Method: projects.locations.entitlements.patch
Updates the entitlement specified in the request. Updated fields in the entitlement need to be specified in an update mask. The changes made to an entitlement are applicable only on future grants of the entitlement. However, if new approvers are added or existing approvers are removed from the approval workflow, the changes are effective on existing grants.
The following fields are not supported for updates:
- All immutable fields
- Entitlement name
- Resource name
- Resource type
- Adding an approval workflow in an entitlement which previously had no approval workflow.
- Deleting the approval workflow from an entitlement.
- Adding or deleting a step in the approval workflow (only one step is supported)
Note that updates are allowed on the list of approvers in an approval workflow step.
HTTP request
PATCH https://privilegedaccessmanager.googleapis.com/v1/{entitlement.name=projects/*/locations/*/entitlements/*}
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters |
entitlement.name |
string
Identifier. Name of the entitlement. Possible formats:
organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}
|
Query parameters
| Parameters |
updateMask |
string (FieldMask format)
Required. The list of fields to update. A field is overwritten if, and only if, it is in the mask. Any immutable fields set in the mask are ignored by the server. Repeated fields and map fields are only allowed in the last position of a paths string and overwrite the existing values. Hence an update to a repeated field or a map should contain the entire list of values. The fields specified in the updateMask are relative to the resource and not to the request. (e.g. MaxRequestDuration; not entitlement.MaxRequestDuration) A value of '*' for this field refers to full replacement of the resource. This is a comma-separated list of fully qualified names of fields. Example: "user.displayName,photo".
|
Request body
The request body contains an instance of Entitlement.
Response body
If successful, the response body contains an instance of Operation.
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the name resource:
privilegedaccessmanager.entitlements.update
For more information, see the IAM documentation.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-21 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["This endpoint updates an existing entitlement, with changes applying only to future grants, except for modifications to the approval workflow's approvers, which apply to existing grants."],["The HTTP request uses the PATCH method and requires specifying the entitlement's name in the URL path, following gRPC Transcoding syntax."],["You can specify which fields to update using the `updateMask` query parameter, but some fields are immutable and cannot be changed (including adding or removing approval workflows)."],["The request body should include an instance of the `Entitlement` resource, while the response body will contain an instance of the `Operation` resource upon success."],["To use this endpoint, the request needs to include OAuth scope `https://www.googleapis.com/auth/cloud-platform`, and the user must have the `privilegedaccessmanager.entitlements.update` IAM permission."]]],[]]
