The searchAssetPermissions() GraphQL query to search asset permissions assigned to groups and users. This is a preview and subject to change.

Syntax

Below is the syntax for the searchAssetPermissions() query field:

graphql
searchAssetPermissions(
      assetId: string!, assetTypes: [AssetPermissionsAssetType!], 
      searchDomainName: string, searchFilter: string, 
      skip: integer, limit: integer, userIds: [string!], 
      groupIds: [string!]
   ): AssetPermissionSearchResultSet!

Below is an example using this query field:

Raw
graphql
query {
  searchAssetPermissions(searchDomainName: "humio", 
                         assetId:"LLF8JldGGP6tVspPuRtifX7ZGiHveGV",
                         userIds: ["Gnam4KWNEr3fdFUiFHh7NaJI", 
                                   "jSl8Iz25KhDiPQzXYE6YDetG"] )
     { totalResults, results{assetType} }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  searchAssetPermissions(searchDomainName: \"humio\",  ^
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\", ^
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\",  ^
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] ) ^
     { totalResults, results{assetType} } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}'
"$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  searchAssetPermissions(searchDomainName: \"humio\", 
                         assetId:\"LLF8JldGGP6tVspPuRtifX7ZGiHveGV\",
                         userIds: [\"Gnam4KWNEr3fdFUiFHh7NaJI\", 
                                   \"jSl8Iz25KhDiPQzXYE6YDetG\"] )
     { totalResults, results{assetType} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "searchAssetPermissions": {
      "totalResults": 2,
      "results": [
        {
          "assetType": "FilterAlert"
        },
        {
          "assetType": "FilterAlert"
        }
      ]
    }
  }
}

Given Datatype

For AssetPermissionsAssetType, there are a few choices:

Table: AssetPermissionsAssetType

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 13, 2024
Actionboolean  The asset permission is related to an action.
AggregateAlertboolean  The asset permission is related to an aggregate alert.
Dashboardboolean  The asset permission is related to a dashboard.
Fileboolean  The asset permission is related to a file.
FilterAlertboolean  The asset permission is related to a filter alert.
LegacyAlertboolean  The asset permission is related to a legacy alert.
SavedQueryboolean  The asset permission is related to a saved query.
ScheduledReportboolean  The asset permission is related to a scheduled report.
ScheduledSearchboolean  The asset permission is related to a scheduled search.

Returned Datatype

For AssetPermissionSearchResultSet, there are a couple parameters. They're listed here along with descriptions:

Table: AssetPermissionSearchResultSet

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 23, 2024
results[SearchAssetPermissionsResultEntry]yes The paginated result set. See SearchAssetPermissionsResultEntry.
totalResultsintegeryes The total number of matching results