rolesInOrgForChangingUserAccess()

API Stability Long-Term

The rolesInOrgForChangingUserAccess() GraphQL query field is used to get defined roles in an organization for a user.

Related to this query, there is the role(). query for getting information on a specific role. There are also the roles and rolesPage() queries for getting a list of roles.

There are also the mutations createRole(), and removeRole() for creating and removing a role. And there is the mutation updateDefaultRole() for updating the default role for a group.

For more information on roles in LogScale, see the Manage Users and Permissions documentation page. You may also want to look at the Manage Users and Permissions page for related information.

Syntax

graphql

rolesInOrgForChangingUserAccess(
     searchDomainId: string!
   ): [Role]!

There is no special input datatype for this query field. You'll need to provide the unique identifier for searchDomainId. If you don't know this, you can first use the searchDomains() query

For the results, you can request plenty of details about each role. See the Returned Datatype section further down this page for more information on this.

Example

Below is an example of how this query field might be used:

Raw

graphql

query {
   rolesInOrgForChangingUserAccess(
      searchDomainId: "abc123"
   ) 
   { id, displayName, usersCount }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
   rolesInOrgForChangingUserAccess(
      searchDomainId: \"abc123\"
   ) 
   { id, displayName, usersCount }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
   rolesInOrgForChangingUserAccess(
      searchDomainId: \"abc123\"
   ) 
   { id, displayName, usersCount }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
   rolesInOrgForChangingUserAccess( ^
      searchDomainId: \"abc123\" ^
   )  ^
   { id, displayName, usersCount } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
   rolesInOrgForChangingUserAccess(
      searchDomainId: \"abc123\"
   ) 
   { id, displayName, usersCount }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
   rolesInOrgForChangingUserAccess(
      searchDomainId: \"abc123\"
   ) 
   { id, displayName, usersCount }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
   rolesInOrgForChangingUserAccess(
      searchDomainId: \"abc123\"
   ) 
   { id, displayName, usersCount }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
   rolesInOrgForChangingUserAccess(
      searchDomainId: \"abc123\"
   ) 
   { id, displayName, usersCount }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "rolesInOrgForChangingUserAccess": [
      {
        "id": "def456",
        "displayName": "Admin",
        "usersCount": 1
      },
      {
        "id": "hij789",
        "displayName": "Member",
        "usersCount": 14
      }
    ]
  }
}

Returned Datatype

The returned datatype allows for many parameters and sub-parameters since it's a core datatype. The table below lists them along with links to sub-parameters:

Table: Role

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Aug 21, 2025
color	string		`Deprecated`	The color associated with the role. However, role colors are no longer used. This parameter will be removed at the earliest in version 1.195.
description	string		`Long-Term`	A description of the role.
displayName	string	yes	`Long-Term`	The display name of the role.
groups	[Group]	yes	`Long-Term`	The groups related to the role. See Group.
groupsCount	integer	yes	`Long-Term`	The number of groups related to the role.
groupsV2(search: string, userId: string, searchInRoles: boolean, onlyIncludeGroupsWithRestrictiveQueryPrefix: boolean, limit: integer, skip: integer): GroupResultSetType	multiple	yes	`Long-Term`	The groups related to the role. See GroupResultSetType.
id	string	yes	`Long-Term`	The unique identifier for the role.
organizationManagementPermissions	[OrganizationManagementPermission]	yes	`Long-Term`	The organization management permissions given to the role. See OrganizationManagementPermission.
organizationPermissions	[OrganizationPermission]	yes	`Long-Term`	The organization permissions given to the role. See OrganizationPermission.
readonlyDefaultRole	ReadonlyDefaultRole		`Preview`	The read-only default role. This parameter is a preview and subject to change. See ReadonlyDefaultRole.
systemPermissions	[SystemPermission]	yes	`Long-Term`	The system permissions given to the role. See SystemPermission.
users	[User]	yes	`Long-Term`	A list of users assigned the role. See User.
usersCount	integer	yes	`Long-Term`	The number of users assigned the role.
viewPermissions	[Permission]	yes	`Long-Term`	The view permissions given to the role. See Permission.

Versions of this Page

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes