user()

API Stability Long-Term

The user() GraphQL query returns information on a user for a given ID.

Related to this query field are the users(), usersPage() queries to get a list of users, and usersAndGroupsForChangingUserAccess() to get information on users and groups for changing access.

There are also a few mutations related to this query: addUserV2() for adding a user; updateUser() and updateUserById() for changing a user's information; and removeUser() and removeUserById() for deleting a user account.

For more information on user authorization, see the Manage Users and Permissions documentation page.

Syntax

graphql

user(
     id: string!
   ): User

For the input, you'll have to provide the unique identifier for a user account. To get this, though, you can use the users() query. For the results, you can usually get plenty of data on the user (e.g., names, email address, whether the user has root access). See the Returned Datatypes section for details.

Example

Below is an example of how this query field might be used:

Raw

graphql

query{
  user(id: "abc123") 
   { username, displayName, email }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query{
  user(id: \"abc123\") 
   { username, displayName, email }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query{
  user(id: \"abc123\") 
   { username, displayName, email }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query{ ^
  user(id: \"abc123\")  ^
   { username, displayName, email } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query{
  user(id: \"abc123\") 
   { username, displayName, email }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query{
  user(id: \"abc123\") 
   { username, displayName, email }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query{
  user(id: \"abc123\") 
   { username, displayName, email }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query{
  user(id: \"abc123\") 
   { username, displayName, email }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "user": {
      "username": "bob",
      "displayName": "Bob Newhart",
      "email": "bob@company.com"
    }
  }
}

In this example, the username , displayName, and email address are requested. You could request many more fields in the same way.

Returned Datatype

With the returned datatype, you can get the user's name, their email address, whether they have root access, a list of roles assigned to them, etc. Below is a list of parameters you can request:

Table: User

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 30, 2025
allowedAssetActionsBySource(assetId: string, assetType: AssetPermissionsAssetType, searchDomainId: string): [AssetActionsBySource]	multiple	yes	`Short-Term`	Get allowed asset actions for the user on a specific asset and explain how these actions have been granted. See AssetPermissionsAssetType , and AssetActionsBySource.
allowedOrganizationActions	[OrganizationAction]	yes	`Long-Term`	Returns the actions the user is allowed to perform in the organization. See OrganizationAction .
allowedSystemActions	[SystemAction]	yes	`Long-Term`	Returns the actions the user is allowed to perform in the system. See SystemAction Table.
company	string		`Long-Term`	The name of the company for the user account.
countryCode	string		`Long-Term`	The two-letter ISO 3166-1 Alpha-2 code for the country of residence (e.g., us).
createdAt	datetime	yes	`Long-Term`	The data and time the account was created.
displayName	string	yes	`Long-Term`	The value of the fullName if used, otherwise the username.
email	string		`Long-Term`	The user account's email address for communications from LogScale.
firstName	string		`Long-Term`	The user's actual first name (e.g., Bob). Don't use with fullName.
fullName	string		`Long-Term`	The user's full name (e.g., Bob Smith). Don't use if using other name parameters.
groups	[Group]	yes	`Long-Term`	The groups of which the user is a member. See Group.
groupSearchDomainRoles	[GroupSearchDomainRole]	yes	`Long-Term`	The group search domain roles. See GroupSearchDomainRole.
groupsV2(search: string, typeFilter: [PermissionType], limit: integer, skip: integer, searchInRoles: boolean): GroupResultSetType	multiple		`Short-Term`	The groups of which the user is a member. This is a preview and subject to change. The default for skip is 0, and limit is 50. See PermissionType , and GroupResultSetType.
id	string	yes	`Long-Term`	The identifier or token for the user.
isOrgRoot	boolean	yes	`Long-Term`	Whether the organization is granted organization ownership.
isRoot	boolean	yes	`Long-Term`	Whether the user account is granted root access.
lastName	string		`Long-Term`	The user's actual last name or family name (e.g., Smith). Don't use with fullName.
permissions(viewName: string): [UserPermissions]	multiple	yes	`Long-Term`	Permissions of the user. See UserPermissions.
permissionsPage(search: string, pageNumber: integer, pageSize: integer): UserPermissionsPage	multiple	yes	`Deprecated`	A page of user permissions. See UserPermissionsPage. This field is no longer used. It will be removed at the earliest in version 1.208.
phoneNumber	string		`Long-Term`	The telephone number for LogScale to use for telephone text messages.
picture	string		`Long-Term`	File name of an image file for the account.
rolesV2(search: string, typeFilter: [PermissionType], limit: integer, skip: integer, searchInGroups: boolean): RolesResultSetType	multiple		`Short-Term`	The roles assigned to the user through a group. The default for skip is 0, and limit is 50. See PermissionType , and RolesResultSetType.
searchAssetPermissions(searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction]): AssetPermissionSearchResultSet	multiple		`Short-Term`	Search for asset permissions for the user. This is a preview and subject to change. The default for skip is 0, limit is 50, and OrderBy is ASC. See AssetPermissionsAssetType , AssetAction , and AssetPermissionSearchResultSet.
searchDomainRoles(searchDomainId: string): [SearchDomainRole]	multiple		`Long-Term`	The search domain roles assigned to the user. See SearchDomainRole.
searchDomainRolesByName(searchDomainName: string): SearchDomainRole	multiple	yes	`Deprecated`	The search domain roles for the user, by name. See SearchDomainRole. This field is deprecated because when multiple roles per view is enabled, it will return only the first of possibly multiple roles matching the name for the view. Use instead searchDomainRoles or searchDomainRolesBySearchDomainName.
searchDomainRolesBySearchDomainName(searchDomainName: string): [SearchDomainRole]	multiple		`Long-Term`	The search domain roles assigned to the user by search domain name. See SearchDomainRole.
stateCode	string		`Long-Term`	The two-letter, ISO 3166-2 country sub-division code for the state of residence (e.g., ny).
username	string	yes	`Long-Term`	The user name for the account.
userOrGroupSearchDomainRoles(search: string, skip: integer, limit: integer): UserOrGroupSearchDomainRoleResultSet	multiple	yes	`Long-Term`	The user or group search domain roles. The default for skip is 0, and limit is 50. See UserOrGroupSearchDomainRoleResultSet.

Versions of this Page

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes

user()

Syntax

Example

Returned Datatype

Terminology

Enter search term