Get query spec nodes

GetAssessmentQuerySpecNodes returns the entity details for nodes in the query without generating a result count. This option uses pagination and can be faster for complex queries where the total number of search results is not needed.

The request must include the full query spec object and the source_node_id of the query result to retrieve destination nodes for. Additionally, providing a snapshot_id will return destination nodes based on a Time Machine snapshot.

When specifying a page_size in the query string, responses will include the next_page_token and indicate has_more if additional results are available. Note that a page can be empty even when more results exist.

post
Authorizations
Query parameters
page_sizestringOptional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

order_bystringOptional

Valid ordering options are destination_node_count ASC/DESC and risk_score ASC/DESC. Note: These options are used for ordering source nodes only.

Body
query_typeinteger · enumOptional
no_relationbooleanOptionalDeprecated
snapshot_idstringOptional
access_filterall ofOptional

when the specified filter would include all numeric values (ie >= 0 or <= 100), results will also include rows which have no OPS available (nulls)

node_relationship_typeinteger · enumOptional
relates_to_expall ofOptional

A boolean expression describing the "relates to" types.

path_summary_count_conditionsall ofOptional

Can be used when path_summary_node_types are set to specify the path length

result_value_typeinteger · enumOptional
include_all_source_tags_in_resultsbooleanOptional

These fields control whether or not tags will be included in source and/or destination results

include_all_destination_tags_in_resultsbooleanOptional
additional_columns_to_getinteger · enum[]Optional

Allows FE to Alert BE if permissions are being displayed to the user

include_sub_permissionsbooleanOptional

Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.

include_permissions_summarybooleanOptional

This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node

page_sizestringOptional

The maximum number of results to be returned. Fewer results may be returned even when more pages exist.

page_tokenstringOptional

The token specifying the specific page of results to retrieve.

Responses
200
OK
application/json
post
POST /api/v1/assessments/query_spec:nodes HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 7942

