Skip to main content
POST
/
controls
/
{controlId}
/
set-owner
Set owner of a control
curl --request POST \
  --url https://api.vanta.com/v1/controls/{controlId}/set-owner \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "userId": "<string>"
}
'
{
  "id": "a2f7e1b9d0c3f4e5a6c7b8d9",
  "externalId": "CRY-104",
  "name": "Data encryption utilized",
  "description": "Access reviews are performed to ensure that access is appropriate for the user's role and responsibilities.",
  "source": "Vanta",
  "domains": [
    "CRYPTOGRAPHIC_PROTECTIONS"
  ],
  "owner": {
    "id": "65e1efde08e8478f143a8ff9",
    "emailAddress": "example-person@email.com",
    "displayName": "Example Owner"
  },
  "role": "CONTROLLER",
  "customFields": [
    {
      "label": "Additional context",
      "value": "This control is critical for GDPR compliance"
    }
  ],
  "creationDate": null,
  "modificationDate": null
}

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

controlId
string
required

Body

application/json
userId
string | null
required

The new owner's ID.

Response

200 - application/json

Ok

id
string
required

The control's unique ID.

externalId
string | null
required

The control's external ID.

name
string
required

The control's name.

description
string
required

The control's description.

source
enum<string>
required

The control's source, either "VANTA" or "CUSTOM".

Available options:
Vanta,
Custom
domains
string[]
required

The security domains that the control belongs to.

owner
object
required

The control's owner.

customFields
object[]
required

The control's custom field values, if control custom fields is included in your Vanta instance.

creationDate
string<date-time> | null
required

When the control was created. Returns null for Vanta library controls.

modificationDate
string<date-time> | null
required

When the control was last modified. Returns null for Vanta library controls.

role
string | null

The control's GDPR role, if the control is a GDPR control.