GetAssessmentQuerySpecResult Returns the total count of results for a query specification.
The response will include a number_value representing the total number of results.
post
Authorizations
AuthorizationstringRequired
Veza API key for authentication.
Generate keys in Administration > API Keys.
Body
Assessment query specification defining access relationships to analyze. Specifies source entities, relationship expressions, and permission/access filters for querying the Veza Authorization Graph. Migration note: Several fields are deprecated in favor of relates_to_exp, which provides a more flexible boolean expression syntax for defining access relationships. Deprecated fields: destination_node_types, required_intermediate_node_types, avoided_intermediate_node_types, raw_permissions, effective_permissions, and no_relation.
query_typeinteger · enumOptional
The type of assessment query to execute (enum). Values: 0 = SYSTEM_CREATED, 1 = SOURCE_TO_DESTINATION, 2 = DESTINATION_NODES.
no_relationbooleanOptionalDeprecated
Deprecated. Use relates_to_exp instead. When true, queries for entities with no access relationship.
snapshot_idstringOptional
Optional snapshot ID to query against a specific point-in-time data snapshot.
node_relationship_typeinteger · enumOptional
result_value_typeinteger · enumOptional
Controls the shape of query results. Determines whether results contain source nodes with counts, source-and-destination node pairs, or other result formats.
include_all_source_tags_in_resultsbooleanOptional
These fields control whether or not tags will be included in source and/or destination results
Allows FE to Alert BE if permissions are being displayed to the user
include_sub_permissionsbooleanOptional
Include node with sub permissions which is a permission showing for a resource when in reality the permission applies to a subresource.
include_permissions_summarybooleanOptional
This field should be used with AssessmentQueryResultValueType SOURCE_NODES_WITH_COUNTS to include permissions summarized (aggregated) by source node, meaning it contains all permissions used by each source node
unpivot_propertiesstring[]Optional
The properties that should be unpivoted in the results producing multiple rows per node/path
To be able to unpivot a property, it must be a list/array type property.
If multiple properties are used result will be Cartesian product(all unpivot combinations for node).
If property does not exist on a node, and it is a valid property, we will just add that node as is.
Syntax to specify properties is the full path to the property using dot notation and using properties json names.
Both values and pathValues can be unpivoted:
Valid pathValues for unpivoting:
unsupported_conditions.<condition_name>.conditions, joined_nodes..<valid_value_for_unpivoting>,
source.<valid_value_for_unpivoting>, destination.<valid_value_for_unpivoting>, waypoint.<valid_value_for_unpivoting>,
abstract_permissions,concrete_permissions, filtered_concrete_permissions, corresponding_abstract_permissions
Examples for Unpivoting values:
Single field:
unpivot_properties: ["properties.email_addresses"]
result_values: {Values: [
{id:"1","properties"{"email_addresses":["[email protected]","[email protected]"]}}
]}
After unpivot -> Multiple nodes with id 1:
result_values: {Values: [
{id:"1","properties"{"email_addresses":"[email protected]"}},
{id:"1","properties"{"email_addresses":"[email protected]"}}
]}
Single field with missing unpivot property:
unpivot_properties: ["properties.email_addresses"]
result_values: {Values: [
{id:"1","properties"{"permissions": "abc"]}}
]}
After unpivot -> Single node with id 1 (no email_addresses property to unpivot):
result_values: {Values: [
{id:"1","properties"{"permissions":"abc"}},
]}