{
  "query_type": 1,
  "source_node_types": {
    "nodes": [
      {
        "node_type": "text",
        "condition_expression": {
          "specs": [
            {
              "fn": 1,
              "property": "text",
              "value": null,
              "not": true,
              "value_property_name": "text",
              "value_property_from_other_node": true
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 1,
          "not": true
        },
        "node_id": "text",
        "count_condition_expression": {
          "specs": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ],
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "include_zero_count_results": true
        },
        "direct_relationship_only": true,
        "node_type_grouping_constraint": {
          "node_types": [
            "text"
          ],
          "constraint_type": 1
        },
        "properties_to_get": [
          "text"
        ],
        "tags_to_get": [
          {
            "type": 1,
            "key": "text"
          }
        ],
        "integration_types": [
          "text"
        ]
      }
    ],
    "nodes_operator": 1
  },
  "destination_node_types": {
    "nodes": [
      {
        "node_type": "text",
        "condition_expression": {
          "specs": [
            {
              "fn": 1,
              "property": "text",
              "value": null,
              "not": true,
              "value_property_name": "text",
              "value_property_from_other_node": true
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 1,
          "not": true
        },
        "node_id": "text",
        "count_condition_expression": {
          "specs": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ],
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "include_zero_count_results": true
        },
        "direct_relationship_only": true,
        "node_type_grouping_constraint": {
          "node_types": [
            "text"
          ],
          "constraint_type": 1
        },
        "properties_to_get": [
          "text"
        ],
        "tags_to_get": [
          {
            "type": 1,
            "key": "text"
          }
        ],
        "integration_types": [
          "text"
        ]
      }
    ],
    "nodes_operator": 1
  },
  "required_intermediate_node_types": {
    "nodes": [
      {
        "node_type": "text",
        "condition_expression": {
          "specs": [
            {
              "fn": 1,
              "property": "text",
              "value": null,
              "not": true,
              "value_property_name": "text",
              "value_property_from_other_node": true
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 1,
          "not": true
        },
        "node_id": "text",
        "count_condition_expression": {
          "specs": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ],
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "include_zero_count_results": true
        },
        "direct_relationship_only": true,
        "node_type_grouping_constraint": {
          "node_types": [
            "text"
          ],
          "constraint_type": 1
        },
        "properties_to_get": [
          "text"
        ],
        "tags_to_get": [
          {
            "type": 1,
            "key": "text"
          }
        ],
        "integration_types": [
          "text"
        ]
      }
    ],
    "nodes_operator": 1
  },
  "avoided_intermediate_node_types": {
    "nodes": [
      {
        "node_type": "text",
        "condition_expression": {
          "specs": [
            {
              "fn": 1,
              "property": "text",
              "value": null,
              "not": true,
              "value_property_name": "text",
              "value_property_from_other_node": true
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 1,
          "not": true
        },
        "node_id": "text",
        "count_condition_expression": {
          "specs": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ],
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "include_zero_count_results": true
        },
        "direct_relationship_only": true,
        "node_type_grouping_constraint": {
          "node_types": [
            "text"
          ],
          "constraint_type": 1
        },
        "properties_to_get": [
          "text"
        ],
        "tags_to_get": [
          {
            "type": 1,
            "key": "text"
          }
        ],
        "integration_types": [
          "text"
        ]
      }
    ],
    "nodes_operator": 1
  },
  "raw_permissions": {
    "values": [
      "text"
    ],
    "operator": 1
  },
  "effective_permissions": {
    "values": [
      1
    ],
    "operator": 1
  },
  "customized_variables": [
    {
      "key": "text",
      "value": "text"
    }
  ],
  "snapshot_id": "text",
  "access_filter": {
    "engagement_score": {
      "op": 1,
      "value": 1
    },
    "over_provisioned_score": {
      "op": 1,
      "value": 1
    },
    "include_secondary_grantee": true,
    "include_indirect_resource": true,
    "exclude_indirect_grantee": true,
    "anomaly_detection_history_days": "text",
    "last_used": {
      "op": 1,
      "value": "2025-08-05T01:16:05.859Z",
      "target": 1,
      "relative_timevar_value": "text"
    }
  },
  "node_relationship_type": 1,
  "relates_to_exp": {
    "specs": [
      {
        "node_types": {
          "nodes": "[Circular Reference]",
          "nodes_operator": 1
        },
        "required_intermediate_node_types": {
          "nodes": "[Circular Reference]",
          "nodes_operator": 1
        },
        "avoided_intermediate_node_types": {
          "nodes": "[Circular Reference]",
          "nodes_operator": 1
        },
        "raw_permissions": {
          "values": [
            "text"
          ],
          "operator": 1
        },
        "effective_permissions": {
          "values": [
            1
          ],
          "operator": 1
        },
        "unsupported_condition_mode": 1,
        "no_relation": true,
        "direction": 1
      }
    ],
    "child_expressions": [
      {
        "specs": [
          {
            "node_types": {
              "nodes": "[Circular Reference]",
              "nodes_operator": 1
            },
            "required_intermediate_node_types": {
              "nodes": "[Circular Reference]",
              "nodes_operator": 1
            },
            "avoided_intermediate_node_types": {
              "nodes": "[Circular Reference]",
              "nodes_operator": 1
            },
            "raw_permissions": {
              "values": [
                "text"
              ],
              "operator": 1
            },
            "effective_permissions": {
              "values": [
                1
              ],
              "operator": 1
            },
            "unsupported_condition_mode": 1,
            "no_relation": true,
            "direction": 1
          }
        ],
        "child_expressions": [
          "[Circular Reference]"
        ],
        "operator": 1,
        "not": true,
        "and_op_type": 1
      }
    ],
    "operator": 1,
    "not": true,
    "and_op_type": 1
  },
  "path_summary_node_types": {
    "nodes": [
      {
        "node_type": "text",
        "condition_expression": {
          "specs": [
            {
              "fn": 1,
              "property": "text",
              "value": null,
              "not": true,
              "value_property_name": "text",
              "value_property_from_other_node": true
            }
          ],
          "tag_specs": [
            {
              "tag": {
                "type": "text",
                "key": "text",
                "value": "text",
                "properties": {
                  "ANY_ADDITIONAL_PROPERTY": null
                }
              },
              "exclude": true
            }
          ],
          "child_expressions": [
            "[Circular Reference]"
          ],
          "operator": 1,
          "not": true
        },
        "node_id": "text",
        "count_condition_expression": {
          "specs": [
            {
              "fn": 1,
              "value": "text",
              "value_as": 1
            }
          ],
          "child_expressions": "[Circular Reference]",
          "operator": 1,
          "not": true,
          "include_zero_count_results": true
        },
        "direct_relationship_only": true,
        "node_type_grouping_constraint": {
          "node_types": [
            "text"
          ],
          "constraint_type": 1
        },
        "properties_to_get": [
          "text"
        ],
        "tags_to_get": [
          {
            "type": 1,
            "key": "text"
          }
        ],
        "integration_types": [
          "text"
        ]
      }
    ],
    "nodes_operator": 1
  },
  "all_entity_condition": {
    "specs": [
      {
        "fn": 1,
        "property": "text",
        "value": null,
        "not": true,
        "value_property_name": "text",
        "value_property_from_other_node": true
      }
    ],
    "tag_specs": [
      {
        "tag": {
          "type": "text",
          "key": "text",
          "value": "text",
          "properties": {
            "ANY_ADDITIONAL_PROPERTY": null
          }
        },
        "exclude": true
      }
    ],
    "child_expressions": [
      {
        "specs": [
          {
            "fn": 1,
            "property": "text",
            "value": null,
            "not": true,
            "value_property_name": "text",
            "value_property_from_other_node": true
          }
        ],
        "tag_specs": [
          {
            "tag": {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            },
            "exclude": true
          }
        ],
        "child_expressions": [
          {
            "specs": [
              {
                "fn": 1,
                "property": "text",
                "value": null,
                "not": true,
                "value_property_name": "text",
                "value_property_from_other_node": true
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 1,
            "not": true
          }
        ],
        "operator": 1,
        "not": true
      }
    ],
    "operator": 1,
    "not": true
  },
  "path_summary_count_conditions": {
    "conditions": [
      {
        "fn": 1,
        "value": "text",
        "value_as": 1
      }
    ]
  },
  "result_value_type": 1,
  "include_all_source_tags_in_results": true,
  "include_all_destination_tags_in_results": true,
  "additional_columns_to_get": [
    1
  ],
  "result_enrichment": {
    "join_node_specs": [
      {
        "with": "text",
        "node_spec": {
          "node_type": "text",
          "condition_expression": {
            "specs": [
              {
                "fn": 1,
                "property": "text",
                "value": null,
                "not": true,
                "value_property_name": "text",
                "value_property_from_other_node": true
              }
            ],
            "tag_specs": [
              {
                "tag": {
                  "type": "text",
