Get Permissions V4

POST 
/iam/api/v4/search/permission

Returns permissions grouped by requested fields and a page token for the next page if applicable.

Request

Query Parameters

limit int32
Query records limit
Example: 100

application/json

Body

required

query stringrequired

RQL query

searchId string

Saved search id

nextPageToken string

Page Token

groupByFields string[]

Possible values: [source, sourceCloudAccount, grantedByEntity, entityCloudAccount, grantedByPolicy, policyCloudAccount, grantedByLevel, action, destination, destCloudAccount, lastAccess]

Fields to group results by. Empty or missing array is considered the same as an array with all possible fields

Responses

200

OK

application/json

Schema

Schema

data object

items object[]

items list

Array [

id string

Message id

sourcePublic boolean

Is source public

sourceCloudType string

Source cloud type

sourceCloudAccount string

Source cloud account

sourceCloudRegion string

Source cloud region

sourceCloudServiceName string

Source cloud service name

sourceResourceName string

Source cloud resource name

sourceResourceType string

Source cloud resource type

sourceResourceId string

Source cloud resource id

sourceCloudResourceUai string

Source cloud resource UAI

sourceIdpService string

Source IDP service

sourceIdpDomain string

Source IDP domain

sourceIdpEmail string

Source IDP email

sourceIdpUserId string

Source IDP user id

sourceIdpUsername string

Source IDP user name

sourceIdpGroup string

Source IDP group

sourceIdpUai string

Source idp UAI

destCloudType string

Destination cloud type

destCloudAccount string

Destination cloud account

destCloudRegion string

Destination cloud region

destCloudServiceName string

Destination cloud service name

destResourceName string

Destination cloud resource name

destResourceType string

Destination cloud resource type

destResourceId string

Destination cloud resource id

destCloudResourceUai string

Destination cloud resource UAI

grantedByCloudType string

Granted by cloud type

grantedByCloudPolicyId string

Granted by cloud policy Id

grantedByCloudPolicyName string

Granted by cloud policy name

grantedByCloudPolicyType string

Granted by cloud policy type

grantedByCloudPolicyUai string

Granted by cloud policy UAI

grantedByCloudPolicyAccount string

Granted by cloud policy account

grantedByCloudEntityId string

Granted by cloud entity id

grantedByCloudEntityName string

Granted by cloud entity name

grantedByCloudEntityType string

Granted by cloud entity type

grantedByCloudEntityAccount string

Granted by cloud entity account

grantedByCloudEntityUai string

Granted by cloud entity UAI

grantedByLevelType string

Granted by level type

grantedByLevelId string

Granted by level id

grantedByLevelName string

Granted by level name

grantedByLevelUai string

Granted by level UAI

lastAccessDate string

Last accessed data

lastAccessStatus string

Possible values: [NOT_AVAILABLE, NOT_ACCESSED_IN_TRACKING_PERIOD, ACCESSED]

Last accessed status

accessedResourcesCount int64

Accessed resource count

effectiveActionName string

Effective action name

exceptions object[]

Permission exception list

Array [

messageCode string

Message code

]

wildCardDestCloudResourceName boolean

]

nextPageToken string

Next page token

totalRows int64

Total rows count

searchedDestCloudResourceNames string[]

Searched destination cloud resource names

query string

Query string

id string

Request user Id

saved boolean

Is search saved

name string

Search name

timeRange object

The time range which the query run at to generate the alert

searchType string

Search type

description string

Search description

cloudType string

Cloud Type

Example (from schema)

{
  "data": {
    "items": [
      {
        "id": "13",
        "sourcePublic": false,
        "sourceCloudType": "AWS",
        "sourceCloudAccount": "123456789",
        "sourceCloudRegion": "AWS London",
        "sourceCloudServiceName": "iam",
        "sourceResourceName": "john",
        "sourceResourceType": "user",
        "sourceResourceId": "arn:aws:iam::111111:user/john",
        "sourceCloudResourceUai": "681390624b288d835f4cd03e7bfb0994",
        "sourceIdpService": "AWS Identity Center",
        "sourceIdpDomain": "idp.com",
        "sourceIdpEmail": "idp@email.com",
        "sourceIdpUserId": "123456789",
        "sourceIdpUsername": "idp-user",
        "sourceIdpGroup": "IdpGroup",
        "sourceIdpUai": "681390424b288d835f5cd03e7bfb0993",
        "destCloudType": "AWS",
        "destCloudAccount": "123456789",
        "destCloudRegion": "AWS London",
        "destCloudServiceName": "iam",
        "destResourceName": "john",
        "destResourceType": "user",
        "destResourceId": "arn:aws:iam::111111:user/john",
        "destCloudResourceUai": "181390424b298d835f4cd03e7bfb0991",
        "grantedByCloudType": "AWS",
        "grantedByCloudPolicyId": "arn:aws:iam::aws:policy/aws-policy",
        "grantedByCloudPolicyName": "my-policy",
        "grantedByCloudPolicyType": "Customer Managed Policy",
        "grantedByCloudPolicyUai": "771390424b298d835f4cd03e7bfb0232",
        "grantedByCloudPolicyAccount": "123456789",
        "grantedByCloudEntityId": "arn:aws:iam::<account>:role/my-role",
        "grantedByCloudEntityName": "my-role",
        "grantedByCloudEntityType": "user",
        "grantedByCloudEntityAccount": "123456789",
        "grantedByCloudEntityUai": "223390424b298d835f4cd03e7bfb0111",
        "grantedByLevelType": "GCP Folder",
        "grantedByLevelId": "level_id",
        "grantedByLevelName": "level_name",
        "grantedByLevelUai": "123390424cb99d835f4cd03e7bfb0991",
        "lastAccessDate": "2024-01-02",
        "lastAccessStatus": "ACCESSED",
        "accessedResourcesCount": 12,
        "effectiveActionName": "sso:ListApplications",
        "exceptions": [
          {
            "messageCode": "LIMITED_BY_DENY_STATEMENT"
          }
        ],
        "wildCardDestCloudResourceName": true
      }
    ],
    "nextPageToken": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg",
    "totalRows": 1243,
    "searchedDestCloudResourceNames": []
  },
  "query": "config from iam where ...",
  "id": "111111",
  "saved": true,
  "name": "search-name",
  "timeRange": "{''type': 'relative', 'value': {'unit': 'day', 'amount': 7} }",
  "searchType": "search-type",
  "description": "search-description",
  "cloudType": "aws"
}

400

Bad request

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

401

Unauthorized

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

403

Forbidden

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

404

Not found

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

429

Throttled

Response Headers

• X-RateLimit-Remaining integer
• X-RateLimit-Requested-Tokens integer
• X-RateLimit-Burst-Capacity integer
• X-RateLimit-Replenish-Rate integer

Loading...