assignPermissionsForResources()

API Stability	`Preview`

The assignPermissionsForResources() GraphQL mutation is used to assign permissions to users or groups for a resource. This is a preview and subject to change.

Syntax

Below is the syntax for the assignPermissionsForResources() mutation field:

graphql

assignPermissionsForResources(
      input: [PermissionAssignmentInputType!]!
   ): [UserOrGroup!]!

Below is an example of how this mutation field might be used:

Show:

graphql

mutation {
   assignPermissionsForResources(input: [
    {actor: { actorId: "DDKkhSA4j5vf1qbcNwes9ywn", actorType: User }, 
              resource: "searchdomain/aK9GKAsTnMXfRxT8Fpecx3fX", 
              permissionSet: {permissionSetType: RoleId, 
              values: [ "wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB" ] } } ] ) 
   {... on User {username} }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
   assignPermissionsForResources(input: [
    {actor: { actorId: \"DDKkhSA4j5vf1qbcNwes9ywn\", actorType: User }, 
              resource: \"searchdomain/aK9GKAsTnMXfRxT8Fpecx3fX\", 
              permissionSet: {permissionSetType: RoleId, 
              values: [ \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\" ] } } ] ) 
   {... on User {username} }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
   assignPermissionsForResources(input: [
    {actor: { actorId: \"DDKkhSA4j5vf1qbcNwes9ywn\", actorType: User }, 
              resource: \"searchdomain/aK9GKAsTnMXfRxT8Fpecx3fX\", 
              permissionSet: {permissionSetType: RoleId, 
              values: [ \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\" ] } } ] ) 
   {... on User {username} }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
   assignPermissionsForResources(input: [ ^
    {actor: { actorId: \"DDKkhSA4j5vf1qbcNwes9ywn\", actorType: User },  ^
              resource: \"searchdomain/aK9GKAsTnMXfRxT8Fpecx3fX\",  ^
              permissionSet: {permissionSetType: RoleId,  ^
              values: [ \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\" ] } } ] )  ^
   {... on User {username} } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
   assignPermissionsForResources(input: [
    {actor: { actorId: \"DDKkhSA4j5vf1qbcNwes9ywn\", actorType: User }, 
              resource: \"searchdomain/aK9GKAsTnMXfRxT8Fpecx3fX\", 
              permissionSet: {permissionSetType: RoleId, 
              values: [ \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\" ] } } ] ) 
   {... on User {username} }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "mutation {
   assignPermissionsForResources(input: [
    {actor: { actorId: \"DDKkhSA4j5vf1qbcNwes9ywn\", actorType: User }, 
              resource: \"searchdomain/aK9GKAsTnMXfRxT8Fpecx3fX\", 
              permissionSet: {permissionSetType: RoleId, 
              values: [ \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\" ] } } ] ) 
   {... on User {username} }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
   assignPermissionsForResources(input: [
    {actor: { actorId: \"DDKkhSA4j5vf1qbcNwes9ywn\", actorType: User }, 
              resource: \"searchdomain/aK9GKAsTnMXfRxT8Fpecx3fX\", 
              permissionSet: {permissionSetType: RoleId, 
              values: [ \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\" ] } } ] ) 
   {... on User {username} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
   assignPermissionsForResources(input: [
    {actor: { actorId: \"DDKkhSA4j5vf1qbcNwes9ywn\", actorType: User }, 
              resource: \"searchdomain/aK9GKAsTnMXfRxT8Fpecx3fX\", 
              permissionSet: {permissionSetType: RoleId, 
              values: [ \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\" ] } } ] ) 
   {... on User {username} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Given Datatypes

For PermissionAssignmentInputType, there are a few parameters:

Table: PermissionAssignmentInputType

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 19, 2024
`actor`	`ActorInput`	yes	`Preview`	The user or group to assign permissions. See `ActorInput`.
`permissionSet`	`PermissionSetInput`	yes	`Preview`	The set of permissions the given actor will gain for the resource. See `PermissionSetInput`.
`resource`	string	yes	`Preview`	Path of the resource for which the permissions are assigned. Can be either a search domain or a specific asset in a search domain. For examples, a search domain with ID 123 would be, "searchdomain/123". A dashboard with ID 321 in a search domain with ID 123 would be, "searchdomain/123/dashboard/321".

