Method: organizations.locations.entitlements.patch
Updates the entitlement specified in the request. Updated fields in the entitlement need to be specified in an update mask. The changes made to an entitlement are applicable only on future grants of the entitlement. However, if new approvers are added or existing approvers are removed from the approval workflow, the changes are effective on existing grants.
The following fields are not supported for updates:
- All immutable fields
- Entitlement name
- Resource name
- Resource type
- Adding an approval workflow in an entitlement which previously had no approval workflow.
- Deleting the approval workflow from an entitlement.
- Adding or deleting a step in the approval workflow (only one step is supported)
Note that updates are allowed on the list of approvers in an approval workflow step.
HTTP request
PATCH https://privilegedaccessmanager.googleapis.com/v1/{entitlement.name=organizations/*/locations/*/entitlements/*}
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters |
entitlement.name |
string
Identifier. Name of the entitlement. Possible formats:
organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}
|
Query parameters
| Parameters |
updateMask |
string (FieldMask format)
Required. The list of fields to update. A field is overwritten if, and only if, it is in the mask. Any immutable fields set in the mask are ignored by the server. Repeated fields and map fields are only allowed in the last position of a paths string and overwrite the existing values. Hence an update to a repeated field or a map should contain the entire list of values. The fields specified in the updateMask are relative to the resource and not to the request. (e.g. MaxRequestDuration; not entitlement.MaxRequestDuration) A value of '*' for this field refers to full replacement of the resource. This is a comma-separated list of fully qualified names of fields. Example: "user.displayName,photo".
|
Request body
The request body contains an instance of Entitlement.
Response body
If successful, the response body contains an instance of Operation.
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the name resource:
privilegedaccessmanager.entitlements.update
For more information, see the IAM documentation.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-21 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["\u003cp\u003eThis page details how to update an entitlement using a PATCH HTTP request to the specified URL, which adheres to gRPC Transcoding syntax.\u003c/p\u003e\n"],["\u003cp\u003eUpdating entitlements requires specifying the \u003ccode\u003eentitlement.name\u003c/code\u003e as a path parameter in the URL, which can be formatted for organizations, folders, or projects.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eupdateMask\u003c/code\u003e query parameter is mandatory and dictates which fields will be overwritten during the update, with full replacement achieved by using "*".\u003c/p\u003e\n"],["\u003cp\u003eThe request body should include an instance of the \u003ccode\u003eEntitlement\u003c/code\u003e resource, and a successful operation returns an \u003ccode\u003eOperation\u003c/code\u003e instance in the response body.\u003c/p\u003e\n"],["\u003cp\u003eUpdating an Entitlement requires the \u003ccode\u003eprivilegedaccessmanager.entitlements.update\u003c/code\u003e IAM permission, along with the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"]]],[],null,[]]
