# TeleportAccessMonitoringRuleV1 This guide is a comprehensive reference to the fields in the `TeleportAccessMonitoringRuleV1` resource, which you can apply after installing the Teleport Kubernetes operator. ## resources.teleport.dev/v1 **apiVersion:** resources.teleport.dev/v1 | Field | Type | Description | | ---------- | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | apiVersion | string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: | | kind | string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: | | metadata | object | | | spec | [object](#spec) | AccessMonitoringRule resource definition v1 from Teleport | ### spec | Field | Type | Description | | ----------------- | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | automatic\_review | [object](#specautomatic_review) | automatic\_review defines automatic review configurations for Access Requests. Both notification and automatic\_review may be set within the same access\_monitoring\_rule. If both fields are set, the rule will trigger both notifications and automatic reviews for the same set of access events. Separate plugins may be used if both notifications and automatic\_reviews is set. | | condition | string | condition is a predicate expression that operates on the specified subject resources, and determines whether the subject will be moved into desired state. | | desired\_state | string | desired\_state defines the desired state of the subject. For Access Request subjects, the desired\_state may be set to `reviewed` to indicate that the Access Request should be automatically reviewed. | | notification | [object](#specnotification) | notification defines the plugin configuration for notifications if rule is triggered. Both notification and automatic\_review may be set within the same access\_monitoring\_rule. If both fields are set, the rule will trigger both notifications and automatic reviews for the same set of access events. Separate plugins may be used if both notifications and automatic\_reviews is set. | | schedules | [object](#specschedules) | schedules specifies a map of schedules that can be used to configure the access monitoring rule conditions. Available in Teleport v18.2.8 or higher. | | states | \[]string | states are the desired state which the monitoring rule is attempting to bring the subjects matching the condition to. | | subjects | \[]string | subjects the rule operates on, can be a resource kind or a particular resource property. | ### spec.automatic\_review | Field | Type | Description | | ----------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ | | decision | string | decision specifies the proposed state of the access review. This can be either 'APPROVED' or 'DENIED'. | | integration | string | integration is the name of the integration that is responsible for monitoring the rule. Set this value to `builtin` to monitor the rule with Teleport. | ### spec.notification | Field | Type | Description | | ---------- | --------- | ------------------------------------------------------------------------ | | name | string | name is the name of the plugin to which this configuration should apply. | | recipients | \[]string | recipients is the list of recipients the plugin should notify. | ### spec.schedules | Field | Type | Description | | ----- | ----------------------------- | ----------- | | key | string | | | value | [object](#specschedulesvalue) | | ### spec.schedules.value | Field | Type | Description | | ----- | --------------------------------- | ------------------------------------------- | | time | [object](#specschedulesvaluetime) | TimeSchedule specifies an in-line schedule. | ### spec.schedules.value.time | Field | Type | Description | | -------- | ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | shifts | \[][object](#specschedulesvaluetimeshifts-items) | Shifts contains a set of shifts that make up the schedule. | | timezone | string | Timezone specifies the schedule timezone. This field is optional and defaults to "UTC". Accepted values use timezone locations as defined in the IANA Time Zone Database, such as "America/Los\_Angeles", "Europe/Lisbon", or "Asia/Singapore". See for a list of supported values. | ### spec.schedules.value.time.shifts items | Field | Type | Description | | ------- | ------ | ----------- | | end | string | | | start | string | | | weekday | string | |