groupsAndUsersWithPermissionsOnAsset()

API Stability Short-Term

The groupsAndUsersWithPermissionsOnAsset() GraphQL query is used to search groups and users that have permission for certain assets.

For more a broader query, use the groupsPage(). To search a specific group, use the group() query or the groupByDisplayName() query.

Syntax

graphql

groupsAndUsersWithPermissionsOnAsset(
      searchDomainName: string!, 
      assetType: AssetPermissionsAssetType!, 
      assetId: string!, 
      includeEmptyPermissionSet: boolean!,
      searchFilter: string, 
      groupsOrUsersFilters: [GroupsOrUsersFilter], 
      orderBy: OrderBy,
      limit: integer, 
      skip: integer
   ): UserOrGroupAssetPermissionSearchResultSet

There are a few required input parameters. For the searchDomainName, enter the name of the search domain to search. For assetType, you'll have to choose from an enumerated list (see the Given Datatype section). You'll have to give the unique identifier for the assetId, but for files, use the name of the file. If includeEmptyPermissionSet is set to true, users and groups that don't have access to the asset will be included.

There are also a few input parameters that you can include that aren't required. Use searchFilter to limit searching to users and groups with names that include given text. Use the groupsOrUsersFilters parameter to limit results to either Groups or Users. The remaining optional parameters are used to order and limit the results in general.

For the returned results, you can get a list of asset permissions for the users and groups found. This will involve several sub-parameters, which are described in the Returned Datatype section further down this page.

Example

Below is an example of this query field with a few values requested:

Raw

graphql

query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: "humio",
    assetType: SavedQuery,
    assetId: "1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
	groupsAndUsersWithPermissionsOnAsset( ^
    searchDomainName: \"humio\", ^
    assetType: SavedQuery, ^
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\", ^
    groupsOrUsersFilters: Users, ^
    includeEmptyPermissionSet: false ^
  ) ^
  { totalResults  } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
	groupsAndUsersWithPermissionsOnAsset(
    searchDomainName: \"humio\",
    assetType: SavedQuery,
    assetId: \"1S2bN2y5JwrzP6wEHHAQtL7bicF8mS0Y\",
    groupsOrUsersFilters: Users,
    includeEmptyPermissionSet: false
  )
  { totalResults  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "groupsAndUsersWithPermissionsOnAsset": {
      "totalResults": 0
    }
  }
}

Given Datatypes

There are a couple of given datatypes for this query. One allows you to limit the search for users and groups to those with access to the type of asset. Your choices for this are listed in the table here:

Table: AssetPermissionsAssetType

Parameter	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 30, 2025
Action	`Short-Term`	Set to this option if the asset permission is related to an action.
AggregateAlert	`Short-Term`	Set to this if asset permission is related to an aggregate alert.
Dashboard	`Short-Term`	Set if asset permission is related to a dashboard.
File	`Short-Term`	Set this option if related to a file.
FilterAlert	`Short-Term`	Used to indicate the asset permission is related to a filter alert.
LegacyAlert	`Short-Term`	Used if related to a legacy alert.
SavedQuery	`Short-Term`	The asset permission is related to a saved query.
ScheduledReport	`Short-Term`	Indicates the asset permission is related to a scheduled report.
ScheduledSearch	`Short-Term`	The asset permission is related to a scheduled search.

The other input datatype is a simple one. You have the choice of restricting searching to either groups or users.

Table: GroupsOrUsersFilter

Parameter	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Feb 3, 2026
Groups	`Short-Term`	Filter and limit query based on a group.
Users	`Short-Term`	Choose this option to filter based on a user.

Returned Datatype

The returned datatype, by way of a few sub-parameters, is used to get a list of asset permissions for the groups found. The table below shows a couple of parameters, but you'll have to click on the special datatype it uses to see the sub-parameters, which will lead you to more special datatypes.

Table: UserOrGroupAssetPermissionSearchResultSet

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Aug 21, 2025
results	[UserOrGroupTypeAndPermissions]	yes	`Short-Term`	The paginated result set. See UserOrGroupTypeAndPermissions.
totalResults	integer	yes	`Short-Term`	The total number of matching results.

Versions of this Page

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes