> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Get Scope And Entitlements > GetScopeAndEntitlements retrieves the current scope configuration and selected entitlements for an access review template. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples get /api/v1/access_review_template/{access_review_template_id}/scope_and_entitlements openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/access_review_template/{access_review_template_id}/scope_and_entitlements: get: tags: - Access Review Templates summary: Get Scope And Entitlements description: >- GetScopeAndEntitlements retrieves the current scope configuration and selected entitlements for an access review template. operationId: >- c1.api.accessreview.v1.AccessReviewTemplateSetupEntitlementService.GetScopeAndEntitlements parameters: - in: path name: access_review_template_id required: true schema: description: >- The ID of the access review template to retrieve scope and entitlements for. readOnly: false type: string responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.accessreview.v1.AccessReviewTemplateSetupEntitlementServiceSetResponse description: Successful response x-codeSamples: - lang: go label: GetScopeAndEntitlements source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/operations\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.AccessReviewTemplateSetupEntitlement.GetScopeAndEntitlements(ctx, operations.C1APIAccessreviewV1AccessReviewTemplateSetupEntitlementServiceGetScopeAndEntitlementsRequest{\n AccessReviewTemplateID: \"\",\n })\n if err != nil {\n log.Fatal(err)\n }\n if res.AccessReviewTemplateSetupEntitlementServiceSetResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.accessReviewTemplateSetupEntitlement.getScopeAndEntitlements({ accessReviewTemplateId: "", }); console.log(result); } run(); components: schemas: c1.api.accessreview.v1.AccessReviewTemplateSetupEntitlementServiceSetResponse: description: The AccessReviewTemplateSetupEntitlementServiceSetResponse message. properties: expanded: description: Related objects requested via the expand mask. items: additionalProperties: true description: >- Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. properties: '@type': description: The type of the serialized message. type: string readOnly: false type: object nullable: true readOnly: false type: array list: description: The current list of setup entitlements for the template. items: $ref: >- #/components/schemas/c1.api.accessreview.v1.AccessReviewTemplateSetupEntitlementView nullable: true readOnly: false type: array scope: $ref: '#/components/schemas/c1.api.accessreview.v1.AccessReviewScopeV2' title: Access Review Template Setup Entitlement Service Set Response type: object x-speakeasy-name-override: AccessReviewTemplateSetupEntitlementServiceSetResponse c1.api.accessreview.v1.AccessReviewTemplateSetupEntitlementView: description: The AccessReviewTemplateSetupEntitlementView message. properties: accessReviewTemplateEntitlement: $ref: >- #/components/schemas/c1.api.accessreview.v1.AccessReviewTemplateSetupEntitlement appPath: description: The appPath field. readOnly: false type: string entitlementPath: description: The entitlementPath field. readOnly: false type: string policyPath: description: The policyPath field. readOnly: false type: string title: Access Review Template Setup Entitlement View type: object x-speakeasy-name-override: AccessReviewTemplateSetupEntitlementView c1.api.accessreview.v1.AccessReviewScopeV2: description: > The AccessReviewScopeV2 message. This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time: - appAccess - specificResources - appSelectionCriteria - resourceTypeSelections This message contains a oneof named users_scope. Only a single field of the following list may be set at a time: - allUsers - selectedUsers - userCriteria - celExpression This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time: - allAccounts - accountCriteria - accountCelExpression This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time: - allGrants - grantsByCriteria This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time: - allAccessConflicts - specificAccessConflicts This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time: - resourceSelection properties: accountCelExpression: $ref: '#/components/schemas/c1.api.accessreview.v1.CelExpressionScope' accountCriteria: $ref: '#/components/schemas/c1.api.accessreview.v1.AccountCriteriaScope' allAccessConflicts: $ref: '#/components/schemas/c1.api.accessreview.v1.AllAccessConflictsScope' allAccounts: $ref: '#/components/schemas/c1.api.accessreview.v1.AllAccountsScope' allGrants: $ref: '#/components/schemas/c1.api.accessreview.v1.AllGrantsScope' allUsers: $ref: '#/components/schemas/c1.api.accessreview.v1.AllUsersScope' appAccess: $ref: '#/components/schemas/c1.api.accessreview.v1.ApplicationAccessScope' appSelectionCriteria: $ref: >- #/components/schemas/c1.api.accessreview.v1.AppSelectionCriteriaScope celExpression: $ref: '#/components/schemas/c1.api.accessreview.v1.CelExpressionScope' grantsByCriteria: $ref: '#/components/schemas/c1.api.accessreview.v1.GrantsByCriteriaScope' resourceSelection: $ref: '#/components/schemas/c1.api.accessreview.v1.ResourceSelectionScope' resourceTypeSelections: $ref: >- #/components/schemas/c1.api.accessreview.v1.ResourceTypeSelectionScope selectedUsers: $ref: '#/components/schemas/c1.api.accessreview.v1.SelectedUsersScope' specificAccessConflicts: $ref: >- #/components/schemas/c1.api.accessreview.v1.SpecificAccessConflictsScope specificResources: $ref: '#/components/schemas/c1.api.accessreview.v1.SpecificResourcesScope' userCriteria: $ref: '#/components/schemas/c1.api.accessreview.v1.UserCriteriaScope' title: Access Review Scope V 2 type: object x-speakeasy-name-override: AccessReviewScopeV2 c1.api.accessreview.v1.AccessReviewTemplateSetupEntitlement: description: >- An entitlement that has been selected for inclusion in an access review template's scope. properties: accessReviewTemplateId: description: The ID of the access review template this entitlement belongs to. readOnly: false type: string appEntitlementId: description: The ID of the entitlement to be reviewed. readOnly: false type: string appId: description: The ID of the application that owns the entitlement. readOnly: false type: string appResourceId: description: >- The ID of the specific resource associated with this entitlement, if applicable. readOnly: false type: string appResourceTypeId: description: >- The ID of the resource type associated with this entitlement, if applicable. readOnly: false type: string createdAt: format: date-time readOnly: true type: string customPolicyId: description: >- An override policy ID for this specific entitlement. Populated when use_policy_override is enabled on the template. readOnly: false type: string deletedAt: format: date-time readOnly: true type: string policyId: description: >- The ID of the review policy applied to this entitlement. Defaults to the template policy. readOnly: false type: string tenantId: description: The tenant that owns this setup entitlement. readOnly: false type: string updatedAt: format: date-time readOnly: true type: string title: Access Review Template Setup Entitlement type: object x-speakeasy-name-override: AccessReviewTemplateSetupEntitlement c1.api.accessreview.v1.CelExpressionScope: description: The CelExpressionScope message. nullable: true properties: expression: description: The expression field. readOnly: false type: string title: Cel Expression Scope type: object x-speakeasy-name-override: CelExpressionScope c1.api.accessreview.v1.AccountCriteriaScope: description: The AccountCriteriaScope message. nullable: true properties: accountDomain: description: The accountDomain field. enum: - APP_USER_DOMAIN_UNSPECIFIED - APP_USER_DOMAIN_EXTERNAL - APP_USER_DOMAIN_TRUSTED readOnly: false type: string x-speakeasy-unknown-values: allow accountTypes: description: The accountTypes field. items: enum: - APP_USER_TYPE_UNSPECIFIED - APP_USER_TYPE_USER - APP_USER_TYPE_SERVICE_ACCOUNT - APP_USER_TYPE_SYSTEM_ACCOUNT type: string x-speakeasy-unknown-values: allow nullable: true readOnly: false type: array appUserStatuses: description: The appUserStatuses field. items: enum: - APP_USER_STATUS_UNSPECIFIED - APP_USER_STATUS_ENABLED - APP_USER_STATUS_DISABLED - APP_USER_STATUS_DELETED type: string x-speakeasy-unknown-values: allow nullable: true readOnly: false type: array noAccountOwner: description: The noAccountOwner field. readOnly: false type: boolean title: Account Criteria Scope type: object x-speakeasy-name-override: AccountCriteriaScope c1.api.accessreview.v1.AllAccessConflictsScope: description: The AllAccessConflictsScope message. nullable: true title: All Access Conflicts Scope type: object x-speakeasy-name-override: AllAccessConflictsScope c1.api.accessreview.v1.AllAccountsScope: description: The AllAccountsScope message. nullable: true title: All Accounts Scope type: object x-speakeasy-name-override: AllAccountsScope c1.api.accessreview.v1.AllGrantsScope: description: The AllGrantsScope message. nullable: true title: All Grants Scope type: object x-speakeasy-name-override: AllGrantsScope c1.api.accessreview.v1.AllUsersScope: description: The AllUsersScope message. nullable: true title: All Users Scope type: object x-speakeasy-name-override: AllUsersScope c1.api.accessreview.v1.ApplicationAccessScope: description: The ApplicationAccessScope message. nullable: true title: Application Access Scope type: object x-speakeasy-name-override: ApplicationAccessScope c1.api.accessreview.v1.AppSelectionCriteriaScope: description: The AppSelectionCriteriaScope message. nullable: true properties: complianceFrameworkAttributeValueIds: description: The complianceFrameworkAttributeValueIds field. items: type: string nullable: true readOnly: false type: array riskLevelAttributeValueIds: description: The riskLevelAttributeValueIds field. items: type: string nullable: true readOnly: false type: array title: App Selection Criteria Scope type: object x-speakeasy-name-override: AppSelectionCriteriaScope c1.api.accessreview.v1.GrantsByCriteriaScope: description: > The GrantsByCriteriaScope message. This message contains a oneof named criteria_filter. Only a single field of the following list may be set at a time: - daysSinceAdded - daysSinceReviewed - grantsAddedBetween nullable: true properties: accessProfileFilter: $ref: '#/components/schemas/c1.api.accessreview.v1.GrantAccessProfileFilter' daysSinceAdded: format: duration readOnly: false type: string daysSinceLastUsed: format: duration readOnly: false type: string daysSinceReviewed: format: duration readOnly: false type: string grantsAddedBetween: $ref: '#/components/schemas/c1.api.accessreview.v1.GrantsAddedBetween' sourceFilter: description: The sourceFilter field. enum: - GRANT_SOURCE_FILTER_UNSPECIFIED - GRANT_SOURCE_FILTER_DIRECT - GRANT_SOURCE_FILTER_INHERITED readOnly: false type: string x-speakeasy-unknown-values: allow typeFilter: description: The typeFilter field. enum: - GRANT_FILTER_TYPE_UNSPECIFIED - GRANT_FILTER_TYPE_PERMANENT - GRANT_FILTER_TYPE_TEMPORARY readOnly: false type: string x-speakeasy-unknown-values: allow title: Grants By Criteria Scope type: object x-speakeasy-name-override: GrantsByCriteriaScope c1.api.accessreview.v1.ResourceSelectionScope: description: The ResourceSelectionScope message. nullable: true title: Resource Selection Scope type: object x-speakeasy-name-override: ResourceSelectionScope c1.api.accessreview.v1.ResourceTypeSelectionScope: description: The ResourceTypeSelectionScope message. nullable: true title: Resource Type Selection Scope type: object x-speakeasy-name-override: ResourceTypeSelectionScope c1.api.accessreview.v1.SelectedUsersScope: description: The SelectedUsersScope message. nullable: true properties: userIds: description: The userIds field. items: type: string nullable: true readOnly: false type: array title: Selected Users Scope type: object x-speakeasy-name-override: SelectedUsersScope c1.api.accessreview.v1.SpecificAccessConflictsScope: description: The SpecificAccessConflictsScope message. nullable: true title: Specific Access Conflicts Scope type: object x-speakeasy-name-override: SpecificAccessConflictsScope c1.api.accessreview.v1.SpecificResourcesScope: description: The SpecificResourcesScope message. nullable: true title: Specific Resources Scope type: object x-speakeasy-name-override: SpecificResourcesScope c1.api.accessreview.v1.UserCriteriaScope: description: The UserCriteriaScope message. nullable: true properties: groupAppEntitlementsRef: description: The groupAppEntitlementsRef field. items: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlementRef' nullable: true readOnly: false type: array managerUserIds: description: The managerUserIds field. items: type: string nullable: true readOnly: false type: array multiUserProfileAttributes: additionalProperties: $ref: >- #/components/schemas/c1.api.accessreview.v1.IncludedUserAttributeValues description: The multiUserProfileAttributes field. readOnly: false type: object userStatus: description: The userStatus field. items: enum: - UNKNOWN - ENABLED - DISABLED - DELETED type: string x-speakeasy-unknown-values: allow nullable: true readOnly: false type: array title: User Criteria Scope type: object x-speakeasy-name-override: UserCriteriaScope c1.api.accessreview.v1.GrantAccessProfileFilter: description: The GrantAccessProfileFilter message. properties: excludedAccessProfileIds: description: |- Access profile IDs to EXCLUDE from the campaign Used when filter_type = EXCLUDE_SPECIFIC Max 32 profile IDs items: type: string nullable: true readOnly: false type: array filterType: description: The filterType field. enum: - ACCESS_PROFILE_FILTER_TYPE_UNSPECIFIED - ACCESS_PROFILE_FILTER_TYPE_INCLUDE_ALL - ACCESS_PROFILE_FILTER_TYPE_EXCLUDE_ALL - ACCESS_PROFILE_FILTER_TYPE_EXCLUDE_SPECIFIC - ACCESS_PROFILE_FILTER_TYPE_INCLUDE_SPECIFIC readOnly: false type: string x-speakeasy-unknown-values: allow includedAccessProfileIds: description: |- Access profile IDs to INCLUDE in the campaign Used when filter_type = INCLUDE_SPECIFIC Max 32 profile IDs items: type: string nullable: true readOnly: false type: array title: Grant Access Profile Filter type: object x-speakeasy-name-override: GrantAccessProfileFilter c1.api.accessreview.v1.GrantsAddedBetween: description: The GrantsAddedBetween message. nullable: true properties: endDate: format: date-time readOnly: false type: string startDate: format: date-time readOnly: false type: string title: Grants Added Between type: object x-speakeasy-name-override: GrantsAddedBetween c1.api.app.v1.AppEntitlementRef: description: The AppEntitlementRef message. properties: appId: description: The appId field. readOnly: false type: string id: description: The id field. readOnly: false type: string title: App Entitlement Ref type: object x-speakeasy-name-override: AppEntitlementRef c1.api.accessreview.v1.IncludedUserAttributeValues: description: The IncludedUserAttributeValues message. properties: values: description: The values field. items: $ref: >- #/components/schemas/c1.api.accessreview.v1.IncludedUserAttributeValue nullable: true readOnly: false type: array title: Included User Attribute Values type: object x-speakeasy-name-override: IncludedUserAttributeValues c1.api.accessreview.v1.IncludedUserAttributeValue: description: The IncludedUserAttributeValue message. properties: value: description: The value field. readOnly: false type: string title: Included User Attribute Value type: object x-speakeasy-name-override: IncludedUserAttributeValue securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````