                  "key": "text",
                  "value": "text",
                  "properties": {
                    "ANY_ADDITIONAL_PROPERTY": null
                  }
                },
                "exclude": true
              }
            ],
            "child_expressions": [
              "[Circular Reference]"
            ],
            "operator": 1,
            "not": true
          },
          "node_id": "text",
          "count_condition_expression": {
            "specs": [
              {
                "fn": 1,
                "value": "text",
                "value_as": 1
              }
            ],
            "child_expressions": "[Circular Reference]",
            "operator": 1,
            "not": true,
            "include_zero_count_results": true
          },
          "direct_relationship_only": true,
          "node_type_grouping_constraint": {
            "node_types": [
              "text"
            ],
            "constraint_type": 1
          },
          "properties_to_get": [
            "text"
          ],
          "tags_to_get": [
            {
              "type": 1,
              "key": "text"
            }
          ],
          "integration_types": [
            "text"
          ]
        },
        "as": "text"
      }
    ],
    "outlier_detection": {
      "type": 1
    },
    "include_associated_risks": true,
    "risks_filter": "text"
  },
  "include_sub_permissions": true,
  "include_permissions_summary": true,
  "page_size": "text",
  "page_token": "text"
}
{
  "values": [
    {
      "id": "text",
      "type": "text",
      "properties": {},
      "destination_node_count": 1,
      "engagement_access_stats": {
        "engagement_score": 1,
        "over_provisioned_score": 1,
        "total_count": "text",
        "accessed_count": "text"
      },
      "access_stats": {
        "last_used": "2025-08-05T01:16:05.859Z",
        "count": 1,
        "concrete_permissions": [
          "text"
        ],
        "canonical_permissions": [
          "text"
        ]
      },
      "risk_level": 1,
      "raw_permissions": [
        "text"
      ],
      "effective_permissions": [
        "text"
      ],
      "unsupported_conditions": {
        "ANY_ADDITIONAL_PROPERTY": {
          "conditions": [
            "text"
          ]
        }
      },
      "destination_node_percentage_of_total": 1,
      "tags": [
        {
          "type": "text",
          "key": "text",
          "value": "text",
          "properties": {
            "ANY_ADDITIONAL_PROPERTY": null
          }
        }
      ],
      "specified_tags": [
        {
          "type": "text",
          "key": "text",
          "value": "text",
          "properties": {
            "ANY_ADDITIONAL_PROPERTY": null
          }
        }
      ],
      "filtered_raw_permissions": [
        "text"
      ],
      "corresponding_effective_permissions": [
        "text"
      ],
      "single_entity_access_stats": {
        "last_used": "2025-08-05T01:16:05.859Z",
        "last_used_with_events_for": [
          {
            "name": "text",
            "last_used": "2025-08-05T01:16:05.859Z"
          }
        ]
      },
      "additional_node_properties": {
        "role_substitution_recommended_role": "text",
        "role_substitution_reason_for_high_priv_role": "text",
        "role_substitution_error": "text",
        "default_cohort_role_users_in_cohort": [
          "text"
        ],
        "default_cohort_role": "text",
        "default_cohort_role_all_common_roles": [
          "text"
        ],
        "default_cohort_role_error": "text",
        "login_anomaly_detection_stats": [
          {
            "time": "2025-08-05T01:16:05.859Z",
            "login_count": "text",
            "median_login_count": 1,
            "outlier_prediction": 1
          }
        ],
        "outlier_prediction": {
          "prediction": 1,
          "score": 1,
          "contributing_features": [
            {
              "name": "text",
              "value": 1,
              "explanation": "text"
            }
          ]
        },
        "associated_risks": [
          {
            "query_id": "text",
            "suppressed": true,
            "risk_level": 1
          }
        ]
      },
      "integration_type": "text"
    }
  ],
  "path_values": [
    {
      "source": {
        "id": "text",
        "type": "text",
        "properties": {},
        "destination_node_count": 1,
        "engagement_access_stats": {
          "engagement_score": 1,
          "over_provisioned_score": 1,
          "total_count": "text",
          "accessed_count": "text"
        },
        "access_stats": {
          "last_used": "2025-08-05T01:16:05.859Z",
          "count": 1,
          "concrete_permissions": [
            "text"
          ],
          "canonical_permissions": [
            "text"
          ]
        },
        "risk_level": 1,
        "raw_permissions": [
          "text"
        ],
        "effective_permissions": [
          "text"
        ],
        "unsupported_conditions": {
          "ANY_ADDITIONAL_PROPERTY": {
            "conditions": [
              "text"
            ]
          }
        },
        "destination_node_percentage_of_total": 1,
        "tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "specified_tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "filtered_raw_permissions": [
          "text"
        ],
        "corresponding_effective_permissions": [
          "text"
        ],
        "single_entity_access_stats": {
          "last_used": "2025-08-05T01:16:05.859Z",
          "last_used_with_events_for": [
