Save a query
CreateAssessmentQuery saves a new query with the specified conditions. See Query Parameters for all available constraints and options. To run a query without saving it, see the query spec operations.
Sample Request:
curl -X 'POST' \
"$BASE_URL/api/v1/assessments/queries" \
-H "authorization: Bearer $VEZA_TOKEN" \
--data-raw '{
"query_type": "SOURCE_TO_DESTINATION",
"source_node_types": {
"nodes": [
{
"node_type": "OktaUser",
"tags": [],
"conditions": [],
"condition_expression": null,
"node_id": "",
"excluded_tags": [],
"count_conditions": [],
"direct_relationship_only": false,
"node_type_grouping_constraint": null
}
],
"nodes_operator": "AND"
},
"destination_node_types": null,
"required_intermediate_node_types": null,
"avoided_intermediate_node_types": null,
"raw_permissions": null,
"effective_permissions": null,
"customized_variables": [],
"no_relation": false,
"snapshot_id": "0",
"access_filter": null,
"node_relationship_type": "EFFECTIVE_ACCESS",
"relates_to_exp": {
"specs": [
{
"node_types": {
"nodes": [
{
"node_type": "SnowflakeRole",
"tags": [],
"conditions": [],
"condition_expression": {
"specs": [
{
"fn": "EQ",
"property": "id",
"value": "dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING",
"not": false,
"value_property_name": "",
"value_property_from_other_node": false
}
],
"child_expressions": [],
"operator": "AND",
"not": false
},
"node_id": "",
"excluded_tags": [],
"count_conditions": [],
"direct_relationship_only": false,
"node_type_grouping_constraint": null
}
],
"nodes_operator": "AND"
},
"required_intermediate_node_types": null,
"avoided_intermediate_node_types": null,
"raw_permissions": null,
"effective_permissions": {
"values": [],
"operator": "OR"
},
"no_relation": false,
"direction": "ANY_DIRECTION"
}
],
"child_expressions": [
{
"specs": [
{
"node_types": {
"nodes": [
{
"node_type": "SnowflakeRole",
"tags": [],
"conditions": [],
"condition_expression": {
"specs": [
{
"fn": "EQ",
"property": "id",
"value": "dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR",
"not": false,
"value_property_name": "",
"value_property_from_other_node": false
}
],
"child_expressions": [],
"operator": "AND",
"not": false
},
"node_id": "",
"excluded_tags": [],
"count_conditions": [],
"direct_relationship_only": false,
"node_type_grouping_constraint": null
}
],
"nodes_operator": "AND"
},
"required_intermediate_node_types": null,
"avoided_intermediate_node_types": null,
"raw_permissions": null,
"effective_permissions": {
"values": [],
"operator": "OR"
},
"no_relation": false,
"direction": "ANY_DIRECTION"
},
{
"node_types": {
"nodes": [
{
"node_type": "SnowflakeRole",
"tags": [],
"conditions": [],
"condition_expression": {
"specs": [
{
"fn": "EQ",
"property": "id",
"value": "dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A",
"not": false,
"value_property_name": "",
"value_property_from_other_node": false
}
],
"child_expressions": [],
"operator": "AND",
"not": false
},
"node_id": "",
"excluded_tags": [],
"count_conditions": [],
"direct_relationship_only": false,
"node_type_grouping_constraint": null
}
],
"nodes_operator": "AND"
},
"required_intermediate_node_types": null,
"avoided_intermediate_node_types": null,
"raw_permissions": null,
"effective_permissions": {
"values": [],
"operator": "OR"
},
"no_relation": false,
"direction": "ANY_DIRECTION"
}
],
"child_expressions": [],
"operator": "OR",
"not": false,
"and_op_type": "INFERRED"
}
],
"operator": "AND",
"not": false,
"and_op_type": "SOURCE_INTERSECT"
},
"path_summary_node_types": null,
"all_entity_condition": null,
"page_size": "0",
"page_token": "",
"variables": [],
"name": "Okta Users to Snowflake Roles",
"description": "SoD",
"risk_level": "CRITICAL",
"labels": [
"another_new_label"
],
"visibility": "PRIVATE"
}'
Sample response:
A successful response returns the saved query id
, and full query specification in a value
object:
{"id":"c169c41c-2650-4f39-8930-f198f70f892b","value":{"id":"c169c41c-2650-4f39-8930-f198f70f892b","name":"Okta Users to Snowflake Roles","description":"SoD","result_type":"NUMBER","query_type":"SOURCE_TO_DESTINATION","raw_permissions":{"values":[],"operator":"AND"},"effective_permissions":{"values":[],"operator":"AND"},"variables":[],"source_node_types":{"nodes":[{"node_type":"OktaUser","tags":[],"conditions":[],"condition_expression":null,"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":{"nodes":[],"nodes_operator":"AND"},"avoided_intermediate_node_types":{"nodes":[],"nodes_operator":"AND"},"destination_node_types":{"nodes":[],"nodes_operator":"AND"},"no_relation":false,"access_filter":null,"created_by":"e3ac5e6a-1946-4688-82a7-8a607133a1c8","visibility":"PRIVATE","owners":["e3ac5e6a-1946-4688-82a7-8a607133a1c8"],"node_relationship_type":"EFFECTIVE_ACCESS","integration_types":["okta","snowflake"],"labels":["another_new_label"],"created_at":"2023-07-29T19:28:30.908762576Z","updated_at":"2023-07-29T19:28:30.908762576Z","source_type":"OktaUser","destination_types":["SnowflakeRole"],"relates_to_exp":{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"},{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[],"operator":"OR","not":false,"and_op_type":"INFERRED"}],"operator":"AND","not":false,"and_op_type":"SOURCE_INTERSECT"},"all_entity_condition":{"specs":[],"child_expressions":[],"operator":"AND","not":false},"risk_level":"CRITICAL","risk_suppressed_constraints":null,"analysis_type":"UNSET","result":0,"result_evaluated_at":null,"result_evaluated":false}}
Last updated