Method: organizations.locations.entitlements.patch
Updates the entitlement specified in the request. Updated fields in the entitlement need to be specified in an update mask. The changes made to an entitlement are applicable only on future grants of the entitlement. However, if new approvers are added or existing approvers are removed from the approval workflow, the changes are effective on existing grants.
The following fields are not supported for updates:
- All immutable fields
- Entitlement name
- Resource name
- Resource type
- Adding an approval workflow in an entitlement which previously had no approval workflow.
- Deleting the approval workflow from an entitlement.
- Adding or deleting a step in the approval workflow (only one step is supported)
Note that updates are allowed on the list of approvers in an approval workflow step.
HTTP request
PATCH https://privilegedaccessmanager.googleapis.com/v1beta/{entitlement.name=organizations/*/locations/*/entitlements/*}
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters |
entitlement.name |
string
Identifier. Name of the entitlement. Possible formats:
organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}
|
Query parameters
| Parameters |
updateMask |
string (FieldMask format)
Required. The list of fields to update. A field is overwritten if, and only if, it is in the mask. Any immutable fields set in the mask are ignored by the server. Repeated fields and map fields are only allowed in the last position of a paths string and overwrite the existing values. Hence an update to a repeated field or a map should contain the entire list of values. The fields specified in the updateMask are relative to the resource and not to the request. (e.g. MaxRequestDuration; not entitlement.MaxRequestDuration) A value of '*' for this field refers to full replacement of the resource. This is a comma-separated list of fully qualified names of fields. Example: "user.displayName,photo".
|
Request body
The request body contains an instance of Entitlement.
Response body
If successful, the response body contains an instance of Operation.
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the name resource:
privilegedaccessmanager.entitlements.update
For more information, see the IAM documentation.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-21 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["\u003cp\u003eThis webpage details how to update an entitlement using a PATCH HTTP request to the specified endpoint, including its URL format and required parameters.\u003c/p\u003e\n"],["\u003cp\u003eUpdates to entitlements are applied to future grants, except for changes to the approval workflow approvers, which take effect on existing grants.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires the \u003ccode\u003eupdateMask\u003c/code\u003e query parameter, which specifies the fields to be updated and is essential for modifying specific parts of the entitlement.\u003c/p\u003e\n"],["\u003cp\u003eCertain fields of the entitlement, including the name, resource name, and resource type, are immutable and cannot be updated, as well as the adding or deleting of an approval workflow.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must contain an instance of Entitlement, and success is indicated by a response body that includes an Operation instance, with the need for \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope and \u003ccode\u003eprivilegedaccessmanager.entitlements.update\u003c/code\u003e IAM permission.\u003c/p\u003e\n"]]],[],null,[]]
