...
GET /dataAccessSubmission/openSubmissions - Lists ARs that have open requests.
POST /accessRequirement/{requirementId}/submissions - Used to list the open requests for an AR.
PUT /dataAccessSubmission/{submissionId} - Approves or rejects a request.
DELETE /dataAccessSubmission/{submissionId} - Deletes a request.
POST /accessApproval - Used for both self-signed, and managed ARs. For managed ARs, only ACT is allowed.
POST /accessApproval/group - Used exclusively by ACT to list approved users.
POST /accessApproval/notifications - Used exclusively by ACT to list notification messages that have been sent to a recipients for particular ARs.
PUT /accessApproval/group/revoke - Used exclusively by ACT to revoke access to all approvals previously granted to a submitter on an AR.
DELETE /accessApproval - Used by either an individual to revoke their own access to an AR, or by ACT to revoke access to another user.
Proposed API Changes
It is clear that non-ACT users should not be granted global governance permissions in the same way as a member of the ACT. Instead, members of the ACT need a mechanism to limit the scope of the granted permissions to specific cases.
...