Get query spec nodes
GetAssessmentQuerySpecNodes returns the entity details for nodes in the query without generating a result count. This option uses pagination and can be faster for complex queries where the total number of search results is not needed.
The request must include the full query spec
object and the source_node_id
of the query result to retrieve destination nodes for. Additionally, providing a snapshot_id
will return destination nodes based on a Time Machine snapshot.
When specifying a page_size
in the query string, responses will include the next_page_token
and indicate has_more
if additional results are available. Note that a page can be empty even when more results exist.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
Valid ordering options are destination_node_count ASC/DESC and risk_score ASC/DESC. Note: These options are used for ordering source nodes only.
when the specified filter would include all numeric values (ie >= 0 or <= 100), results will also include rows which have no OPS available (nulls)
A boolean expression describing the "relates to" types.
Can be used when path_summary_node_types are set to specify the path length
These fields control whether or not tags will be included in source and/or destination results
Allows FE to Alert BE if permissions are being displayed to the user
Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.
This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
POST /api/v1/assessments/query_spec:nodes HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 7942
{
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"destination_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"snapshot_id": "text",
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2025-08-05T01:16:05.859Z",
"target": 1,
"relative_timevar_value": "text"
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": [
{
"node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1
}
],
"child_expressions": [
{
"specs": [
{
"node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true,
"and_op_type": 1
}
],
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"all_entity_condition": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
{
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
{
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true
}
],
"operator": 1,
"not": true
}
],
"operator": 1,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"result_value_type": 1,
"include_all_source_tags_in_results": true,
"include_all_destination_tags_in_results": true,
"additional_columns_to_get": [
1
],
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": {
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
},
"as": "text"
}
],
"outlier_detection": {
"type": 1
},
"include_associated_risks": true,
"risks_filter": "text"
},
"include_sub_permissions": true,
"include_permissions_summary": true,
"page_size": "text",
"page_token": "text"
}
{
"values": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
],
"path_values": [
{
"source": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
},
"abstract_permissions": [
"text"
],
"concrete_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
},
"path_summary_nodes": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
],
"results_truncated": true,
"filtered_concrete_permissions": [
"text"
],
"corresponding_abstract_permissions": [
"text"
],
"filtered_concrete_permission_groups": [
{
"permissions": [
"text"
]
}
],
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
},
"additional_path_properties": {
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
}
}
],
"approx_total_source_nodes_count": "text",
"next_page_token": "text",
"has_more": true
}
Sample request:
The following example searches for AWS IAM users with permissions to modify S3 bucket ACLs:
curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{
"query_type": "SOURCE_TO_DESTINATION",
"include_nodes": true,
"source_node_types": {
"nodes": [
{
"node_type": "AwsIamUser"
}
]
},
"destination_node_types": {
"nodes": [
{
"node_type": "S3Bucket"
}
]
},
"no_relation": false,
"raw_permissions": {
"operator": "OR",
"values": [
"s3:PutBucketAcl"
]
}
}'
Sample response:
{
"values": [
{
"id": "arn:aws:iam::877042069677:user/j.smith",
"type": "AwsIamUser",
"properties": {
"aws_account_id": "877042069677",
"created_at": "2021-11-15T15:14:47Z",
"datasource_id": "877042069677:awsiam",
"full_admin": true,
"identity_unique_id": "j.smith",
"last_used_at": "2023-05-25T00:00:00Z",
"name": "j.smith",
"password_last_used_at": "2023-05-25T00:00:00Z",
"permission_boundary_controlled": false,
"programmatic_access_count": 1,
"programmatic_last_used_at": "2022-04-20T00:00:00Z",
"provider_id": "877042069677",
"root": false,
"user_type": ""
},
"destination_node_count": 25,
"permissions": [],
"engagement_access_stats": null,
"access_stats": null,
"destination_node_ids": [],
"risk_level": "CRITICAL",
"raw_permissions": [],
"effective_permissions": []
}
],
"path_values": [],
"next_page_token": "eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjRmYWIxZDUyLWYzZjgtNGNkZS05MmVmLWVmZTc4OThlM2M2MCIsImlkIjoiYXJuOmF3czppYW06Ojg3NzA0MjA2OTY3Nzp1c2VyL2Fhcm9uLmJpbmZvcmQiLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZCJ9LCJMYXN0Ijp7ImR1cGxpY2F0aW9uX3Njb3BlX2lkIjoiNGZhYjFkNTItZjNmOC00Y2RlLTkyZWYtZWZlNzg5OGUzYzYwIiwiaWQiOiJhcm46YXdzOmlhbTo6ODc3MDQyMDY5Njc3OnVzZXIvYWFyb24uYmluZm9yZCIsImxvd2VyX25hbWUiOiJhYXJvbi5iaW5mb3JkIn19",
"has_more": true
}
Here is a more complex example, which identifies Okta Users related to Snowflake Local Roles.
Using conditions, the query will only return users related to the BILLING
group AND another group, either the AUDITOR
role OR ROLE_A
Request:
curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{"query_type":"SOURCE_TO_DESTINATION","source_node_types":{"nodes":[{"node_type":"OktaUser","tags":[],"conditions":[],"condition_expression":null,"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"destination_node_types":null,"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":null,"customized_variables":[],"no_relation":false,"snapshot_id":"0","access_filter":null,"node_relationship_type":"EFFECTIVE_ACCESS","relates_to_exp":{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"},{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[],"operator":"OR","not":false,"and_op_type":"INFERRED"}],"operator":"AND","not":false,"and_op_type":"SOURCE_INTERSECT"},"path_summary_node_types":null,"all_entity_condition":null}'
Response:
{"values":[{"id":"00upfs3bV7G3ImWCL5d5","type":"OktaUser","properties":{"created_at":"2020-11-12T21:10:47Z","datasource_id":"dev-5150036.okta.com","email":"[email protected]","first_name":"Simona","idp_unique_id":"[email protected]","is_active":true,"last_name":"Morasca","login":"[email protected]","mfa_active":false,"name":"[email protected]","provider_id":"dev-5150036.okta.com","status":"STAGED","updated_at":"2020-11-12T21:10:47Z"},"destination_node_count":0,"permissions":[],"engagement_access_stats":null,"access_stats":null,"destination_node_ids":[],"risk_level":"CRITICAL","raw_permissions":[],"effective_permissions":[]}],"path_values":[],"next_page_token":"eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1Nmg4cnI2dkFzSUJqMW41ZDciLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZEB2ZXphdGVzdC5jb20ifSwiTGFzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1NTJzc3FldkozQ1d3QlM1ZDciLCJsb3dlcl9uYW1lIjoieXV3dUB2ZXphLmNvbSJ9fQ==","has_more":false}
Last updated
Was this helpful?