The searchAssetPermissions() GraphQL query to search asset permissions assigned to groups and users. This is a preview and subject to change.

Syntax

Below is the syntax for the searchAssetPermissions() query field:

graphql
searchAssetPermissions(
      assetId: string!, assetTypes: [AssetPermissionsAssetType!], 
      searchDomainName: string, searchFilter: string, 
      skip: integer, limit: integer, userIds: [string!], 
      groupIds: [string!]
   ): AssetPermissionSearchResultSet!

Below is an example using this query field:

Raw
graphql
query {
  searchAssetPermissions(searchDomainName: "humio", 
                         assetId:"LLF8JldGGP6tVspPuRtifX7ZGiHveGV",
                         userIds: ["Gnam4KWNEr3fdFUiFHh7NaJI", 
                                   "jSl8Iz25KhDiPQzXYE6YDetG"] )
     { totalResults, results{assetType} }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  searchAssetPermissions(searchDomainName: \"humio\",  ^
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\", ^
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\",  ^
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] ) ^
     { totalResults, results{assetType} } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}'
"$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "searchAssetPermissions": {
      "totalResults": 2,
      "results": [
        {
          "assetType": "FilterAlert"
        },
        {
          "assetType": "FilterAlert"
        }
      ]
    }
  }
}

Given Datatype

For AssetPermissionsAssetType, there are a few choices:

Table: AssetPermissionsAssetType

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Actionboolean  The asset permission is related to an action.
AggregateAlertboolean  The asset permission is related to an aggregate alert.
Dashboardboolean  The asset permission is related to a dashboard.
Fileboolean  The asset permission is related to a file.
FilterAlertboolean  The asset permission is related to a filter alert.
LegacyAlertboolean  The asset permission is related to a legacy alert.
SavedQueryboolean  The asset permission is related to a saved query.
ScheduledReportboolean  The asset permission is related to a scheduled report.
ScheduledSearchboolean  The asset permission is related to a scheduled search.

Returned Datatype

For AssetPermissionSearchResultSet, there are a couple parameters. They're listed here along with descriptions:

Table: AssetPermissionSearchResultSet

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 23, 2024
results[SearchAssetPermissionsResultEntry]yes The paginated result set. See SearchAssetPermissionsResultEntry.
totalResultsintegeryes The total number of matching results