Get query spec nodes
GetAssessmentQuerySpecNodes returns the entity details for nodes in the query without generating a result count. This option uses pagination and can be faster for complex queries where the total number of search results is not needed.
The request must include the full query spec object and the source_node_id of the query result to retrieve destination nodes for. Additionally, providing a snapshot_id will return destination nodes based on a Time Machine snapshot.
When specifying a page_size in the query string, responses will include the next_page_token and indicate has_more if additional results are available. Note that a page can be empty even when more results exist.
post
Authorizations
Query parameters
page_sizestringOptional
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
page_tokenstringOptional
The token specifying the specific page of results to retrieve.
order_bystringOptional
Valid ordering options are destination_node_count ASC/DESC and risk_score ASC/DESC. Note: These options are used for ordering source nodes only.
Body
query_typeinteger · enumOptional
no_relationbooleanOptionalDeprecated
snapshot_idstringOptional
access_filterall ofOptional
when the specified filter would include all numeric values (ie >= 0 or <= 100), results will also include rows which have no OPS available (nulls)
node_relationship_typeinteger · enumOptional
relates_to_expall ofOptional
A boolean expression describing the "relates to" types.
path_summary_count_conditionsall ofOptional
Can be used when path_summary_node_types are set to specify the path length
result_value_typeinteger · enumOptional
include_all_source_tags_in_resultsbooleanOptional
These fields control whether or not tags will be included in source and/or destination results
include_all_destination_tags_in_resultsbooleanOptional
additional_columns_to_getinteger · enum[]Optional
Allows FE to Alert BE if permissions are being displayed to the user
include_sub_permissionsbooleanOptional
Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.
include_permissions_summarybooleanOptional
This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node
page_sizestringOptional
The maximum number of results to be returned. Fewer results may be returned even when more pages exist.
page_tokenstringOptional
The token specifying the specific page of results to retrieve.
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/assessments/query_spec:nodes HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 7942
{
"query_type": 1,
"source_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"destination_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"customized_variables": [
{
"key": "text",
"value": "text"
}
],
"snapshot_id": "text",
"access_filter": {
"engagement_score": {
"op": 1,
"value": 1
},
"over_provisioned_score": {
"op": 1,
"value": 1
},
"include_secondary_grantee": true,
"include_indirect_resource": true,
"exclude_indirect_grantee": true,
"anomaly_detection_history_days": "text",
"last_used": {
"op": 1,
"value": "2025-08-05T01:16:05.859Z",
"target": 1,
"relative_timevar_value": "text"
}
},
"node_relationship_type": 1,
"relates_to_exp": {
"specs": [
{
"node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1
}
],
"child_expressions": [
{
"specs": [
{
"node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"required_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"avoided_intermediate_node_types": {
"nodes": "[Circular Reference]",
"nodes_operator": 1
},
"raw_permissions": {
"values": [
"text"
],
"operator": 1
},
"effective_permissions": {
"values": [
1
],
"operator": 1
},
"unsupported_condition_mode": 1,
"no_relation": true,
"direction": 1
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true,
"and_op_type": 1
}
],
"operator": 1,
"not": true,
"and_op_type": 1
},
"path_summary_node_types": {
"nodes": [
{
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
}
],
"nodes_operator": 1
},
