Bulk Reviews Upload API (Early Access)

BalkanID Access Reviews Upload CSV Format

In this section, we will explain the BalkanID Access Reviews CSV format.

Sample CSV 1

This example contains example of both updating a pre-existing review and creating a new review.

ID	Identity ID	Identity Name	Identity Username	Identity Email	Job Title	Department	Manager	Employment Type	Campaign Name	Request ID	Application ID	Application Name	Connection	Connection Type	Reviewer	Reviewer ID*	Created At	Reviews Status	Updated At*	Updated By*	Resource	Resource Type	Permission Name	Permission Value	Project	Review Type	Recommendation
01ZZ2	C235123dss24w	John	john.m	john.m@org.com	Engineer	Engineering	Michael	Full time - 123	Example Campaign Name		google/01HETV	google	Core Engineering	group	James Morgen	james@org.com	2023-10-01	approved	2023-10-04	james@org.com	CLI	application	access	true	GeminiAI	existing	{"value": "approve", "explanation": "testing"}
01ZZ3	C235123dss24w	John	john.m	john.m@org.com	Engineer	Engineering	Michael	Full time - 123		DneEStYN89dImw	google/01HETV	google	Core Engineering	group	James Morgen	james@org.com	2023-10-01	approved	2023-10-04	james@org.com	CLI	application	access	true	GeminiAI	grant	{"value": "deny", "explanation": "}
	C235123dss24w	John	gitJohnIt	john.m@org.com	Engineer	Engineering	Michael	Full time - 123	Example Campaign Name 2		github/01EETV	github	Testing	team		james@org.com	2023-10-04			james@org.com	core	repository	access	true	Clippy	revoke	{"value": ", "explanation": "}

In the above CSV,

Row 1 with ID 01ZZ2 is used to update a pre-existing review on a campaign with the Campaign Name as "Example Campaign Name"

Row 2 with ID 01ZZ3 is used to update a pre-existing review on a request with Request ID as DneEStYN89dImw

Row 3 is used to create a review on a pre-existing campaign with Campaign Name "Example Campaign Name 2", make sure the campaign is draft

Sample CSV 2

This example contains example of creating new reviews on a Campaign or on a Request

Identity ID	Identity Email	Identity Username	Campaign Name	Application ID	Application Name	Reviewer ID*	Updated By*	Updated At*	Permission Name	Permission Value	Project	Review Type	Created At	Resource	Resource Type	Connection	Connection Type
	john@org.com		revoke OverEnt - Dec 08, 2023, 05:34 PM	google/01HETV	google	trevor@org.com	trevor@org.com	2023-10-02	read	true	Project-Miami	existing	2023-10-02
C235123d23sx			revoke OverEnt - Dec 08, 2023, 05:34 PM	google/01HETV	google	trevor@org.com	trevor@org.com	2023-10-02	write	true	Project-Miami	existing	2023-10-02	assets	storage
C235123d23sx	trevor@org.com	trevor	revoke OverEnt - Dec 08, 2023,05:34 PM	google/01HETV	google	michael@org.com	michael@org.com	2023-10-02	maintain	true	Project-Miami	existing	2023-10-02	assets	storage
		john.m	DneEStYN89dI	google/01HETV	google	trevor@org.com	trevor@org.com	2023-10-02	read	true	Project-Miami	existing	2023-10-02	CLI docs	documentation	Support	group
NOTE: Columns with * are required always.

NOTE: You can either pass one of: "Identity ID", "Identity Email" or "Identity Username", or can pass all of them

In order to update review status(besides the status as "created") of reviews belonging to a Campaign, make sure the Campaign state should not be draft

The correct sequence to upload reviews and change its status is:

Utilise Bulk Campaign Upload API to generate a new campaign, this will create a campaign with the status as "Draft"

Upload the Reviews for that campaign and wait for the changes to propagate in your tenant

Update the Campaign using Bulk Campaign Upload API and change the status from draft and wait for the changes to propagate in your tenant

Now, utilise the Bulk Reviews Upload to update status of the review.

