Get Permissions

POST 
/api/v1/permission

Returns the results of a given IAM query.

If you set the Accept request header to appliation/json, the response object contains an array of items with permissions data.

The request parameter limit determines the number of items—for example, permissions—in the response object. If the amount of available data is greater than the specified limit, use the response object attribute data.nextPageToken as the request parameter pageToken in Get Permissions Next Page to request the next page of data.

If you set the Accept request header to text/csv, the response is a CSV that contains permissions details.

Request

application/json

Body

required

Model for Permission Search Request DTO

id string

Request user Id

limit int32required

Maximun number of items to return for the given query

query stringrequired

IAM RQL query

Responses

200

OK

application/json

Schema

Schema

data object

Model for Permission Search Result Data DTO

items object[]

Requested permissions list

Array [

accessedResourcesCount int64

Accessed resource count

destCloudAccount string

Destination cloud account

destCloudRegion string

Destination cloud region

destCloudResourceRrn string

Destination cloud resource RRN

destCloudServiceName string

Destination cloud service name

destCloudType string

Destination cloud type

destResourceId string

Destination cloud resource id

destResourceName string

Destination cloud resource name

destResourceType string

Destination cloud resource type

effectiveActionName string

Effective action name

exceptions object[]

Permission exception list

Array [

messageCode string

Message code

]

grantedByCloudEntityId string

Granted by cloud entity id

grantedByCloudEntityName string

Granted by cloud entity name

grantedByCloudEntityRrn string

Granted by cloud entity rrn

grantedByCloudEntityType string

Granted by cloud entity type

grantedByCloudPolicyId string

Granted by cloud policy Id

grantedByCloudPolicyName string

Granted by cloud policy name

grantedByCloudPolicyRrn string

Granted by cloud policy rrn

grantedByCloudPolicyType string

Granted by cloud policy type

grantedByCloudType string

Granted by cloud type

id string

Message id

isWildCardDestCloudResourceName boolean

Is destination cloud resource name a wildcard

lastAccessDate string

Last accessed data

sourceCloudAccount string

Source cloud account

sourceCloudRegion string

Source cloud region

sourceCloudResourceRrn string

Source cloud resource RRN

sourceCloudServiceName string

Source cloud service name

sourceCloudType string

Source cloud type

sourceIdpDomain string

Source IDP domain

sourceIdpEmail string

Source IDP email

sourceIdpGroup string

Source IDP group

sourceIdpRrn string

Source idp RRN

sourceIdpService string

Possible values: [AZURE_AD, OKTA, UNKNOWN]

Source IDP service

sourceIdpUsername string

Source IDP user name

sourcePublic boolean

Is source public

sourceResourceId string

Source cloud resource id

sourceResourceName string

Source cloud resource name

sourceResourceType string

Source cloud resource type

]

nextPageToken string

Next page token

searchedDestCloudResourceNames string[]

Searched destination cloud resource names

totalRows int64

Total row count

description string

Search description

id string

Request user Id

name string

Search name

query string

Query string

saved boolean

Is search saved

searchType string

Search type

timeRange object

Model for Time Range DTO

type string

Time range type

value string

Time range value

Example (from schema)

{
  "data": {
    "items": [
      {
        "accessedResourcesCount": 0,
        "destCloudAccount": "123456789",
        "destCloudRegion": "AWS London",
        "destCloudResourceRrn": "rrn::other:eu-west-2:123456789012::my-function",
        "destCloudServiceName": "iam",
        "destCloudType": "AWS",
        "destResourceId": "arn:aws:iam::111111:user/john",
        "destResourceName": "john",
        "destResourceType": "user",
        "effectiveActionName": "string",
        "exceptions": [
          {
            "messageCode": "LIMITED_BY_DENY_STATEMENT"
          }
        ],
        "grantedByCloudEntityId": "arn:aws:iam::<account>:role/my-role",
        "grantedByCloudEntityName": "my-role",
        "grantedByCloudEntityRrn": "rrn::other::123456789:AIDAIDAIDAIDAIDAIDAID",
        "grantedByCloudEntityType": "user",
        "grantedByCloudPolicyId": "arn:aws:iam::aws:policy/aws-policy",
        "grantedByCloudPolicyName": "my-policy",
        "grantedByCloudPolicyRrn": "rrn::iamPolicy::123456789012::arn:aws:iam:eu-west-2",
        "grantedByCloudPolicyType": "Customer Managed Policy",
        "grantedByCloudType": "AWS",
        "id": "13",
        "isWildCardDestCloudResourceName": false,
        "lastAccessDate": "string",
        "sourceCloudAccount": "123456789",
        "sourceCloudRegion": "AWS London",
        "sourceCloudResourceRrn": "rrn::iamUser::123456789012::AIDAIDAIDAIDAIDAIDAID",
        "sourceCloudServiceName": "iam",
        "sourceCloudType": "AWS",
        "sourceIdpDomain": "string",
        "sourceIdpEmail": "string",
        "sourceIdpGroup": "string",
        "sourceIdpRrn": "rrn::other::idp-account-id::idp-user-id",
        "sourceIdpService": "AZURE_AD",
        "sourceIdpUsername": "string",
        "sourcePublic": false,
        "sourceResourceId": "arn:aws:iam::111111:user/john",
        "sourceResourceName": "john",
        "sourceResourceType": "user"
      }
    ],
    "nextPageToken": "++fdfkjsdlfsdfdFDSFDFSDFdfdssfdFDS",
    "searchedDestCloudResourceNames": [],
    "totalRows": 1243
  },
  "description": "search-description",
  "id": "111111",
  "name": "search-name",
  "query": "config from iam where ...",
  "saved": true,
  "searchType": "search-type",
  "timeRange": {
    "type": "to_now",
    "value": "epoch"
  }
}

text/csv

Schema

Schema

string

201

Created

401

Unauthorize

403

Forbidden

404

Not Found

Loading...