Method: organizations.locations.entitlements.grants.deny
grants.deny is used to deny a grant. This method can only be called on a grant when it's in the APPROVAL_AWAITED state. This operation can't be undone.
HTTP request
POST https://privilegedaccessmanager.googleapis.com/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:deny
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters |
name |
string
Required. Name of the grant resource which is being denied.
|
Request body
The request body contains data with the following structure:
| JSON representation |
{
"reason": string
} |
| Fields |
reason |
string
Optional. The reason for denying this grant. This is required if requireApproverJustification field of the ManualApprovals workflow used in this grant is true.
|
Response body
If successful, the response body contains an instance of Grant.
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-21 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["\u003cp\u003eThis endpoint uses a POST request to deny a specific grant, and it can only be called when the grant's status is \u003ccode\u003eAPPROVAL_AWAITED\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires a \u003ccode\u003ename\u003c/code\u003e path parameter which represents the name of the grant resource being denied.\u003c/p\u003e\n"],["\u003cp\u003eThe request body, in JSON format, may include a \u003ccode\u003ereason\u003c/code\u003e field, which is a string and is mandatory if the associated workflow requires approver justification.\u003c/p\u003e\n"],["\u003cp\u003eA successful response returns an instance of a \u003ccode\u003eGrant\u003c/code\u003e, while the operation of denying the grant is irreversible.\u003c/p\u003e\n"],["\u003cp\u003eTo authorize this request, the OAuth scope \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e is required, as per the provided authentication guidelines.\u003c/p\u003e\n"]]],[],null,["# Method: organizations.locations.entitlements.grants.deny\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n- [Examples](#examples)\n- [Try it!](#try-it)\n\n`grants.deny` is used to deny a grant. This method can only be called on a grant when it's in the `APPROVAL_AWAITED` state. This operation can't be undone.\n\n### HTTP request\n\n`POST https://privilegedaccessmanager.googleapis.com/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:deny`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nIf successful, the response body contains an instance of [Grant](/iam/docs/reference/pam/rest/v1/folders.locations.entitlements.grants#Grant).\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](https://cloud.google.com/docs/authentication/)."]]