            {
              "name": "text",
              "last_used": "2025-08-05T01:16:05.859Z"
            }
          ]
        },
        "additional_node_properties": {
          "role_substitution_recommended_role": "text",
          "role_substitution_reason_for_high_priv_role": "text",
          "role_substitution_error": "text",
          "default_cohort_role_users_in_cohort": [
            "text"
          ],
          "default_cohort_role": "text",
          "default_cohort_role_all_common_roles": [
            "text"
          ],
          "default_cohort_role_error": "text",
          "login_anomaly_detection_stats": [
            {
              "time": "2025-08-05T01:16:05.859Z",
              "login_count": "text",
              "median_login_count": 1,
              "outlier_prediction": 1
            }
          ],
          "outlier_prediction": {
            "prediction": 1,
            "score": 1,
            "contributing_features": [
              {
                "name": "text",
                "value": 1,
                "explanation": "text"
              }
            ]
          },
          "associated_risks": [
            {
              "query_id": "text",
              "suppressed": true,
              "risk_level": 1
            }
          ]
        },
        "integration_type": "text"
      },
      "abstract_permissions": [
        "text"
      ],
      "concrete_permissions": [
        "text"
      ],
      "unsupported_conditions": {
        "ANY_ADDITIONAL_PROPERTY": {
          "conditions": [
            "text"
          ]
        }
      },
      "destination": {
        "id": "text",
        "type": "text",
        "properties": {},
        "destination_node_count": 1,
        "engagement_access_stats": {
          "engagement_score": 1,
          "over_provisioned_score": 1,
          "total_count": "text",
          "accessed_count": "text"
        },
        "access_stats": {
          "last_used": "2025-08-05T01:16:05.859Z",
          "count": 1,
          "concrete_permissions": [
            "text"
          ],
          "canonical_permissions": [
            "text"
          ]
        },
        "risk_level": 1,
        "raw_permissions": [
          "text"
        ],
        "effective_permissions": [
          "text"
        ],
        "unsupported_conditions": {
          "ANY_ADDITIONAL_PROPERTY": {
            "conditions": [
              "text"
            ]
          }
        },
        "destination_node_percentage_of_total": 1,
        "tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "specified_tags": [
          {
            "type": "text",
            "key": "text",
            "value": "text",
            "properties": {
              "ANY_ADDITIONAL_PROPERTY": null
            }
          }
        ],
        "filtered_raw_permissions": [
          "text"
        ],
        "corresponding_effective_permissions": [
          "text"
        ],
        "single_entity_access_stats": {
          "last_used": "2025-08-05T01:16:05.859Z",
          "last_used_with_events_for": [
            {
              "name": "text",
              "last_used": "2025-08-05T01:16:05.859Z"
            }
          ]
        },
        "additional_node_properties": {
          "role_substitution_recommended_role": "text",
          "role_substitution_reason_for_high_priv_role": "text",
          "role_substitution_error": "text",
          "default_cohort_role_users_in_cohort": [
            "text"
          ],
          "default_cohort_role": "text",
          "default_cohort_role_all_common_roles": [
            "text"
          ],
          "default_cohort_role_error": "text",
          "login_anomaly_detection_stats": [
            {
              "time": "2025-08-05T01:16:05.859Z",
              "login_count": "text",
              "median_login_count": 1,
              "outlier_prediction": 1
            }
          ],
          "outlier_prediction": {
            "prediction": 1,
            "score": 1,
            "contributing_features": [
              {
                "name": "text",
                "value": 1,
                "explanation": "text"
              }
            ]
          },
          "associated_risks": [
            {
              "query_id": "text",
              "suppressed": true,
              "risk_level": 1
            }
          ]
        },
        "integration_type": "text"
      },
      "path_summary_nodes": [
        {
          "id": "text",
          "type": "text",
          "properties": {},
          "destination_node_count": 1,
          "engagement_access_stats": {
            "engagement_score": 1,
            "over_provisioned_score": 1,
            "total_count": "text",
            "accessed_count": "text"
          },
          "access_stats": {
            "last_used": "2025-08-05T01:16:05.859Z",
            "count": 1,
            "concrete_permissions": [
              "text"
            ],
            "canonical_permissions": [
              "text"
            ]
          },
          "risk_level": 1,
          "raw_permissions": [
            "text"
          ],
          "effective_permissions": [
            "text"
          ],
          "unsupported_conditions": {
            "ANY_ADDITIONAL_PROPERTY": {
              "conditions": [
                "text"
              ]
            }
          },
          "destination_node_percentage_of_total": 1,
          "tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "specified_tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "filtered_raw_permissions": [
            "text"
