Get Permissions V3

POST 
/iam/api/v3/search/permission

Returns a page of permissions and a page token for the next page if applicable

Request

Query Parameters

limit int32
Query records limit
Example: 5

application/json

Body

required

query stringrequired

RQL query

id string

An optional saved search id. If not provided, a new saved search will be created.

nextPageToken string

Page Token

Responses

200

OK

application/json

Schema

Schema

data object

items object[]

items list

Array [

id string

Message id

sourcePublic boolean

Is source public

sourceCloudType string

Source cloud type

sourceCloudAccount string

Source cloud account

sourceCloudRegion string

Source cloud region

sourceCloudServiceName string

Source cloud service name

sourceResourceName string

Source cloud resource name

sourceResourceType string

Source cloud resource type

sourceResourceId string

Source cloud resource id

sourceIdpService string

Source IDP service

sourceIdpDomain string

Source IDP domain

sourceIdpEmail string

Source IDP email

sourceIdpUsername string

Source IDP user name

sourceIdpGroup string

Source IDP group

sourceIdpRrn string

Source idp RRN

sourceIdpUai string

Source idp UAI

sourceCloudResourceRrn string

Source cloud resource RRN

sourceCloudResourceUai string

Source cloud resource UAI

destCloudType string

Destination cloud type

destCloudAccount string

Destination cloud account

destCloudRegion string

Destination cloud region

destCloudServiceName string

Destination cloud service name

destResourceName string

Destination cloud resource name

destResourceType string

Destination cloud resource type

destResourceId string

Destination cloud resource id

destCloudResourceRrn string

Destination cloud resource RRN

destCloudResourceUai string

Destination cloud resource UAI

effectiveActionName string

Effective action name

grantedByCloudType string

Granted by cloud type

grantedByCloudPolicyId string

Granted by cloud policy Id

grantedByCloudPolicyName string

Granted by cloud policy name

grantedByCloudPolicyType string

Granted by cloud policy type

grantedByCloudPolicyRrn string

Granted by cloud policy rrn

grantedByCloudPolicyUai string

Granted by cloud policy UAI

grantedByCloudEntityId string

Granted by cloud entity id

grantedByCloudEntityName string

Granted by cloud entity name

grantedByCloudEntityType string

Granted by cloud entity type

accessedResourcesCount int64

Accessed resource count

lastAccessDate string

Last accessed data

lastAccessStatus string

Last accessed status

grantedByCloudEntityRrn string

Granted by cloud entity rrn

grantedByCloudEntityUai string

Granted by cloud entity UAI

isWildCardDestCloudResourceName boolean

Is destination cloud resource name a wildcard

exceptions object[]

Permission exception list

Array [

messageCode string

Message code

]

grantedByLevelType string

Granted by level type

grantedByLevelId string

Granted by level id

grantedByLevelName string

Granted by level name

grantedByLevelRrn string

Granted by level rrn

grantedByLevelUai string

Granted by level UAI

]

nextPageToken string

Next page token

totalRows int64

Total rows count

searchedDestCloudResourceNames string[]

Searched destination cloud resource names

query string

Query string

id string

Request user Id

saved boolean

Is search saved

name string

Search name

timeRange object
The time range which the query run at to generate the alert
type stringrequired
searchType string

Search type

description string

Search description

cloudType string

Cloud Type

Example (from schema)

{
  "data": {
    "items": [
      {
        "id": "13",
        "sourcePublic": false,
        "sourceCloudType": "AWS",
        "sourceCloudAccount": "123456789",
        "sourceCloudRegion": "AWS London",
        "sourceCloudServiceName": "iam",
        "sourceResourceName": "john",
        "sourceResourceType": "user",
        "sourceResourceId": "arn:aws:iam::111111:user/john",
        "sourceIdpService": "string",
        "sourceIdpDomain": "string",
        "sourceIdpEmail": "string",
        "sourceIdpUsername": "string",
        "sourceIdpGroup": "string",
        "sourceIdpRrn": "rrn::other::idp-account-id::idp-user-id",
        "sourceIdpUai": "681390424b288d835f5cd03e7bfb0993",
        "sourceCloudResourceRrn": "rrn::iamUser::123456789012::AIDAIDAIDAIDAIDAIDAID",
        "sourceCloudResourceUai": "681390624b288d835f4cd03e7bfb0994",
        "destCloudType": "AWS",
        "destCloudAccount": "123456789",
        "destCloudRegion": "AWS London",
        "destCloudServiceName": "iam",
        "destResourceName": "john",
        "destResourceType": "user",
        "destResourceId": "arn:aws:iam::111111:user/john",
        "destCloudResourceRrn": "rrn::other:eu-west-2:123456789012::my-function",
        "destCloudResourceUai": "181390424b298d835f4cd03e7bfb0991",
        "effectiveActionName": "string",
        "grantedByCloudType": "AWS",
        "grantedByCloudPolicyId": "arn:aws:iam::aws:policy/aws-policy",
        "grantedByCloudPolicyName": "my-policy",
        "grantedByCloudPolicyType": "Customer Managed Policy",
        "grantedByCloudPolicyRrn": "rrn::iamPolicy::123456789012::arn:aws:iam:eu-west-2",
        "grantedByCloudPolicyUai": "771390424b298d835f4cd03e7bfb0232",
        "grantedByCloudEntityId": "arn:aws:iam::<account>:role/my-role",
        "grantedByCloudEntityName": "my-role",
        "grantedByCloudEntityType": "user",
        "accessedResourcesCount": 0,
        "lastAccessDate": "string",
        "lastAccessStatus": "string",
        "grantedByCloudEntityRrn": "rrn::other::123456789:AIDAIDAIDAIDAIDAIDAID",
        "grantedByCloudEntityUai": "223390424b298d835f4cd03e7bfb0111",
        "isWildCardDestCloudResourceName": false,
        "exceptions": [
          [
            {
              "messageCode": "LIMITED_BY_DENY_STATEMENT"
            }
          ]
        ],
        "grantedByLevelType": "GCP Folder",
        "grantedByLevelId": "level_id",
        "grantedByLevelName": "level_name",
        "grantedByLevelRrn": "level_rrn",
        "grantedByLevelUai": "123390424cb99d835f4cd03e7bfb0991"
      }
    ],
    "nextPageToken": "iam/api/{apiVersion}/{apiPath}?page-token=Q74589g444gg",
    "totalRows": 1243,
    "searchedDestCloudResourceNames": []
  },
  "query": "config from iam where ...",
  "id": "111111",
  "saved": true,
  "name": "search-name",
  "timeRange": "{''type': 'relative', 'value': {'unit': 'day', 'amount': 7} }",
  "searchType": "search-type",
  "description": "search-description",
  "cloudType": "aws"
}

400

Bad request

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

401

Unauthorized

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

403

Forbidden

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

404

Not found

application/json

Schema

Schema

error object
code stringrequired
message stringrequired
target string
details string[]
innerError

Example (from schema)

{
  "error": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      "string"
    ]
  }
}

429

Throttled

Response Headers

• X-RateLimit-Remaining integer
• X-RateLimit-Requested-Tokens integer
• X-RateLimit-Burst-Capacity integer
• X-RateLimit-Replenish-Rate integer

Loading...