"all_entity_condition": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
{
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
{
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true
}
],
"operator": 1,
"not": true
}
],
"operator": 1,
"not": true
},
"path_summary_count_conditions": {
"conditions": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
]
},
"result_value_type": 1,
"include_all_source_tags_in_results": true,
"include_all_destination_tags_in_results": true,
"additional_columns_to_get": [
1
],
"result_enrichment": {
"join_node_specs": [
{
"with": "text",
"node_spec": {
"node_type": "text",
"condition_expression": {
"specs": [
{
"fn": 1,
"property": "text",
"value": null,
"not": true,
"value_property_name": "text",
"value_property_from_other_node": true
}
],
"tag_specs": [
{
"tag": {
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
},
"exclude": true
}
],
"child_expressions": [
"[Circular Reference]"
],
"operator": 1,
"not": true
},
"node_id": "text",
"count_condition_expression": {
"specs": [
{
"fn": 1,
"value": "text",
"value_as": 1
}
],
"child_expressions": "[Circular Reference]",
"operator": 1,
"not": true,
"include_zero_count_results": true
},
"direct_relationship_only": true,
"node_type_grouping_constraint": {
"node_types": [
"text"
],
"constraint_type": 1
},
"properties_to_get": [
"text"
],
"tags_to_get": [
{
"type": 1,
"key": "text"
}
],
"integration_types": [
"text"
]
},
"as": "text"
}
],
"outlier_detection": {
"type": 1
},
"include_associated_risks": true,
"risks_filter": "text"
},
"include_sub_permissions": true,
"include_permissions_summary": true,
"page_size": "text",
"page_token": "text"
}{
"values": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
],
"path_values": [
{
"source": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
},
"abstract_permissions": [
"text"
],
"concrete_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
},
"path_summary_nodes": [
{
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
],
"results_truncated": true,
"filtered_concrete_permissions": [
"text"
],
"corresponding_abstract_permissions": [
"text"
],
"filtered_concrete_permission_groups": [
{
"permissions": [
"text"
]
}
],
"joined_nodes": {
"ANY_ADDITIONAL_PROPERTY": {
"id": "text",
"type": "text",
"properties": {},
"destination_node_count": 1,
"engagement_access_stats": {
"engagement_score": 1,
"over_provisioned_score": 1,
"total_count": "text",
"accessed_count": "text"
},
"access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"count": 1,
"concrete_permissions": [
"text"
],
"canonical_permissions": [
"text"
]
},
"risk_level": 1,
"raw_permissions": [
"text"
],
"effective_permissions": [
"text"
],
"unsupported_conditions": {
"ANY_ADDITIONAL_PROPERTY": {
"conditions": [
"text"
]
}
},
"destination_node_percentage_of_total": 1,
"tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"specified_tags": [
{
"type": "text",
"key": "text",
"value": "text",
"properties": {
"ANY_ADDITIONAL_PROPERTY": null
}
}
],
"filtered_raw_permissions": [
"text"
],
"corresponding_effective_permissions": [
"text"
],
"single_entity_access_stats": {
"last_used": "2025-08-05T01:16:05.859Z",
"last_used_with_events_for": [
{
"name": "text",
"last_used": "2025-08-05T01:16:05.859Z"
}
]
},
"additional_node_properties": {
"role_substitution_recommended_role": "text",
"role_substitution_reason_for_high_priv_role": "text",
"role_substitution_error": "text",
"default_cohort_role_users_in_cohort": [
"text"
],
"default_cohort_role": "text",
"default_cohort_role_all_common_roles": [
"text"
],
"default_cohort_role_error": "text",
"login_anomaly_detection_stats": [
{
"time": "2025-08-05T01:16:05.859Z",
"login_count": "text",
"median_login_count": 1,
"outlier_prediction": 1
}
],
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
},
"integration_type": "text"
}
},
"additional_path_properties": {
"outlier_prediction": {
"prediction": 1,
"score": 1,
"contributing_features": [
{
"name": "text",
"value": 1,
"explanation": "text"
}
]
},
