Get query spec nodes
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
GetAssessmentQuerySpecNodes returns the entity details for nodes in the query without generating a result count. This option uses pagination and can be faster for complex queries where the total number of search results is not needed.
The request must include the full query spec
object and the source_node_id
of the query result to retrieve destination nodes for. Additionally, providing a snapshot_id
will return destination nodes based on a Time Machine snapshot.
When specifying a page_size
in the query string, responses will include the next_page_token
and indicate has_more
if additional results are available. Note that a page can be empty even when more results exist.
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
Valid ordering options are destination_node_count ASC/DESC and risk_score ASC/DESC. Note: These options are used for ordering source nodes only.
when the specified filter would include all numeric values (ie >= 0 or <= 100), results will also include rows which have no OPS available (nulls)
A boolean expression describing the "relates to" types.
Can be used when path_summary_node_types are set to specify the path length
These fields control whether or not tags will be included in source and/or destination results
Allows FE to Alert BE if permissions are being displayed to the user
Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.
This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
The token specifying the specific page of results to retrieve.
OK
Default error response
POST /api/v1/assessments/query_spec:nodes HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 7970
{
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"destination_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"snapshot_id": "text",
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2025-08-26T02:27:36.919Z",
"target": 1,
"relative_timevar_value": "text"
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": [
{
"node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1,
"path_type": 1
}
],
"child_expressions": [
{
"specs": [
{
"node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1,
"path_type": 1
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true,
"and_op_type": 1
}
],
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"all_entity_condition": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
{
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
{
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true
}
],
"operator": 1,
"not": true
}
],
"operator": 1,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"result_value_type": 1,
"include_all_source_tags_in_results": true,
"include_all_destination_tags_in_results": true,
"additional_columns_to_get": [
1
],
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": {
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
},
"as": "text"
}
],
"outlier_detection": {
"type": 1
},
"include_associated_risks": true,
"risks_filter": "text"
},
"include_sub_permissions": true,
"include_permissions_summary": true,
"page_size": "text",
"page_token": "text"
}
{
"values": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-26T02:27:36.919Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-26T02:27:36.919Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
],
"path_values": [
{
"source": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-26T02:27:36.919Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-26T02:27:36.919Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
},
"abstract_permissions": [
"text"
],
"concrete_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-26T02:27:36.919Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-26T02:27:36.919Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
},
"path_summary_nodes": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-26T02:27:36.919Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-26T02:27:36.919Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
],
"results_truncated": true,
"filtered_concrete_permissions": [
"text"
],
"corresponding_abstract_permissions": [
"text"
],
"filtered_concrete_permission_groups": [
{
"permissions": [
"text"
]
}
],
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-26T02:27:36.919Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-26T02:27:36.919Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-26T02:27:36.919Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
},
"additional_path_properties": {
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
}
}
],
"approx_total_source_nodes_count": "text",
"next_page_token": "text",
"has_more": true
}
Sample request:
The following example searches for AWS IAM users with permissions to modify S3 bucket ACLs:
curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{
"query_type": "SOURCE_TO_DESTINATION",
"include_nodes": true,
"source_node_types": {
"nodes": [
{
"node_type": "AwsIamUser"
}
]
},
"destination_node_types": {
"nodes": [
{
"node_type": "S3Bucket"
}
]
},
"no_relation": false,
"raw_permissions": {
"operator": "OR",
"values": [
"s3:PutBucketAcl"
]
}
}'
Sample response:
{
"values": [
{
"id": "arn:aws:iam::877042069677:user/j.smith",
"type": "AwsIamUser",
"properties": {
"aws_account_id": "877042069677",
"created_at": "2021-11-15T15:14:47Z",
"datasource_id": "877042069677:awsiam",
"full_admin": true,
"identity_unique_id": "j.smith",
"last_used_at": "2023-05-25T00:00:00Z",
"name": "j.smith",
"password_last_used_at": "2023-05-25T00:00:00Z",
"permission_boundary_controlled": false,
"programmatic_access_count": 1,
"programmatic_last_used_at": "2022-04-20T00:00:00Z",
"provider_id": "877042069677",
"root": false,
"user_type": ""
},
"destination_node_count": 25,
"permissions": [],
"engagement_access_stats": null,
"access_stats": null,
"destination_node_ids": [],
"risk_level": "CRITICAL",
"raw_permissions": [],
"effective_permissions": []
}
],
"path_values": [],
"next_page_token": "eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjRmYWIxZDUyLWYzZjgtNGNkZS05MmVmLWVmZTc4OThlM2M2MCIsImlkIjoiYXJuOmF3czppYW06Ojg3NzA0MjA2OTY3Nzp1c2VyL2Fhcm9uLmJpbmZvcmQiLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZCJ9LCJMYXN0Ijp7ImR1cGxpY2F0aW9uX3Njb3BlX2lkIjoiNGZhYjFkNTItZjNmOC00Y2RlLTkyZWYtZWZlNzg5OGUzYzYwIiwiaWQiOiJhcm46YXdzOmlhbTo6ODc3MDQyMDY5Njc3OnVzZXIvYWFyb24uYmluZm9yZCIsImxvd2VyX25hbWUiOiJhYXJvbi5iaW5mb3JkIn19",
"has_more": true
}
Here is a more complex example, which identifies Okta Users related to Snowflake Local Roles.
Using conditions, the query will only return users related to the BILLING
group AND another group, either the AUDITOR
role OR ROLE_A
Request:
curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{"query_type":"SOURCE_TO_DESTINATION","source_node_types":{"nodes":[{"node_type":"OktaUser","tags":[],"conditions":[],"condition_expression":null,"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"destination_node_types":null,"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":null,"customized_variables":[],"no_relation":false,"snapshot_id":"0","access_filter":null,"node_relationship_type":"EFFECTIVE_ACCESS","relates_to_exp":{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"},{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[],"operator":"OR","not":false,"and_op_type":"INFERRED"}],"operator":"AND","not":false,"and_op_type":"SOURCE_INTERSECT"},"path_summary_node_types":null,"all_entity_condition":null}'
Response:
{"values":[{"id":"00upfs3bV7G3ImWCL5d5","type":"OktaUser","properties":{"created_at":"2020-11-12T21:10:47Z","datasource_id":"dev-5150036.okta.com","email":"[email protected]","first_name":"Simona","idp_unique_id":"[email protected]","is_active":true,"last_name":"Morasca","login":"[email protected]","mfa_active":false,"name":"[email protected]","provider_id":"dev-5150036.okta.com","status":"STAGED","updated_at":"2020-11-12T21:10:47Z"},"destination_node_count":0,"permissions":[],"engagement_access_stats":null,"access_stats":null,"destination_node_ids":[],"risk_level":"CRITICAL","raw_permissions":[],"effective_permissions":[]}],"path_values":[],"next_page_token":"eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1Nmg4cnI2dkFzSUJqMW41ZDciLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZEB2ZXphdGVzdC5jb20ifSwiTGFzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1NTJzc3FldkozQ1d3QlM1ZDciLCJsb3dlcl9uYW1lIjoieXV3dUB2ZXphLmNvbSJ9fQ==","has_more":false}