Skip to main content
GET
/
api
/
v1
/
access_review_template
/
{access_review_template_id}
/
scope_and_entitlements
GetScopeAndEntitlements
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.AccessReviewTemplateSetupEntitlement.GetScopeAndEntitlements(ctx, operations.C1APIAccessreviewV1AccessReviewTemplateSetupEntitlementServiceGetScopeAndEntitlementsRequest{
        AccessReviewTemplateID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.AccessReviewTemplateSetupEntitlementServiceSetResponse != nil {
        // handle response
    }
}
{
  "expanded": [
    {
      "@type": "<string>"
    }
  ],
  "list": [
    {
      "accessReviewTemplateEntitlement": {
        "accessReviewTemplateId": "<string>",
        "appEntitlementId": "<string>",
        "appId": "<string>",
        "appResourceId": "<string>",
        "appResourceTypeId": "<string>",
        "createdAt": "2023-11-07T05:31:56Z",
        "customPolicyId": "<string>",
        "deletedAt": "2023-11-07T05:31:56Z",
        "policyId": "<string>",
        "tenantId": "<string>",
        "updatedAt": "2023-11-07T05:31:56Z"
      },
      "appPath": "<string>",
      "entitlementPath": "<string>",
      "policyPath": "<string>"
    }
  ],
  "scope": {
    "accountCelExpression": {
      "expression": "<string>"
    },
    "accountCriteria": {
      "accountTypes": [],
      "appUserStatuses": [],
      "noAccountOwner": true
    },
    "allAccessConflicts": {},
    "allAccounts": {},
    "allGrants": {},
    "allUsers": {},
    "appAccess": {},
    "appSelectionCriteria": {
      "complianceFrameworkAttributeValueIds": [
        "<string>"
      ],
      "riskLevelAttributeValueIds": [
        "<string>"
      ]
    },
    "celExpression": {
      "expression": "<string>"
    },
    "grantsByCriteria": {
      "accessProfileFilter": {
        "excludedAccessProfileIds": [
          "<string>"
        ],
        "includedAccessProfileIds": [
          "<string>"
        ]
      },
      "daysSinceAdded": "<string>",
      "daysSinceLastUsed": "<string>",
      "daysSinceReviewed": "<string>",
      "grantsAddedBetween": {
        "endDate": "2023-11-07T05:31:56Z",
        "startDate": "2023-11-07T05:31:56Z"
      }
    },
    "resourceSelection": {},
    "resourceTypeSelections": {},
    "selectedUsers": {
      "userIds": [
        "<string>"
      ]
    },
    "specificAccessConflicts": {},
    "specificResources": {},
    "userCriteria": {
      "groupAppEntitlementsRef": [
        {
          "appId": "<string>",
          "id": "<string>"
        }
      ],
      "managerUserIds": [
        "<string>"
      ],
      "multiUserProfileAttributes": {},
      "userStatus": []
    }
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

access_review_template_id
string
required

The ID of the access review template to retrieve scope and entitlements for.

Response

200 - application/json

Successful response

The AccessReviewTemplateSetupEntitlementServiceSetResponse message.

expanded
object[] | null

Related objects requested via the expand mask.

list
Access Review Template Setup Entitlement View · object[] | null

The current list of setup entitlements for the template.

scope
Access Review Scope V 2 · object

The AccessReviewScopeV2 message.

This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time:

  • appAccess
  • specificResources
  • appSelectionCriteria
  • resourceTypeSelections

This message contains a oneof named users_scope. Only a single field of the following list may be set at a time:

  • allUsers
  • selectedUsers
  • userCriteria
  • celExpression

This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time:

  • allAccounts
  • accountCriteria
  • accountCelExpression

This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time:

  • allGrants
  • grantsByCriteria

This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time:

  • allAccessConflicts
  • specificAccessConflicts

This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time:

  • resourceSelection