Put resources

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

Resources to be updated

resources

object[]

required

A list of resources with information to update.

Show child attributes

resources.resource_id

string<uuid>

required

The ID of the resource.

Example:

"f454d283-ca87-4a8a-bdbb-df212eca5353"

resources.name

string

The name of the resource.

Example:

"my-mongo-db"

resources.description

string

A description of the resource.

Example:

"This resource represents AWS IAM role \"SupportUser\"."

resources.admin_owner_id

string<uuid>

The ID of the owner of the resource.

Example:

"7c86c85d-0651-43e2-a748-d69d658418e8"

resources.max_duration

integer

deprecated

The maximum duration for which the resource can be requested (in minutes). Use -1 to set to indefinite. Deprecated in favor of request_configurations.

Example:

120

resources.recommended_duration

integer

deprecated

The recommended duration for which the resource should be requested (in minutes). Will be the default value in a request. Use -1 to set to indefinite and 0 to unset. Deprecated in favor of request_configurations.

Example:

120

resources.require_manager_approval

boolean

deprecated

A bool representing whether or not access requests to the resource require manager approval.

Example:

false

resources.require_support_ticket

boolean

deprecated

A bool representing whether or not access requests to the resource require an access ticket. Deprecated in favor of request_configurations.

Example:

false

resources.folder_id

string<uuid>

deprecated

The ID of the folder that the resource is located in.

Example:

"e27cb7b0-98e2-4555-9916-9e6d8ca6b079"

resources.require_mfa_to_approve

boolean

A bool representing whether or not to require MFA for reviewers to approve requests for this resource.

Example:

false

resources.require_mfa_to_request

boolean

deprecated

A bool representing whether or not to require MFA for requesting access to this resource. Deprecated in favor of request_configurations.

Example:

false

resources.require_mfa_to_connect

boolean

A bool representing whether or not to require MFA to connect to this resource.

Example:

false

resources.auto_approval

boolean

deprecated

A bool representing whether or not to automatically approve requests to this resource. Deprecated in favor of request_configurations.

Example:

false

resources.ticket_propagation

object

Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource.

Show child attributes

resources.ticket_propagation.enabled_on_grant

boolean

required

resources.ticket_propagation.enabled_on_revocation

boolean

required

resources.ticket_propagation.ticket_provider

enum<string>

The third party ticketing platform provider.

Available options:

JIRA,

LINEAR,

SERVICE_NOW

Example:

"LINEAR"

resources.ticket_propagation.ticket_project_id

string

resources.custom_request_notification

string | null

Custom request notification sent upon request approval.

Maximum string length: 800

Example:

"Check your email to register your account."

resources.risk_sensitivity_override

enum<string>

Indicates the level of potential impact misuse or unauthorized access may incur.

Available options:

UNKNOWN,

CRITICAL,

HIGH,

MEDIUM,

LOW,

NONE

resources.configuration_template_id

string<uuid>

The ID of the associated configuration template.

Example:

"06851574-e50d-40ca-8c78-f72ae6ab4304"

resources.request_template_id

string<uuid>

deprecated

The ID of the associated request template. Deprecated in favor of request_configurations.

Example:

"06851574-e50d-40ca-8c78-f72ae6ab4304"

resources.is_requestable

boolean

deprecated

A bool representing whether or not to allow access requests to this resource. Deprecated in favor of request_configurations.

Example:

false

resources.extensions_duration_in_minutes

integer

deprecated

The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to.

Example:

120

resources.request_configurations

object[]

A list of configurations for requests to this resource. If not provided, the default request configuration will be used.

Show child attributes

resources.request_configurations.allow_requests

boolean

required

A bool representing whether or not to allow requests for this resource.

Example:

true

resources.request_configurations.auto_approval

boolean

required

A bool representing whether or not to automatically approve requests for this resource.

Example:

false

resources.request_configurations.require_mfa_to_request

boolean

required

A bool representing whether or not to require MFA for requesting access to this resource.

Example:

false

resources.request_configurations.require_support_ticket

boolean

required

A bool representing whether or not access requests to the resource require an access ticket.

