# Get query spec nodes GetAssessmentQuerySpecNodes returns the entity details for nodes in the query without generating a result count. This option uses pagination and can be faster for complex queries where the total number of search results is not needed. The request must include the full query `spec` object and the `source_node_id` of the query result to retrieve destination nodes for. Additionally, providing a `snapshot_id` will return destination nodes based on a Time Machine snapshot. When specifying a `page_size` in the query string, responses will include the `next_page_token` and indicate `has_more` if additional results are available. Note that a page can be empty even when more results exist. {% openapi src="/files/Aco9gj4MY2XoNiD4zIjr" path="/api/v1/assessments/query\_spec:nodes" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-f5344805587160cf141bde637e04e03e2aa86778%2Fopenapi.yaml?alt=media) {% endopenapi %} Sample request: The following example searches for AWS IAM users with permissions to modify S3 bucket ACLs: ```bash curl -X 'POST' \ "$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \ -H "authorization: Bearer $VEZA_TOKEN" \ -d '{ "query_type": "SOURCE_TO_DESTINATION", "include_nodes": true, "source_node_types": { "nodes": [ { "node_type": "AwsIamUser" } ] }, "destination_node_types": { "nodes": [ { "node_type": "S3Bucket" } ] }, "no_relation": false, "raw_permissions": { "operator": "OR", "values": [ "s3:PutBucketAcl" ] } }' ``` Sample response: ```json { "values": [ { "id": "arn:aws:iam::877042069677:user/j.smith", "type": "AwsIamUser", "properties": { "aws_account_id": "877042069677", "created_at": "2021-11-15T15:14:47Z", "datasource_id": "877042069677:awsiam", "full_admin": true, "identity_unique_id": "j.smith", "last_used_at": "2023-05-25T00:00:00Z", "name": "j.smith", "password_last_used_at": "2023-05-25T00:00:00Z", "permission_boundary_controlled": false, "programmatic_access_count": 1, "programmatic_last_used_at": "2022-04-20T00:00:00Z", "provider_id": "877042069677", "root": false, "user_type": "" }, "destination_node_count": 25, "permissions": [], "engagement_access_stats": null, "access_stats": null, "destination_node_ids": [], "risk_level": "CRITICAL", "raw_permissions": [], "effective_permissions": [] } ], "path_values": [], "next_page_token": "eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjRmYWIxZDUyLWYzZjgtNGNkZS05MmVmLWVmZTc4OThlM2M2MCIsImlkIjoiYXJuOmF3czppYW06Ojg3NzA0MjA2OTY3Nzp1c2VyL2Fhcm9uLmJpbmZvcmQiLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZCJ9LCJMYXN0Ijp7ImR1cGxpY2F0aW9uX3Njb3BlX2lkIjoiNGZhYjFkNTItZjNmOC00Y2RlLTkyZWYtZWZlNzg5OGUzYzYwIiwiaWQiOiJhcm46YXdzOmlhbTo6ODc3MDQyMDY5Njc3OnVzZXIvYWFyb24uYmluZm9yZCIsImxvd2VyX25hbWUiOiJhYXJvbi5iaW5mb3JkIn19", "has_more": true } ``` Here is a more complex example, which identifies Okta Users related to Snowflake Local Roles. Using conditions, the query will only return users related to the `BILLING` group AND another group, either the `AUDITOR` role OR `ROLE_A` Request: ```bash curl -X 'POST' \ "$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \ -H "authorization: Bearer $VEZA_TOKEN" \ -d '{"query_type":"SOURCE_TO_DESTINATION","source_node_types":{"nodes":[{"node_type":"OktaUser","tags":[],"conditions":[],"condition_expression":null,"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"destination_node_types":null,"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":null,"customized_variables":[],"no_relation":false,"snapshot_id":"0","access_filter":null,"node_relationship_type":"EFFECTIVE_ACCESS","relates_to_exp":{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"},{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[],"operator":"OR","not":false,"and_op_type":"INFERRED"}],"operator":"AND","not":false,"and_op_type":"SOURCE_INTERSECT"},"path_summary_node_types":null,"all_entity_condition":null}' ``` Response: ```json {"values":[{"id":"00upfs3bV7G3ImWCL5d5","type":"OktaUser","properties":{"created_at":"2020-11-12T21:10:47Z","datasource_id":"dev-5150036.okta.com","email":"Simona_Morasca@cookiedemo.onmicrosoft.com","first_name":"Simona","idp_unique_id":"Simona_Morasca@cookiedemo.onmicrosoft.com","is_active":true,"last_name":"Morasca","login":"Simona_Morasca@cookiedemo.onmicrosoft.com","mfa_active":false,"name":"Simona_Morasca@cookiedemo.onmicrosoft.com","provider_id":"dev-5150036.okta.com","status":"STAGED","updated_at":"2020-11-12T21:10:47Z"},"destination_node_count":0,"permissions":[],"engagement_access_stats":null,"access_stats":null,"destination_node_ids":[],"risk_level":"CRITICAL","raw_permissions":[],"effective_permissions":[]}],"path_values":[],"next_page_token":"eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1Nmg4cnI2dkFzSUJqMW41ZDciLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZEB2ZXphdGVzdC5jb20ifSwiTGFzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1NTJzc3FldkozQ1d3QlM1ZDciLCJsb3dlcl9uYW1lIjoieXV3dUB2ZXphLmNvbSJ9fQ==","has_more":false} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/query-builder/getassessmentqueryspecnodes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.