Method: dataAccessScopes.create

Full name: projects.locations.instances.dataAccessScopes.create

Creates a data access scope. Data access scope is a combination of allowed and denied labels attached to a permission group. If a scope has allowed labels A and B and denied labels C and D, then the group of people attached to the scope will have permissions to see all events labeled with A or B (or both) and not labeled with either C or D.

HTTP request


Path parameters



Required. The parent resource where this Data Access Scope will be created. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters



Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with

Request body

The request body contains an instance of DataAccessScope.

Response body

If successful, the response body contains a newly created instance of DataAccessScope.

Authorization scopes

Requires the following OAuth scope:


For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • chronicle.dataAccessScopes.create

For more information, see the IAM documentation.