          ],
          "corresponding_effective_permissions": [
            "text"
          ],
          "single_entity_access_stats": {
            "last_used": "2025-08-05T01:16:05.859Z",
            "last_used_with_events_for": [
              {
                "name": "text",
                "last_used": "2025-08-05T01:16:05.859Z"
              }
            ]
          },
          "additional_node_properties": {
            "role_substitution_recommended_role": "text",
            "role_substitution_reason_for_high_priv_role": "text",
            "role_substitution_error": "text",
            "default_cohort_role_users_in_cohort": [
              "text"
            ],
            "default_cohort_role": "text",
            "default_cohort_role_all_common_roles": [
              "text"
            ],
            "default_cohort_role_error": "text",
            "login_anomaly_detection_stats": [
              {
                "time": "2025-08-05T01:16:05.859Z",
                "login_count": "text",
                "median_login_count": 1,
                "outlier_prediction": 1
              }
            ],
            "outlier_prediction": {
              "prediction": 1,
              "score": 1,
              "contributing_features": [
                {
                  "name": "text",
                  "value": 1,
                  "explanation": "text"
                }
              ]
            },
            "associated_risks": [
              {
                "query_id": "text",
                "suppressed": true,
                "risk_level": 1
              }
            ]
          },
          "integration_type": "text"
        }
      ],
      "results_truncated": true,
      "filtered_concrete_permissions": [
        "text"
      ],
      "corresponding_abstract_permissions": [
        "text"
      ],
      "filtered_concrete_permission_groups": [
        {
          "permissions": [
            "text"
          ]
        }
      ],
      "joined_nodes": {
        "ANY_ADDITIONAL_PROPERTY": {
          "id": "text",
          "type": "text",
          "properties": {},
          "destination_node_count": 1,
          "engagement_access_stats": {
            "engagement_score": 1,
            "over_provisioned_score": 1,
            "total_count": "text",
            "accessed_count": "text"
          },
          "access_stats": {
            "last_used": "2025-08-05T01:16:05.859Z",
            "count": 1,
            "concrete_permissions": [
              "text"
            ],
            "canonical_permissions": [
              "text"
            ]
          },
          "risk_level": 1,
          "raw_permissions": [
            "text"
          ],
          "effective_permissions": [
            "text"
          ],
          "unsupported_conditions": {
            "ANY_ADDITIONAL_PROPERTY": {
              "conditions": [
                "text"
              ]
            }
          },
          "destination_node_percentage_of_total": 1,
          "tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "specified_tags": [
            {
              "type": "text",
              "key": "text",
              "value": "text",
              "properties": {
                "ANY_ADDITIONAL_PROPERTY": null
              }
            }
          ],
          "filtered_raw_permissions": [
            "text"
          ],
          "corresponding_effective_permissions": [
            "text"
          ],
          "single_entity_access_stats": {
            "last_used": "2025-08-05T01:16:05.859Z",
            "last_used_with_events_for": [
              {
                "name": "text",
                "last_used": "2025-08-05T01:16:05.859Z"
              }
            ]
          },
          "additional_node_properties": {
            "role_substitution_recommended_role": "text",
            "role_substitution_reason_for_high_priv_role": "text",
            "role_substitution_error": "text",
            "default_cohort_role_users_in_cohort": [
              "text"
            ],
            "default_cohort_role": "text",
            "default_cohort_role_all_common_roles": [
              "text"
            ],
            "default_cohort_role_error": "text",
            "login_anomaly_detection_stats": [
              {
                "time": "2025-08-05T01:16:05.859Z",
                "login_count": "text",
                "median_login_count": 1,
                "outlier_prediction": 1
              }
            ],
            "outlier_prediction": {
              "prediction": 1,
              "score": 1,
              "contributing_features": [
                {
                  "name": "text",
                  "value": 1,
                  "explanation": "text"
                }
              ]
            },
            "associated_risks": [
              {
                "query_id": "text",
                "suppressed": true,
                "risk_level": 1
              }
            ]
          },
          "integration_type": "text"
        }
      },
      "additional_path_properties": {
        "outlier_prediction": {
          "prediction": 1,
          "score": 1,
          "contributing_features": [
            {
              "name": "text",
              "value": 1,
              "explanation": "text"
            }
          ]
        },
        "associated_risks": [
          {
            "query_id": "text",
            "suppressed": true,
            "risk_level": 1
          }
        ]
      }
    }
  ],
  "approx_total_source_nodes_count": "text",
  "next_page_token": "text",
  "has_more": true
}

