- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
Full name: projects.locations.instances.dataAccessScopes.create
Creates a data access scope. Data access scope is a combination of allowed and denied labels attached to a permission group. If a scope has allowed labels A and B and denied labels C and D, then the group of people attached to the scope will have permissions to see all events labeled with A or B (or both) and not labeled with either C or D.
HTTP request
POST https://chronicle.googleapis.com/v1alpha/{parent}/dataAccessScopes
Path parameters
| Parameters | |
|---|---|
parent |
Required. The parent resource where this Data Access Scope will be created. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
| Parameters | |
|---|---|
dataAccessScopeId |
Required. The user provided scope id which will become the last part of the name of the scope resource. Needs to be compliant with https://google.aip.dev/122 |
Request body
The request body contains an instance of DataAccessScope.
Response body
If successful, the response body contains a newly created instance of DataAccessScope.
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the parent resource:
chronicle.dataAccessScopes.create
For more information, see the IAM documentation.