Example:

false

resources.request_configurations.priority

integer

required

The priority of the request configuration.

Example:

1

resources.request_configurations.condition

object

The condition for the request configuration.

Show child attributes

resources.request_configurations.condition.group_ids

string<uuid>[]

The list of group IDs to match.

Example:

["1b978423-db0a-4037-a4cf-f79c60cb67b3"]

resources.request_configurations.condition.role_remote_ids

string[]

The list of role remote IDs to match.

Example:

[
  "arn:aws:iam::590304332660:role/AdministratorAccess"
]

Example:

{
  "group_ids": ["1b978423-db0a-4037-a4cf-f79c60cb67b3"]
}

resources.request_configurations.max_duration_minutes

integer

The maximum duration for which the resource can be requested (in minutes).

Example:

120

resources.request_configurations.recommended_duration_minutes

integer

The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.

Example:

120

resources.request_configurations.extensions_duration_in_minutes

integer

The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.

Example:

120

resources.request_configurations.request_template_id

string<uuid>

The ID of the associated request template.

Example:

"06851574-e50d-40ca-8c78-f72ae6ab4304"

resources.request_configurations.reviewer_stages

object[]

The list of reviewer stages for the request configuration.

Show child attributes

resources.request_configurations.reviewer_stages.require_manager_approval

boolean

required

Whether this reviewer stage should require manager approval.

Example:

false

resources.request_configurations.reviewer_stages.operator

enum<string>

required

The operator of the reviewer stage. Admin and manager approval are also treated as reviewers.

Available options:

AND,

OR

Example:

"AND"

resources.request_configurations.reviewer_stages.owner_ids

string<uuid>[]

required

resources.request_configurations.reviewer_stages.require_admin_approval

boolean

Whether this reviewer stage should require admin approval.

Example:

false

resources.request_configuration_list

object

deprecated

A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of request_configurations.

Show child attributes

resources.request_configuration_list.request_configurations

object[]

required

A list of request configurations to create.

Show child attributes

resources.request_configuration_list.request_configurations.allow_requests

boolean

required

A bool representing whether or not to allow requests for this resource.

Example:

true

resources.request_configuration_list.request_configurations.auto_approval

boolean

required

A bool representing whether or not to automatically approve requests for this resource.

Example:

false

resources.request_configuration_list.request_configurations.require_mfa_to_request

boolean

required

A bool representing whether or not to require MFA for requesting access to this resource.

Example:

false

resources.request_configuration_list.request_configurations.require_support_ticket

boolean

required

A bool representing whether or not access requests to the resource require an access ticket.

Example:

false

resources.request_configuration_list.request_configurations.priority

integer

required

The priority of the request configuration.

Example:

1

resources.request_configuration_list.request_configurations.condition

object

The condition for the request configuration.

Show child attributes

resources.request_configuration_list.request_configurations.condition.group_ids

string<uuid>[]

The list of group IDs to match.

Example:

["1b978423-db0a-4037-a4cf-f79c60cb67b3"]

resources.request_configuration_list.request_configurations.condition.role_remote_ids

string[]

The list of role remote IDs to match.

Example:

[
  "arn:aws:iam::590304332660:role/AdministratorAccess"
]

Example:

{
  "group_ids": ["1b978423-db0a-4037-a4cf-f79c60cb67b3"]
}

resources.request_configuration_list.request_configurations.max_duration_minutes

integer

The maximum duration for which the resource can be requested (in minutes).

Example:

120

resources.request_configuration_list.request_configurations.recommended_duration_minutes

integer

The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.

Example:

120

resources.request_configuration_list.request_configurations.extensions_duration_in_minutes

integer

The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.

Example:

120

resources.request_configuration_list.request_configurations.request_template_id

string<uuid>

The ID of the associated request template.

Example:

"06851574-e50d-40ca-8c78-f72ae6ab4304"

resources.request_configuration_list.request_configurations.reviewer_stages

object[]

The list of reviewer stages for the request configuration.

Show child attributes

resources.request_configuration_list.request_configurations.reviewer_stages.require_manager_approval

boolean

required

Whether this reviewer stage should require manager approval.

