groupsAndUsersWithPermissionsOnAsset()

API Stability	`Preview`

The groupsAndUsersWithPermissionsOnAsset() GraphQL query is used to search groups and users with permissions on the asset.

Syntax

Below is the syntax for the groupsAndUsersWithPermissionsOnAsset() query field:

graphql

groupsAndUsersWithPermissionsOnAsset(
      searchDomainName: string!, 
      assetType: AssetPermissionsAssetType!, 
      assetId: string!, 
      searchFilter: string, 
      groupsOrUsersFilters: [GroupsOrUsersFilter!], 
      limit: integer, 
      skip: integer, 
      orderBy: OrderBy, 
      includeEmptyPermissionSet: boolean!
   ): UserOrGroupAssetPermissionSearchResultSet!

searchDomainName is the name of the search domain to search. For files, use the name of the file. For assetTypes (see Given Datatypes below). If includeEmptyPermissionSet is set to true, users and groups that don't have access to the asset will be included.

Below is an example of this query field with a few values requested:

Show:

graphql

query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: "humio",
    assetType: SavedQuery,
    assetId: "1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}
EOF

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
	groupsAndUsersWithPermissionsOnAsset( ^
    searchDomainName: \"humio\", ^
    assetType: SavedQuery, ^
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\", ^
    groupsOrUsersFilters: Users, ^
    includeEmptyPermissionSet: false ^
  ) ^
  { totalResults  } ^
}" ^
} '

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Show:

json

{
  "data": {
    "groupsAndUsersWithPermissionsOnAsset": {
      "totalResults": 0
    }
  }
}

Given Datatypes

AssetPermissionsAssetType is an enumerated list of choices.

Table: AssetPermissionsAssetType

Parameter	Type	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 13, 2024
`Action`	boolean	`Preview`	The asset permission is related to an action.
`AggregateAlert`	boolean	`Preview`	The asset permission is related to an aggregate alert.
`Dashboard`	boolean	`Preview`	The asset permission is related to a dashboard.
`File`	boolean	`Preview`	The asset permission is related to a file.
`FilterAlert`	boolean	`Preview`	The asset permission is related to a filter alert.
`LegacyAlert`	boolean	`Preview`	The asset permission is related to a legacy alert.
`SavedQuery`	boolean	`Preview`	The asset permission is related to a saved query.
`ScheduledReport`	boolean	`Preview`	The asset permission is related to a scheduled report.
`ScheduledSearch`	boolean	`Preview`	The asset permission is related to a scheduled search.

GroupsOrUsersFilter is an enumerated list of two choices:

Table: GroupsOrUsersFilter

Parameter	Type	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Feb 27, 2025
`User`	boolean	`Preview`	Whether the filter is based on a user.
`Group`	boolean	`Preview`	Whether the filter is based on a group.

Returned Datatypes

The returned datatype UserOrGroupAssetPermissionSearchResultSet has a couple of parameters, and some sub-parameters. Below is a list of them:

Table: UserOrGroupAssetPermissionSearchResultSet

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Mar 3, 2025
`results`	[`UserOrGroupTypeAndPermissions`]	yes	`Preview`	The paginated result set. See `UserOrGroupTypeAndPermissions`.
`totalResults`	integer	yes	`Preview`	The total number of matching results.

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes