Get resource users

curl --request GET \
  --url https://api.opal.dev/v1/resources/{resource_id}/users \
  --header 'Authorization: Bearer <token>'

{
  "results": [
    {
      "full_name": "Jake Barnes",
      "user_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
      "resource_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
      "expiration_date": "2022-01-23T04:56:07.000Z",
      "email": "[email protected]",
      "has_direct_access": true,
      "num_access_paths": 2
    },
    {
      "full_name": "Brett Ashley",
      "user_id": "7646aa9a-e2ee-4eb5-8c62-91f29038a373",
      "resource_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
      "expiration_date": "2022-02-03T12:33:02.000Z",
      "email": "[email protected]",
      "has_direct_access": true,
      "num_access_paths": 3
    }
  ]
}

GET

resources

{resource_id}

users

Get resource users

curl --request GET \
  --url https://api.opal.dev/v1/resources/{resource_id}/users \
  --header 'Authorization: Bearer <token>'

{
  "results": [
    {
      "full_name": "Jake Barnes",
      "user_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
      "resource_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
      "expiration_date": "2022-01-23T04:56:07.000Z",
      "email": "[email protected]",
      "has_direct_access": true,
      "num_access_paths": 2
    },
    {
      "full_name": "Brett Ashley",
      "user_id": "7646aa9a-e2ee-4eb5-8c62-91f29038a373",
      "resource_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
      "expiration_date": "2022-02-03T12:33:02.000Z",
      "email": "[email protected]",
      "has_direct_access": true,
      "num_access_paths": 3
    }
  ]
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

resource_id

string<uuid>

required

The ID of the resource.

Query Parameters

limit

integer

Limit the number of results returned.

Response

200 - application/json

List of users with access to this resource.

string | null

The cursor with which to continue pagination if additional result pages exist.

Example:

"cD0yMDIxLTAxLTA2KzAzJTNBMjQlM0E1My40MzQzMjYlMkIwMCUzQTAw"

string | null

The cursor used to obtain the current result page.

Example:

"cj1sZXdwd2VycWVtY29zZnNkc2NzUWxNMEUxTXk0ME16UXpNallsTWtJ"

results

object[]

Show child attributes

results.resource_id

string<uuid>

required

The ID of the resource.

Example:

"1b978423-db0a-4037-a4cf-f79c60cb67b3"

results.user_id

string<uuid>

required

The ID of the user.

Example:

"29827fb8-f2dd-4e80-9576-28e31e9934ac"

results.access_level

object

required

Access Level Object

Description

The AccessLevel object is used to represent the level of access that a principal has. The "default" access level is a AccessLevel object whose fields are all empty strings.

Usage Example

View the AccessLevel of a resource/user or resource/group pair to see the level of access granted to the resource.

Show child attributes

results.access_level.access_level_name

string

required

The human-readable name of the access level.

Example:

"AdminRole"

results.access_level.access_level_remote_id

string

required

The machine-readable identifier of the access level.

Example:

"arn:aws:iam::590304332660:role/AdministratorAccess"

Example:

{
  "access_level_name": "AdminRole",
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}

results.full_name

string

required

The user's full name.

Example:

"Jake Barnes"

results.email

string

required

The user's email.

Example:

"[email protected]"

results.has_direct_access

boolean

required

The user has direct access to this resources (vs. indirectly, like through a group).

Example:

true

results.num_access_paths

integer<int32>

required

The number of ways in which the user has access through this resource (directly and indirectly).

Example:

3

results.resource_name

string

The name of the resource.

Example:

"AdministratorAccess"

results.description

string

The description of the resource.

Example:

"Full access to all resources and settings."

results.expiration_date

string<date-time> | null

The day and time the user's access will expire.

Example:

"2022-01-23T04:56:07.000Z"

results.propagation_status

object

The state of whether the push action was propagated to the remote system. If this is null, the access was synced from the remote system.

Show child attributes

results.propagation_status.status

enum<string>

required

The status of whether the user has been synced to the group or resource in the remote system.

Available options:

SUCCESS,

ERR_REMOTE_INTERNAL_ERROR,

ERR_REMOTE_USER_NOT_FOUND,

ERR_REMOTE_USER_NOT_LINKED,

ERR_REMOTE_RESOURCE_NOT_FOUND,

ERR_REMOTE_THROTTLE,

ERR_NOT_AUTHORIZED_TO_QUERY_RESOURCE,

ERR_REMOTE_PROVISIONING_VIA_IDP_FAILED,

ERR_IDP_EMAIL_UPDATE_CONFLICT,

ERR_TIMEOUT,

ERR_UNKNOWN,

ERR_OPAL_INTERNAL_ERROR,

ERR_ORG_READ_ONLY,

ERR_OPERATION_UNSUPPORTED,

PENDING,

PENDING_MANUAL_PROPAGATION,

PENDING_TICKET_CREATION,

ERR_TICKET_CREATION_SKIPPED,

ERR_DRY_RUN_MODE_ENABLED,

ERR_HR_IDP_PROVIDER_NOT_LINKED,

ERR_REMOTE_UNRECOVERABLE_ERROR

Example:

["SUCCESS"]

Get resources non human identities Post resources non human identities

⌘I

API Concepts

SDKs

Opal API

Get resource users

Authorizations

Path Parameters

Query Parameters

Response

Access Level Object

Description

Usage Example