Example:

false

resources.request_configuration_list.request_configurations.reviewer_stages.operator

enum<string>

required

The operator of the reviewer stage. Admin and manager approval are also treated as reviewers.

Available options:

AND,

OR

Example:

"AND"

resources.request_configuration_list.request_configurations.reviewer_stages.owner_ids

string<uuid>[]

required

resources.request_configuration_list.request_configurations.reviewer_stages.require_admin_approval

boolean

Whether this reviewer stage should require admin approval.

Example:

false

Example:

{
  "request_configurations": [
    {
      "request_configuration_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
      "organization_id": "w86c85d-0651-43e2-a748-d69d658418e8",
      "condition": null,
      "allow_requests": true,
      "auto_approval": false,
      "require_mfa_to_request": false,
      "max_duration_minutes": 120,
      "recommended_duration_minutes": 120,
      "require_support_ticket": false,
      "reviewer_stages": [
        {
          "reviewer_stage_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
          "owner_ids": [
            "37cb7e41-12ba-46da-92ff-030abe0450b1",
            "37cb7e41-12ba-46da-92ff-030abe0450b2"
          ],
          "stage": 1
        }
      ],
      "priority": 0
    },
    {
      "request_configuration_id": "7c86c85d-0651-43e2-a748-d69d658418e9",
      "organization_id": "w86c85d-0651-43e2-a748-d69d658418e8",
      "condition": {
        "group_id": "1b978423-db0a-4037-a4cf-f79c60cb67b4"
      },
      "allow_requests": true,
      "auto_approval": false,
      "require_mfa_to_request": false,
      "max_duration_minutes": 120,
      "recommended_duration_minutes": 120,
      "require_support_ticket": false,
      "reviewer_stages": [
        {
          "reviewer_stage_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
          "owner_ids": [
            "37cb7e41-12ba-46da-92ff-030abe0450b1",
            "37cb7e41-12ba-46da-92ff-030abe0450b2"
          ],
          "stage": 1
        }
      ],
      "priority": 1
    }
  ]
}

Response

200 - application/json

The resulting updated resource infos.

resources

object[]

required

A list of resources with information to update.

Show child attributes

resources.resource_id

string<uuid>

required

The ID of the resource.

Example:

"f454d283-ca87-4a8a-bdbb-df212eca5353"

resources.name

string

The name of the resource.

Example:

"my-mongo-db"

resources.description

string

A description of the resource.

Example:

"This resource represents AWS IAM role \"SupportUser\"."

resources.admin_owner_id

string<uuid>

The ID of the owner of the resource.

Example:

"7c86c85d-0651-43e2-a748-d69d658418e8"

resources.max_duration

integer

deprecated

The maximum duration for which the resource can be requested (in minutes). Use -1 to set to indefinite. Deprecated in favor of request_configurations.

Example:

120

resources.recommended_duration

integer

deprecated

Example:

120

resources.require_manager_approval

boolean

deprecated

A bool representing whether or not access requests to the resource require manager approval.

Example:

false

resources.require_support_ticket

boolean

deprecated

A bool representing whether or not access requests to the resource require an access ticket. Deprecated in favor of request_configurations.

Example:

false

resources.folder_id

string<uuid>

deprecated

The ID of the folder that the resource is located in.

Example:

"e27cb7b0-98e2-4555-9916-9e6d8ca6b079"

resources.require_mfa_to_approve

boolean

A bool representing whether or not to require MFA for reviewers to approve requests for this resource.

Example:

false

resources.require_mfa_to_request

boolean

deprecated

A bool representing whether or not to require MFA for requesting access to this resource. Deprecated in favor of request_configurations.

Example:

false

resources.require_mfa_to_connect

boolean

A bool representing whether or not to require MFA to connect to this resource.

Example:

false

resources.auto_approval

boolean

deprecated

A bool representing whether or not to automatically approve requests to this resource. Deprecated in favor of request_configurations.

Example:

false

resources.ticket_propagation

object

Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource.

Show child attributes

resources.ticket_propagation.enabled_on_grant

boolean

required

resources.ticket_propagation.enabled_on_revocation

boolean

required

resources.ticket_propagation.ticket_provider

enum<string>

The third party ticketing platform provider.

Available options:

JIRA,

LINEAR,

SERVICE_NOW

Example:

"LINEAR"

resources.ticket_propagation.ticket_project_id

string

resources.custom_request_notification

string | null

Custom request notification sent upon request approval.

Maximum string length: 800

Example:

"Check your email to register your account."

resources.risk_sensitivity_override

enum<string>

Indicates the level of potential impact misuse or unauthorized access may incur.

Available options:

UNKNOWN,

CRITICAL,

HIGH,

MEDIUM,

LOW,

NONE

resources.configuration_template_id

string<uuid>

The ID of the associated configuration template.

Example:

"06851574-e50d-40ca-8c78-f72ae6ab4304"

resources.request_template_id

string<uuid>

deprecated

The ID of the associated request template. Deprecated in favor of request_configurations.

Example:

"06851574-e50d-40ca-8c78-f72ae6ab4304"

resources.is_requestable

boolean

deprecated

A bool representing whether or not to allow access requests to this resource. Deprecated in favor of request_configurations.

Example:

false

resources.extensions_duration_in_minutes

integer

deprecated

The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to.

Example:

120

resources.request_configurations

object[]

A list of configurations for requests to this resource. If not provided, the default request configuration will be used.

Show child attributes

resources.request_configurations.allow_requests

boolean

required

A bool representing whether or not to allow requests for this resource.

Example:

true

resources.request_configurations.auto_approval

boolean

required

A bool representing whether or not to automatically approve requests for this resource.

Example:

false

resources.request_configurations.require_mfa_to_request

boolean

required

A bool representing whether or not to require MFA for requesting access to this resource.

Example:

false

resources.request_configurations.require_support_ticket

boolean

required

A bool representing whether or not access requests to the resource require an access ticket.

Example:

false

resources.request_configurations.priority

integer

required

The priority of the request configuration.

Example:

1

resources.request_configurations.condition

object

The condition for the request configuration.

Show child attributes

resources.request_configurations.condition.group_ids

string<uuid>[]

The list of group IDs to match.

Example:

["1b978423-db0a-4037-a4cf-f79c60cb67b3"]

resources.request_configurations.condition.role_remote_ids

string[]

The list of role remote IDs to match.

Example:

[
  "arn:aws:iam::590304332660:role/AdministratorAccess"
]

Example:

{
  "group_ids": ["1b978423-db0a-4037-a4cf-f79c60cb67b3"]
}

resources.request_configurations.max_duration_minutes

integer

The maximum duration for which the resource can be requested (in minutes).

Example:

120

resources.request_configurations.recommended_duration_minutes

integer

The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.

Example:

120

resources.request_configurations.extensions_duration_in_minutes

integer

The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.

Example:

120

resources.request_configurations.request_template_id

string<uuid>

The ID of the associated request template.

Example:

"06851574-e50d-40ca-8c78-f72ae6ab4304"

resources.request_configurations.reviewer_stages

object[]

The list of reviewer stages for the request configuration.

Show child attributes

resources.request_configurations.reviewer_stages.require_manager_approval

boolean

required

Whether this reviewer stage should require manager approval.

Example:

false

resources.request_configurations.reviewer_stages.operator

enum<string>

required

The operator of the reviewer stage. Admin and manager approval are also treated as reviewers.

Available options:

AND,

OR

Example:

"AND"

resources.request_configurations.reviewer_stages.owner_ids

string<uuid>[]

required

resources.request_configurations.reviewer_stages.require_admin_approval

boolean

Whether this reviewer stage should require admin approval.

Example:

false

resources.request_configuration_list

object

deprecated

A list of configurations for requests to this resource. If not provided, the default request configuration will be used. Deprecated in favor of request_configurations.

Show child attributes

resources.request_configuration_list.request_configurations

object[]

required

A list of request configurations to create.

Show child attributes

resources.request_configuration_list.request_configurations.allow_requests

boolean

required

A bool representing whether or not to allow requests for this resource.

Example:

true

resources.request_configuration_list.request_configurations.auto_approval

boolean

required

A bool representing whether or not to automatically approve requests for this resource.

Example:

false

resources.request_configuration_list.request_configurations.require_mfa_to_request

boolean

required

A bool representing whether or not to require MFA for requesting access to this resource.

Example:

false

resources.request_configuration_list.request_configurations.require_support_ticket

boolean

required

A bool representing whether or not access requests to the resource require an access ticket.

Example:

false

resources.request_configuration_list.request_configurations.priority

integer

required

The priority of the request configuration.

Example:

1

resources.request_configuration_list.request_configurations.condition

object

The condition for the request configuration.

Show child attributes

resources.request_configuration_list.request_configurations.condition.group_ids

string<uuid>[]

The list of group IDs to match.

Example:

["1b978423-db0a-4037-a4cf-f79c60cb67b3"]

resources.request_configuration_list.request_configurations.condition.role_remote_ids

string[]

The list of role remote IDs to match.

Example:

[
  "arn:aws:iam::590304332660:role/AdministratorAccess"
]

Example:

{
  "group_ids": ["1b978423-db0a-4037-a4cf-f79c60cb67b3"]
}

resources.request_configuration_list.request_configurations.max_duration_minutes

integer

The maximum duration for which the resource can be requested (in minutes).

Example:

120

resources.request_configuration_list.request_configurations.recommended_duration_minutes

integer

The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.

Example:

120

resources.request_configuration_list.request_configurations.extensions_duration_in_minutes

integer

The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.

Example:

120

resources.request_configuration_list.request_configurations.request_template_id

string<uuid>

The ID of the associated request template.

Example:

"06851574-e50d-40ca-8c78-f72ae6ab4304"

resources.request_configuration_list.request_configurations.reviewer_stages

object[]

The list of reviewer stages for the request configuration.

Show child attributes

resources.request_configuration_list.request_configurations.reviewer_stages.require_manager_approval

boolean

required

Whether this reviewer stage should require manager approval.

Example:

false

resources.request_configuration_list.request_configurations.reviewer_stages.operator

enum<string>

required

The operator of the reviewer stage. Admin and manager approval are also treated as reviewers.

Available options:

AND,

OR

Example:

"AND"

resources.request_configuration_list.request_configurations.reviewer_stages.owner_ids

string<uuid>[]

required

resources.request_configuration_list.request_configurations.reviewer_stages.require_admin_approval

boolean

Whether this reviewer stage should require admin approval.

Example:

false

Example:

{
  "request_configurations": [
    {
      "request_configuration_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
      "organization_id": "w86c85d-0651-43e2-a748-d69d658418e8",
      "condition": null,
      "allow_requests": true,
      "auto_approval": false,
      "require_mfa_to_request": false,
      "max_duration_minutes": 120,
      "recommended_duration_minutes": 120,
      "require_support_ticket": false,
      "reviewer_stages": [
        {
          "reviewer_stage_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
          "owner_ids": [
            "37cb7e41-12ba-46da-92ff-030abe0450b1",
            "37cb7e41-12ba-46da-92ff-030abe0450b2"
          ],
          "stage": 1
        }
      ],
      "priority": 0
    },
    {
      "request_configuration_id": "7c86c85d-0651-43e2-a748-d69d658418e9",
      "organization_id": "w86c85d-0651-43e2-a748-d69d658418e8",
      "condition": {
        "group_id": "1b978423-db0a-4037-a4cf-f79c60cb67b4"
      },
      "allow_requests": true,
      "auto_approval": false,
      "require_mfa_to_request": false,
      "max_duration_minutes": 120,
      "recommended_duration_minutes": 120,
      "require_support_ticket": false,
      "reviewer_stages": [
        {
          "reviewer_stage_id": "7c86c85d-0651-43e2-a748-d69d658418e8",
          "owner_ids": [
            "37cb7e41-12ba-46da-92ff-030abe0450b1",
            "37cb7e41-12ba-46da-92ff-030abe0450b2"
          ],
          "stage": 1
        }
      ],
      "priority": 1
    }
  ]
}

API Concepts

SDKs

Opal API

Authorizations

Body

Response