Sample request:

The following example searches for AWS IAM users with permissions to modify S3 bucket ACLs:

curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{
  "query_type": "SOURCE_TO_DESTINATION",
  "include_nodes": true,
  "source_node_types": {
    "nodes": [
      {
        "node_type": "AwsIamUser"
      }
    ]
  },
  "destination_node_types": {
    "nodes": [
      {
        "node_type": "S3Bucket"
      }
    ]
  },
  "no_relation": false,
  "raw_permissions": {
    "operator": "OR",
    "values": [
      "s3:PutBucketAcl"
    ]
  }
}'

Sample response:

{
  "values": [
    {
      "id": "arn:aws:iam::877042069677:user/j.smith",
      "type": "AwsIamUser",
      "properties": {
        "aws_account_id": "877042069677",
        "created_at": "2021-11-15T15:14:47Z",
        "datasource_id": "877042069677:awsiam",
        "full_admin": true,
        "identity_unique_id": "j.smith",
        "last_used_at": "2023-05-25T00:00:00Z",
        "name": "j.smith",
        "password_last_used_at": "2023-05-25T00:00:00Z",
        "permission_boundary_controlled": false,
        "programmatic_access_count": 1,
        "programmatic_last_used_at": "2022-04-20T00:00:00Z",
        "provider_id": "877042069677",
        "root": false,
        "user_type": ""
      },
      "destination_node_count": 25,
      "permissions": [],
      "engagement_access_stats": null,
      "access_stats": null,
      "destination_node_ids": [],
      "risk_level": "CRITICAL",
      "raw_permissions": [],
      "effective_permissions": []
    }
  ],
  "path_values": [],
  "next_page_token": "eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjRmYWIxZDUyLWYzZjgtNGNkZS05MmVmLWVmZTc4OThlM2M2MCIsImlkIjoiYXJuOmF3czppYW06Ojg3NzA0MjA2OTY3Nzp1c2VyL2Fhcm9uLmJpbmZvcmQiLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZCJ9LCJMYXN0Ijp7ImR1cGxpY2F0aW9uX3Njb3BlX2lkIjoiNGZhYjFkNTItZjNmOC00Y2RlLTkyZWYtZWZlNzg5OGUzYzYwIiwiaWQiOiJhcm46YXdzOmlhbTo6ODc3MDQyMDY5Njc3OnVzZXIvYWFyb24uYmluZm9yZCIsImxvd2VyX25hbWUiOiJhYXJvbi5iaW5mb3JkIn19",
  "has_more": true
}

Here is a more complex example, which identifies Okta Users related to Snowflake Local Roles.

Using conditions, the query will only return users related to the BILLING group AND another group, either the AUDITOR role OR ROLE_A

Request:

curl -X 'POST' \
"$BASE_URL/api/v1/assessments/query_spec:nodes?page_size=1&page_token=" \
-H "authorization: Bearer $VEZA_TOKEN" \
-d '{"query_type":"SOURCE_TO_DESTINATION","source_node_types":{"nodes":[{"node_type":"OktaUser","tags":[],"conditions":[],"condition_expression":null,"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"destination_node_types":null,"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":null,"customized_variables":[],"no_relation":false,"snapshot_id":"0","access_filter":null,"node_relationship_type":"EFFECTIVE_ACCESS","relates_to_exp":{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/BILLING","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[{"specs":[{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/AUDITOR","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"},{"node_types":{"nodes":[{"node_type":"SnowflakeRole","tags":[],"conditions":[],"condition_expression":{"specs":[{"fn":"EQ","property":"id","value":"dn44266.us-east-2.aws.snowflakecomputing.com/role/ROLE_A","not":false,"value_property_name":"","value_property_from_other_node":false}],"child_expressions":[],"operator":"AND","not":false},"node_id":"","excluded_tags":[],"count_conditions":[],"direct_relationship_only":false,"node_type_grouping_constraint":null}],"nodes_operator":"AND"},"required_intermediate_node_types":null,"avoided_intermediate_node_types":null,"raw_permissions":null,"effective_permissions":{"values":[],"operator":"OR"},"no_relation":false,"direction":"ANY_DIRECTION"}],"child_expressions":[],"operator":"OR","not":false,"and_op_type":"INFERRED"}],"operator":"AND","not":false,"and_op_type":"SOURCE_INTERSECT"},"path_summary_node_types":null,"all_entity_condition":null}'

Response:

{"values":[{"id":"00upfs3bV7G3ImWCL5d5","type":"OktaUser","properties":{"created_at":"2020-11-12T21:10:47Z","datasource_id":"dev-5150036.okta.com","email":"[email protected]","first_name":"Simona","idp_unique_id":"[email protected]","is_active":true,"last_name":"Morasca","login":"[email protected]","mfa_active":false,"name":"[email protected]","provider_id":"dev-5150036.okta.com","status":"STAGED","updated_at":"2020-11-12T21:10:47Z"},"destination_node_count":0,"permissions":[],"engagement_access_stats":null,"access_stats":null,"destination_node_ids":[],"risk_level":"CRITICAL","raw_permissions":[],"effective_permissions":[]}],"path_values":[],"next_page_token":"eyJGaXJzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1Nmg4cnI2dkFzSUJqMW41ZDciLCJsb3dlcl9uYW1lIjoiYWFyb24uYmluZm9yZEB2ZXphdGVzdC5jb20ifSwiTGFzdCI6eyJkdXBsaWNhdGlvbl9zY29wZV9pZCI6IjQwZjFlZGZiLWQ1Y2UtNGU4ZC1hNWVmLWY2MzhmMDgxYzMzYiIsImlkIjoiMDB1NTJzc3FldkozQ1d3QlM1ZDciLCJsb3dlcl9uYW1lIjoieXV3dUB2ZXphLmNvbSJ9fQ==","has_more":false}

Last updated

Was this helpful?