYPE_BY_USER,
ACCESS_REVIEW_VIEW_TYPE_UNSTRUCTURED,
ACCESS_REVIEW_VIEW_TYPE_BY_RESOURCE
description
string

An optional description providing context about the template.

displayName
string

The display name for the new template.

exemptCertifiedAccessConflicts
boolean

The exemptCertifiedAccessConflicts field.

isCampaignScheduleEnabled
boolean

The isCampaignScheduleEnabled field.

notificationConfig
Notification Config · object

Controls which email notifications are sent during the access review lifecycle.

ownerIds
string[] | null

The IDs of the users who own this template. At least one owner is required.

policyId
string

The ID of the default review policy for campaigns created from this template.

recurrenceRule
Recurrence Rule · object

The RecurrenceRule message.

This message contains a oneof named end_condition. Only a single field of the following list may be set at a time:

  • endDate
  • occurrences
reviewInstructions
string

The reviewInstructions field.

scope
Access Review Scope V 2 · object

The AccessReviewScopeV2 message.

This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time:

  • appAccess
  • specificResources
  • appSelectionCriteria
  • resourceTypeSelections

This message contains a oneof named users_scope. Only a single field of the following list may be set at a time:

  • allUsers
  • selectedUsers
  • userCriteria
  • celExpression

This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time:

  • allAccounts
  • accountCriteria
  • accountCelExpression

This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time:

  • allGrants
  • grantsByCriteria

This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time:

  • allAccessConflicts
  • specificAccessConflicts

This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time:

  • resourceSelection
scopeType
enum<string>

The scopeType field.

Available options:
ACCESS_REVIEW_SCOPE_TYPE_UNSPECIFIED,
ACCESS_REVIEW_SCOPE_TYPE_BY_ENTITLEMENTS,
ACCESS_REVIEW_SCOPE_TYPE_BY_ACCESS_CONFLICTS,
ACCESS_REVIEW_SCOPE_TYPE_BY_RESOURCE,
ACCESS_REVIEW_SCOPE_TYPE_BY_INHERITANCE
signatureConfig
Review Signature Config · object

Signature configuration for access review submissions

usePolicyOverride
boolean

The usePolicyOverride field.

Response

200 - application/json

Successful response

The AccessReviewTemplateServiceCreateResponse message.

accessReviewTemplate
Access Review Template · object

A reusable template that defines the configuration for creating access review campaigns. Templates can optionally be scheduled to automatically create campaigns on a recurring basis.

This message contains a oneof named slack_channel_details. Only a single field of the following list may be set at a time:

  • slackChannel