"associated_risks": [
{
"query_id": "text",
"suppressed": true,
"risk_level": 1
}
]
}
}
],
"approx_total_source_nodes_count": "text",
"next_page_token": "text",
"has_more": true
}Sample request:
The following example searches for AWS IAM users with permissions to modify S3 bucket ACLs:
curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{
"query_type": "SOURCE_TO_DESTINATION",
"include_nodes": true,
"source_node_types": {
"nodes": [
{
"node_type": "AwsIamUser"
}
]
},
"destination_node_types": {
"nodes": [
{
"node_type": "S3Bucket"
}
]
},
"no_relation": false,
"raw_permissions": {
"operator": "OR",
"values": [
"s3:PutBucketAcl"
]
}
}'Sample response:
{
"values": [
{
"id": "arn:aws:iam::877042069677:user/j.smith",
"type": "AwsIamUser",
"properties": {
"aws_account_id": "877042069677",
"created_at": "2021-11-15T15:14:47Z",
"datasource_id": "877042069677:awsiam",
"full_admin": true,
"identity_unique_id": "j.smith",
"last_used_at": "2023-05-25T00:00:00Z",
"name": "j.smith",
"password_last_used_at": "2023-05-25T00:00:00Z",
"permission_boundary_controlled": false,
"programmatic_access_count": 1,
"programmatic_last_used_at": "2022-04-20T00:00:00Z",
"provider_id": "877042069677",
"root": false,
"user_type": ""
},
"destination_node_count": 25,
"permissions": [],
"engagement_access_stats": null,
"access_stats": null,
"destination_node_ids": [],
"risk_level": "CRITICAL",
"raw_permissions": [],
"effective_permissions": []
}
],
"path_values": [],
"next_page_token": "eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjRmYWIxZDUyLWYzZjgtNGNkZS05MmVmLWVmZTc4OThlM2M2MCIsImlkIjoiYXJuOmF3czppYW06Ojg3NzA0MjA2OTY3Nzp1c2VyL2Fhcm9uLmJpbmZvcmQiLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZCJ9LCJMYXN0Ijp7ImR1cGxpY2F0aW9uX3Njb3BlX2lkIjoiNGZhYjFkNTItZjNmOC00Y2RlLTkyZWYtZWZlNzg5OGUzYzYwIiwiaWQiOiJhcm46YXdzOmlhbTo6ODc3MDQyMDY5Njc3OnVzZXIvYWFyb24uYmluZm9yZCIsImxvd2VyX25hbWUiOiJhYXJvbi5iaW5mb3JkIn19",
"has_more": true
}Here is a more complex example, which identifies Okta Users related to Snowflake Local Roles.
Using conditions, the query will only return users related to the BILLING group AND another group, either the AUDITOR role OR ROLE_A
Request:
curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{"query_type":"SOURCE_TO_DESTINATION","source_node_types":{"nodes":[{"node_type":"OktaUser","tags":[],"conditions":[],"condition_expression":null,"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"destination_node_types":null,"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":null,"customized_variables":[],"no_relation":false,"snapshot_id":"0","access_filter":null,"node_relationship_type":"EFFECTIVE_ACCESS","relates_to_exp":{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"},{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[],"operator":"OR","not":false,"and_op_type":"INFERRED"}],"operator":"AND","not":false,"and_op_type":"SOURCE_INTERSECT"},"path_summary_node_types":null,"all_entity_condition":null}'Response:
{"values":[{"id":"00upfs3bV7G3ImWCL5d5","type":"OktaUser","properties":{"created_at":"2020-11-12T21:10:47Z","datasource_id":"dev-5150036.okta.com","email":"[email protected]","first_name":"Simona","idp_unique_id":"[email protected]","is_active":true,"last_name":"Morasca","login":"[email protected]","mfa_active":false,"name":"[email protected]","provider_id":"dev-5150036.okta.com","status":"STAGED","updated_at":"2020-11-12T21:10:47Z"},"destination_node_count":0,"permissions":[],"engagement_access_stats":null,"access_stats":null,"destination_node_ids":[],"risk_level":"CRITICAL","raw_permissions":[],"effective_permissions":[]}],"path_values":[],"next_page_token":"eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1Nmg4cnI2dkFzSUJqMW41ZDciLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZEB2ZXphdGVzdC5jb20ifSwiTGFzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1NTJzc3FldkozQ1d3QlM1ZDciLCJsb3dlcl9uYW1lIjoieXV3dUB2ZXphLmNvbSJ9fQ==","has_more":false}Last updated
Was this helpful?