IAM
Prisma Cloud identity and access management (IAM) security provides:
- Visiblity—Query all relevant IAM entities
- Gonvernance—Monitor your cloud environment for overly-used permissions
- Response—Automatically remediate permissions
The IAM security endpoints enable you to investigate IAM data programmatically.
For more information, see Primsa Cloud IAM Security . If you are upgraded to the Darwin release, see [Primsa Cloud IAM Security]https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/what-is-prisma-cloud-iam-security
Error Handling
Like other Prisma Cloud public API requests, the IAM security API requests return standard HTTP response codes. Unlike most other CSPM API error handling, IAM security API error responses do not include an x-redlock-status in the response header.
Pagination
You can control the number of items in a response for endpoints that support pagination. Use request parameter limit to control the maximum number of items in a response. If the response includes data.nextPageToken, use data.nextPageToken as the request parameter pageToken in a request for the next page of data.
The following table summarizes the request parameters for pagination:
| Request Parameter | Description |
|---|---|
| limit | Maximum number of items to return in a page. |
| pageToken | Use the data.nextPageToken value from the previous response object to return the next page of data. |
📄️ Get Permissions
Returns the results of a given [IAM query](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/iam-query.html).
📄️ Get Permissions Next Page
Given a request parameter **pageToken**, returns the next page of permissions data. You can find the value for **pageToken** from the response object of a previous request to [Get Permissions](/prisma-cloud/api/cspm/get-permissions-with-post).
📄️ Get Permission Accesses
Given a permission ID and an
📄️ Get Permissions Access Next Page
Given a request parameter **pageToken**, returns the next page of permissions data.
📄️ Get Remediation
Returns a list of remediations for the specified alert IDs.
📄️ Get IAM Query
Returns the IAM query for the specified alert ID.
📄️ Get Query Suggestions
Given a partial IAM query, returns suggestions to append to your query either to create a complete valid IAM query or to build a further partial query. Also indicates whether or not the query you input is already a valid IAM query.
📄️ Get Permissions V3
Returns a page of permissions and a page token for the next page if applicable
📄️ Get Permissions V4
Returns permissions grouped by requested fields and a page token for the next page if applicable.
📄️ Get Permission Accesses V3
Returns a page of permission's last acceses and a page token for the next page if applicable
📄️ Get Query Suggestions V2
Suggest auto completion for RQL and notify whether the current RQL is valid or not
📄️ Get Permissions Role or Policy Definition V2
Returns the raw config (policy/role definition) which the permission was calculated from
📄️ Get Cloud Identity Inventory (CII) Resource Related Assets
Get assets related to Cloud Identity Inventory (CII) resource.
📄️ Get Remediation Command
Get remediation command for an alert
📄️ Get IAM Query V2
Returns the query associated with an alert instance
📄️ Get Least Privilege Access Metadata of an Asset
Return a metadata and info about the improvement potential for an assert of Least Privilege Access.
📄️ Get Existing Least Privilege Access Suggestions for an Asset
Suggest least privileged access from existing resources according to the asset. This configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days
📄️ Get New Least Privilege Access Suggestions for an Asset
Generate Custom least privileged access configuration for the asset. Applying this configuration will minimize the amount of policies/roles used while preserve all the actions used in the last specified last X days
📄️ Get Least Privilege Access Metadata of a Resource
Returns metadata describing whether an asset has potential for access optimization
📄️ Get Least Privilege Access Suggestions for a Resource
Suggest the least privileged access based on existing IAM configurations. This configuration will minimize the number of policies/roles used preserving all the actions used in the last specified X days.
📄️ Get New Least Privilege Access Suggestions for a Resource
Generate a custom least privileged access configuration for the resource. Applying this configuration will minimize the number of policies/roles used while preserving all the actions used in the last specified X days