Save a query

CreateAssessmentQuery saves a new query with the specified conditions. See Query Parameters for all available constraints and options. To run a query without saving it, see the query spec operations.

Sample Request:

curl -X 'POST' \
"$BASE_URL/api/v1/assessments/queries" \
-H "authorization: Bearer $VEZA_TOKEN" \
--data-raw '{
  "query_type": "SOURCE_TO_DESTINATION",
  "source_node_types": {
    "nodes": [
      {
        "node_type": "OktaUser",
        "tags": [],
        "conditions": [],
        "condition_expression": null,
        "node_id": "",
        "excluded_tags": [],
        "count_conditions": [],
        "direct_relationship_only": false,
        "node_type_grouping_constraint": null
      }
    ],
    "nodes_operator": "AND"
  },
  "destination_node_types": null,
  "required_intermediate_node_types": null,
  "avoided_intermediate_node_types": null,
  "raw_permissions": null,
  "effective_permissions": null,
  "customized_variables": [],
  "no_relation": false,
  "snapshot_id": "0",
  "access_filter": null,
  "node_relationship_type": "EFFECTIVE_ACCESS",
  "relates_to_exp": {
    "specs": [
      {
        "node_types": {
          "nodes": [
            {
              "node_type": "SnowflakeRole",
              "tags": [],
              "conditions": [],
              "condition_expression": {
                "specs": [
                  {
                    "fn": "EQ",
                    "property": "id",
                    "value": "dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING",
                    "not": false,
                    "value_property_name": "",
                    "value_property_from_other_node": false
                  }
                ],
                "child_expressions": [],
                "operator": "AND",
                "not": false
              },
              "node_id": "",
              "excluded_tags": [],
              "count_conditions": [],
              "direct_relationship_only": false,
              "node_type_grouping_constraint": null
            }
          ],
          "nodes_operator": "AND"
        },
        "required_intermediate_node_types": null,
        "avoided_intermediate_node_types": null,
        "raw_permissions": null,
        "effective_permissions": {
          "values": [],
          "operator": "OR"
        },
        "no_relation": false,
        "direction": "ANY_DIRECTION"
      }
    ],
    "child_expressions": [
      {
        "specs": [
          {
            "node_types": {
              "nodes": [
                {
                  "node_type": "SnowflakeRole",
                  "tags": [],
                  "conditions": [],
                  "condition_expression": {
                    "specs": [
                      {
                        "fn": "EQ",
                        "property": "id",
                        "value": "dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR",
                        "not": false,
                        "value_property_name": "",
                        "value_property_from_other_node": false
                      }
                    ],
                    "child_expressions": [],
                    "operator": "AND",
                    "not": false
                  },
                  "node_id": "",
                  "excluded_tags": [],
                  "count_conditions": [],
                  "direct_relationship_only": false,
                  "node_type_grouping_constraint": null
                }
              ],
              "nodes_operator": "AND"
            },
            "required_intermediate_node_types": null,
            "avoided_intermediate_node_types": null,
            "raw_permissions": null,
            "effective_permissions": {
              "values": [],
              "operator": "OR"
            },
            "no_relation": false,
            "direction": "ANY_DIRECTION"
          },
          {
            "node_types": {
              "nodes": [
                {
                  "node_type": "SnowflakeRole",
                  "tags": [],
                  "conditions": [],
                  "condition_expression": {
                    "specs": [
                      {
                        "fn": "EQ",
                        "property": "id",
                        "value": "dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A",
                        "not": false,
                        "value_property_name": "",
                        "value_property_from_other_node": false
                      }
                    ],
                    "child_expressions": [],
                    "operator": "AND",
                    "not": false
                  },
                  "node_id": "",
                  "excluded_tags": [],
                  "count_conditions": [],
                  "direct_relationship_only": false,
                  "node_type_grouping_constraint": null
                }
              ],
              "nodes_operator": "AND"
            },
            "required_intermediate_node_types": null,
            "avoided_intermediate_node_types": null,
            "raw_permissions": null,
            "effective_permissions": {
              "values": [],
              "operator": "OR"
            },
            "no_relation": false,
            "direction": "ANY_DIRECTION"
          }
        ],
        "child_expressions": [],
        "operator": "OR",
        "not": false,
        "and_op_type": "INFERRED"
      }
    ],
    "operator": "AND",
    "not": false,
    "and_op_type": "SOURCE_INTERSECT"
  },
  "path_summary_node_types": null,
  "all_entity_condition": null,
  "page_size": "0",
  "page_token": "",
  "variables": [],
  "name": "Okta Users to Snowflake Roles",
  "description": "SoD",
  "risk_level": "CRITICAL",
  "labels": [
    "another_new_label"
  ],
  "visibility": "PRIVATE"
}'

Sample response:

A successful response returns the saved query id, and full query specification in a value object:

{"id":"c169c41c-2650-4f39-8930-f198f70f892b","value":{"id":"c169c41c-2650-4f39-8930-f198f70f892b","name":"Okta Users to Snowflake Roles","description":"SoD","result_type":"NUMBER","query_type":"SOURCE_TO_DESTINATION","raw_permissions":{"values":[],"operator":"AND"},"effective_permissions":{"values":[],"operator":"AND"},"variables":[],"source_node_types":{"nodes":[{"node_type":"OktaUser","tags":[],"conditions":[],"condition_expression":null,"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":{"nodes":[],"nodes_operator":"AND"},"avoided_intermediate_node_types":{"nodes":[],"nodes_operator":"AND"},"destination_node_types":{"nodes":[],"nodes_operator":"AND"},"no_relation":false,"access_filter":null,"created_by":"e3ac5e6a-1946-4688-82a7-8a607133a1c8","visibility":"PRIVATE","owners":["e3ac5e6a-1946-4688-82a7-8a607133a1c8"],"node_relationship_type":"EFFECTIVE_ACCESS","integration_types":["okta","snowflake"],"labels":["another_new_label"],"created_at":"2023-07-29T19:28:30.908762576Z","updated_at":"2023-07-29T19:28:30.908762576Z","source_type":"OktaUser","destination_types":["SnowflakeRole"],"relates_to_exp":{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"},{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[],"operator":"OR","not":false,"and_op_type":"INFERRED"}],"operator":"AND","not":false,"and_op_type":"SOURCE_INTERSECT"},"all_entity_condition":{"specs":[],"child_expressions":[],"operator":"AND","not":false},"risk_level":"CRITICAL","risk_suppressed_constraints":null,"analysis_type":"UNSET","result":0,"result_evaluated_at":null,"result_evaluated":false}}

Last updated