Get Access Graph

Detailed graph relationships for certification results

Method

syntax

GET

/api/preview/awf/access_graph

Returns authorization graph relationships for a certification result, including intermediate role details and accumulated permissions.

Parameters

Name

Type

Description

Req.

certification_id

string

ID of a workflow certification

result_id

int

Certification result number to get access for

snapshot_id

string

Graph snapshot to get results from

Omit snapshot_id to get the most recent access graph. Specify the snapshot_id of the original certification to show relationships at the time of certification.

Examples

Request

curl 'https://{{VezaURL}}/api/preview/awf/access_graph' \
-H 'authorization: Bearer '$TOKEN \
-G -d 'certification_id=abe5c346-84ad-49b0-bafc-614a8365c883' \
-d 'result_id=1'

Response

The out_edges of each node will contain the IDs of other directly connected nodes. For example, if "OktaUser" is connected to two "OktaGroup" nodes G1 and G2, the user's out-edges will be [{G1}, {G2}]. The node id for each connected node will be included in the response, as well as the status of the relevant data sources, for example:

{
  "nodes": [
    {
      "properties": {
        "id": "arn:aws:iam::973979857296:role/FederatedS3",
        "name": "FederatedS3",
        "type": "AwsIamRole"
      },
      "out_edges": [
        {
          "destination_node_id": "arn:aws:iam::973979857296:role/FederatedS3::eperm::877042069677/S3Bucket/2ce2cbf45bcc5d748c800358d9932a251d670509"
        }
      ]
    },
    {
      "properties": {
        "id": "0bba9374-d4f5-4c77-93d2-7dfde581fa8a",
        "name": "Abel_Maclead",
        "type": "AzureADUser"
      },
      "out_edges": [
        {
          "destination_node_id": "arn:aws:iam::973979857296:role/FederatedS3"
        }
      ]
    },
    {
      "properties": {
        "id": "arn:aws:iam::973979857296:role/FederatedS3::eperm::877042069677/S3Bucket/2ce2cbf45bcc5d748c800358d9932a251d670509",
        "name": "Read",
        "type": "AwsIamEffectivePermission"
      },
      "out_edges": [
        {
          "destination_node_id": "arn:aws:s3:::cct-cct02-finance"
        }
      ]
    },
    {
      "properties": {
        "id": "arn:aws:s3:::cct-cct02-finance",
        "name": "cct-cct02-finance",
        "type": "S3Bucket"
      },
      "out_edges": []
    }
  ],
  "accumulated_effective_permissions": [
    "Read"
  ],
  "accumulated_raw_permissions": [
    "s3:GetObject"
  ],
  "datasource_infos": [
        {
            "datasource_id": "160e97cf-4b8a-4841-800b-49f8d6fa17ef",
            "external_id": "160e97cf-4b8a-4841-800b-49f8d6fa17ef",
            "name": "",
            "last_sync_time": "2022-09-12T22:15:34.874682421Z",
            "agent_type": "",
            "has_error": false,
            "is_deleted": false,
            "reason": "",
            "last_error_message": "",
            "has_warning": false
        },
        {
            "datasource_id": "",
            "external_id": "",
            "name": "",
            "last_sync_time": "2022-09-12T22:09:47.245436023Z",
            "agent_type": "",
            "has_error": false,
            "is_deleted": false,
            "reason": "",
            "last_error_message": "",
            "has_warning": false
        }
  ]
}

PreviousList Reviewer Infos NextAutomations API

Last updated 1 year ago

Was this helpful?