Returned Datatypes

The returned results are sets of users and groups. This is a union between two other datatypes: Group and User. The parameters for them are listed in the tables below:

Table: Group

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Apr 3, 2025
`allowedAssetActionsBySource`	multiple	yes	`Preview`	Get allowed asset actions for the group on a specific asset and explain how it has gotten this access The multiple datatype consists of `(assetId: string!, assetType: AssetPermissionsAssetType!, searchDomainId: string): GroupAssetActionsBySource!`. See `AssetPermissionsAssetType` `GroupAssetActionsBySource`.
`defaultQueryPrefix`	string		`Long-Term`	The default prefix for queries.
`defaultRole`	`role`		`Long-Term`	The default role associated with the group. See `role`.
`defaultSearchDomainCount`	integer	yes	`Long-Term`	The default search domain count.
`displayName`	string	yes	`Long-Term`	The display name of the group.
`id`	string	yes	`Long-Term`	The identifier of the group.
`lookupName`	string		`Long-Term`	The look-up name for the group.
`organizationRoles`	[`GroupOrganizationRole`]	yes	`Long-Term`	The roles of the organization associated with the group. See `GroupOrganizationRole`.
`permissionType`	`PermissionType`		`Long-Term`	Indicates which level of permissions the group contains. See `PermissionType`.
`queryPrefixes`	multiple		`Long-Term`	The query prefixes for the group. The multiple datatype consists of `queryPrefixes(onlyIncludeRestrictiveQueryPrefixes: boolean, onlyForRoleWithId: string): [QueryPrefixes]`. See `queryPrefixes`.
`roles`	[`SearchDomainRole`]	yes	`Long-Term`	The roles for the group See `SearchDomainRole`.
`searchAssetPermissions`	multiple	yes	`Preview`	Search for asset permissions for the group. This is a preview and subject to change. The datatype consists of `(searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction], includeUnassignedAssets: boolean): AssetPermissionSearchResultSet!`. See `AssetPermissionsAssetType` `AssetAction`, and `AssetPermissionSearchResultSet`.
`searchDomainCount`	integer	yes	`Long-Term`	The number of search domains for the group.
`searchDomainRoles`	multiple	yes	`Long-Term`	The search domain roles assigned to the group. The multiple datatype consists of (searchDomainId: string): [SearchDomainRole]. (see`SearchDomainRole`).
`searchDomainRolesByName`	multiple	yes	`Deprecated`	The search domain roles assigned to the group, by name. The multiple datatype consists of (searchDomainName: string): SearchDomainRole. See `SearchDomainRole`. When multiple roles per view is enabled, this field will return only the first of possibly multiple roles matching the name for the view. Use `roles`, `searchDomainRoles`, or `searchDomainRolesBySearchDomainName` fields instead. Will be removed at the earliest in version 1.195.
`searchDomainRolesBySearchDomainName`	string	yes	`Long-Term`	The domain roles by search domain name. The datatype consists of `(searchDomainName: string!): [SearchDomainRole!]`. See `SearchDomainRole`.
`searchUsers`	multiple		`Long-Term`	Used to search the list of users in the group. The datatype consists of `(searchFilter: string, skip: integer, limit: integer, sortBy: OrderByUserField, orderBy: OrderBy): UserResultSetType`. See `OrderByUserField`, `OrderBy`, `UserResultSetType`.
`systemRoles`	[`GroupSystemRole`]	yes	`Long-Term`	The system roles of the group (see `GroupSystemRole` Table).
`userCount`	integer	yes	`Long-Term`	The number of users that are part of the group.
`users`	[`User`]	yes	`Long-Term`	The list of users in the group. See `User`.

Table: User

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Mar 25, 2025
`allowedAssetActionsBySource`	multiple	yes	`Preview`	Get allowed asset actions for the user on a specific asset and explain how these actions have been granted. The multiple datatype consists of (assetId: string!, assetType: AssetPermissionsAssetType!, searchDomainId: string): [AssetActionsBySource]!. See `AssetPermissionsAssetType`, and `AssetActionsBySource`.
`allowedOrganizationActions`	[`OrganizationAction`]	yes	`Long-Term`	Returns the actions the user is allowed to perform in the organization. See `OrganizationAction`.
`allowedSystemActions`	[`SystemAction`]	yes	`Long-Term`	Returns the actions the user is allowed to perform in the system. See `SystemAction` Table.
`company`	string		`Long-Term`	The name of the company for the user account.
`countryCode`	string		`Long-Term`	The two-letter ISO 3166-1 Alpha-2 code for the country of residence (e.g., us).
`createdAt`	datetime	yes	`Long-Term`	The data and time the account was created.
`displayName`	string	yes	`Long-Term`	The value of the fullName if used, otherwise the username.
`email`	string		`Long-Term`	The user account's email address for communications from LogScale.
`firstName`	string		`Long-Term`	The user's actual first name (e.g., Bob). Don't use with fullName.
`fullName`	string		`Long-Term`	The user's full name (e.g., Bob Smith). Don't use if using other name parameters.
`groups`	[`group`]	yes	`Long-Term`	The groups of which the user is a member. See `group`.
`groupSearchDomainRoles`	[`GroupSearchDomainRole`]	yes	`Long-Term`	The group search domain roles. See `GroupSearchDomainRole`.
`groupsV2`	multiple		`Preview`	The groups of which the user is a member. This is a preview and subject to change. The multiple datatype consists of (search: string, typeFilter: [PermissionType], limit: integer, skip: integer, searchInRoles: boolean): GroupResultSetType. See `PermissionType`, and `GroupResultSetType`.
`id`	string	yes	`Long-Term`	The identifier or token for the user.
`isOrgRoot`	boolean	yes	`Long-Term`	Whether the organization is granted root access.
`isRoot`	boolean	yes	`Long-Term`	Whether the user account is granted root access.
`lastName`	string		`Long-Term`	The user's actual last name or family name (e.g., Smith). Don't use with fullName.
`permissions`	multiple	yes	`Long-Term`	Permissions of the user. The multiple datatype consists of (viewName: string): [UserPermissions]. See `UserPermissions`.
`permissionsPage`	multiple	yes	`Deprecated`	A page of user permissions. The multiple datatype consists of (search: string, pageNumber: integer, pageSize: integer): UserPermissionsPage. See `UserPermissionsPage`. This field is no longer used. It will be removed at the earliest in version 1.208.
`phoneNumber`	string		`Long-Term`	The telephone number for LogScale to use for telephone text messages.
`picture`	string		`Long-Term`	File name of an image file for the account.
`searchAssetPermissions`	multiple		`Preview`	Search for asset permissions for the user. This is a preview and subject to change. The multiple datatype consists of (searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction], searchDomainIds: [string], permissions: [AssetAction!]): AssetPermissionSearchResultSet. See `AssetPermissionsAssetType`, `AssetPermissionInputEnum`, and `AssetPermissionSearchResultSet`.
`searchDomainRoles`	multiple		`Long-Term`	The search domain roles assigned to the user. The multiple datatype consists of (searchDomainId: string): [SearchDomainRole]. See `SearchDomainRole`.
`searchDomainRolesByName`	multiple	yes	`Deprecated`	The search domain roles for the user, by name. The multiple datatype consists of (searchDomainName: string): SearchDomainRole. See `SearchDomainRole`. This is deprecated because when multiple roles per view is enabled, this field will return only the first of possibly multiple roles matching the name for the view. Therefore, use instead searchDomainRoles or searchDomainRolesBySearchDomainName.
`searchDomainRolesBySearchDomainName`	multiple		`Long-Term`	The search domain roles assigned to the user by search domain name. The multiple datatype consists of (searchDomainName: string): [SearchDomainRole]. See `SearchDomainRole`.
`stateCode`	string		`Long-Term`	The two-letter, ISO 3166-2 country sub-division code for the state of residence (e.g., ny).
`rolesV2`	multiple		`Preview`	The roles assigned to the user through a group. This is a preview and subject to change. The multiple datatype consists of (search: string, typeFilter: [PermissionType], limit: integer, skip: integer, searchInGroups: boolean): RolesResultSetType. See `PermissionType`, and `RolesResultSetType`.
`username`	string	yes	`Long-Term`	The user name for the account.
`userOrGroupSearchDomainRoles`	multiple	yes	`Long-Term`	The user or group search domain roles. The multiple datatype consists of (search: string, skip: integer, limit: integer, totalSearchDomains: integer): UserOrGroupSearchDomainRoleResultSet. See `UserOrGroupSearchDomainRoleResultSet`.

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes