Full name: projects.locations.instances.dataAccessScopes.create
Creates a data access scope. Data access scope is a combination of allowed and denied labels attached to a permission group. If a scope has allowed labels A and B and denied labels C and D, then the group of people attached to the scope will have permissions to see all events labeled with A or B (or both) and not labeled with either C or D.
HTTP request
POST https://chronicle.googleapis.com/v1alpha/{parent}/dataAccessScopes
Path parameters
Parameters
parent
string
Required. The parent resource where this Data Access Scope will be created. Format: projects/{project}/locations/{location}/instances/{instance}
Query parameters
Parameters
dataAccessScopeId
string
Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-14 UTC."],[[["\u003cp\u003eThis webpage details how to create a data access scope, which is a combination of allowed and denied labels applied to a permission group, specifying what events the group can access.\u003c/p\u003e\n"],["\u003cp\u003eCreating a data access scope involves making a POST request to a specific URL: \u003ccode\u003ehttps://chronicle.googleapis.com/v1alpha/{parent}/dataAccessScopes\u003c/code\u003e, where \u003ccode\u003e{parent}\u003c/code\u003e must be provided.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires a \u003ccode\u003edataAccessScopeId\u003c/code\u003e query parameter and an instance of \u003ccode\u003eDataAccessScope\u003c/code\u003e in the request body, and it will return the newly created instance of \u003ccode\u003eDataAccessScope\u003c/code\u003e in the response body.\u003c/p\u003e\n"],["\u003cp\u003eTo successfully create a data access scope, you must have the \u003ccode\u003echronicle.dataAccessScopes.create\u003c/code\u003e IAM permission on the parent resource and the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"]]],[],null,[]]