Column Definitions

Column Name	Column Description
ID	Optional, required if doing a status change: Contains the unique ID of the review.
Identity ID	Optional, unique ID of the identity in the application.
Identity Name	Optional, Name of the identity.
Identity Email	Optional, required if creating a new review: Email of the identity.
Identity Username	Optional, required if creating a new review:Username of the identity.
Job Title	Optional, The job title of identity, for which the access review needs to be done.
Department	Optional, The department to which the identity belongs, for which the access review needs to be done.
Manager	Optional, The job title of identity, for which the access review needs to be done.
Employment Type	Optional, Employment type of the identity, such as Full-Time, Salaried, Contractor, Intern, etc.
Campaign Name	Optional, required if creating a new review under a campaign: Name of the campaign (campaign must exist in tenant).
Campaign ID	Optional, required if creating a new review under a campaign: ID of the campaign (campaign must exist in tenant).
Request ID	Optional, required if creating a new review under an access request: Unique ID of the request.
Application ID	Optional, required if creating a new review:
Application Name	Optional, required if creating a new review: Name of the application for which review is created.
Application Description	Optional, Description of the application.
Connection	Optional, required if Connection Type is present: Connection describes how the identity (identified by the Username) gains the privilege (identified by Privilege Name and Privilege Value) to the resource (identified by Resource and Resource Type). In the sample CSV, the connection is the repository role granted to the identity: “read” and “admin”.
Connection Type	*Optional, required if Connection is Connection Type describes the type of the Connection. Typical connection types are “role”, “policy”, “group”, but can include others depending on your application authorization structure. In the sample CSV, this is “repository-role”.
Reviewer ID	Required, email of the reviewer.
Created At	Optional, creation date of the review.
Review Status	Optional, required if changing status of a pre-existing review: Allows `approved` for approving a review, `rejected` for rejecting a review, `delegated` for delegating/reassigning it to someone else. Allows any of `created`, `started`, `stopped`, `request_info` to update recommendation.
Updated By	Required: Email of the user who changed status of review, must be the same email who was assigned the review.
Updated At	Required, Date at which the review of updated or created, in the format YYYY-MM-DD.
Resource	Optional, required if creating a new review: resource name.
Resource Type	Optional, required if creating a new review: resource type.
Permission Name	Optional, required if creating a new review: Name of the permission.
Permission Value	Optional, required if creating a new review: Takes true or false.
Project	Optional, Name of the project.
Review Type	Optional, Type of the review, can be grant or revoke or existing
Recommendation	Optional, Recommendation for the review. Format: {"value": One of {"approve", "deny" or "} , "explanation": "testing"}

Upload the CSV file via the pre-signed URL

After retrieving the pre-signed URL in the previous step, all that remains is to upload the CSV in BalkanID Canonical CSV format to the pre-signed URL.
Below is a summary of the request using curl:

The request URL is the pre-signed URL from previous step.

The request method is PUT.

Required request body is the CSV in BalkanID Access Reviews CSV format.

application/json

upload url response

Body

Upload URL endpoint response

url

string

required

The value is the pre-signed URL to which to upload your CSV file.

Example

{
    "url": "string"
}

Bulk Reviews Upload API (Early Access)

BalkanID Access Reviews Upload CSV Format

Sample CSV 1

Sample CSV 2

Column Definitions

Upload the CSV file via the pre-signed URL

Request

Request samples

Responses

Bulk Reviews Upload API (Early Access)

BalkanID Access Reviews Upload CSV Format#

Sample CSV 1#

Sample CSV 2#

Column Definitions#

Upload the CSV file via the pre-signed URL#

Request

Request samples

Responses

BalkanID Access Reviews Upload CSV Format

Sample CSV 1

Sample CSV 2

Column Definitions

Upload the CSV file via the pre-signed URL