Control Owners

Control Owners are the Users responsible for Controls. They ensure the right evidence is associated, that any automated tests are passing, and help prepare for an audit.

List Control Owners

Find Control Owners matching the provided filters.

🔒 Requires Controls: Get Control permission.

Securitybearer
Request
path Parameters
controlId
required
number
workspaceId
required
number

The Workspace ID associated to the Account

query Parameters
cursor
string

This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results

size
number [ 1 .. 50 ]
Default: 20

Number of results to return

sort
string (SortTypeLimitedEnum)

Which field to sort by

Enum: "createdAt" "updatedAt"
sortDir
string (SortDirectionEnum)

The direction to sort the data

Enum: "ASC" "DESC"
frameworkSlug
string

Filter data by Users associated with this Control Requirement Framework slug

Example: frameworkSlug=soc2
includeUserIds[]
Array of numbers or null non-empty

User IDs of the Control Owners to return

Example: includeUserIds[]=1&includeUserIds[]=2&includeUserIds[]=3
excludeUserIds
Array of numbers

User IDs of the Control Owners to exclude

Example:
Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/workspaces/{workspaceId}/controls/{controlId}/owners
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": 1,
      • "email": "[email protected]",
      • "firstName": "Sally",
      • "lastName": "Smith",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "pagination": {
    • "cursor": "string"
    }
}
Modify Control Owners
Modify all Owners for a given Control


🔒 Requires Controls: Manage Control Owners permission.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
controlId
required
number
 
Request Body schema: application/json
required
ownerUserIds
required
Array of numbers
User IDs of the Control's owners


 
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


put/workspaces/{workspaceId}/controls/{controlId}/owners
Request samples 
application/json
{
  • "ownerUserIds": [
    • 1,
    • 2,
    • 3
    ]
}
Response samples 
application/json
{
  • "ownerIds": [
    • 0
    ]
}
Add Control Owner
🔒 Requires Controls: Manage Control Owners permission.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
controlId
required
number
 
Request Body schema: application/json
required
ownerId
required
number
Owner ID


 
Responses 
201
Created


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


post/workspaces/{workspaceId}/controls/{controlId}/owners
Request samples 
application/json
{
  • "ownerId": 56
}
Response samples 
application/json
{
  • "id": 1,
  • "email": "[email protected]",
  • "firstName": "Sally",
  • "lastName": "Smith",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z"
}
Delete Control Owner
🔒 Requires Controls: Manage Control Owners permission.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
controlId
required
number
 
ownerId
required
number
 
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


delete/workspaces/{workspaceId}/controls/{controlId}/owners/{ownerId}
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": 1,
      • "email": "[email protected]",
      • "firstName": "Sally",
      • "lastName": "Smith",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "pagination": {
    • "cursor": "string"
    }
}