Skip to main content

List Grants for a Subject

Available since
  • v5.4.2 and later

Endpoint: GET /api/auth/subjects/{subjectType}/{subjectId}/grants

Lists all per-instance resource grants for a user, group, or role. Available for admin-only, unless the caller is listing their own grants.

Path parameters

ParameterDescriptionTypeRequired/ Optional
subjectTypeThe type of subject being granted access. Supported values:
  • USER: A user in Orkes Conductor.
  • ROLE: A system/custom role.
  • GROUP: A group in Orkes Conductor.
stringRequired.
subjectIdThe unique identifier of the subject (e.g., user email, role name, or group name).stringRequired.

Query parameters

ParameterDescriptionTypeRequired/ Optional
resourceTypeThe resource type for which access grants are being retrieved. Supported values:
  • WORKFLOW
  • WORKFLOW_DEF
  • WORKFLOW_SCHEDULE
  • EVENT_HANDLER
  • TASK_DEF
  • TASK_REF_NAME
  • TASK_ID
  • APPLICATION
  • USER
  • SECRET_NAME
  • ENV_VARIABLE
  • TAG
  • DOMAIN
  • INTEGRATION_PROVIDER
  • INTEGRATION
  • PROMPT
  • USER_FORM_TEMPLATE
  • SCHEMA
  • CLUSTER_CONFIG
  • WEBHOOK
  • API_GATEWAY_SERVICE
  • API_GATEWAY_SERVICE_ROUTE
  • AUTH_CONFIG
  • GROUP
  • ROLE
  • SERVICE_REGISTRY
stringOptional.

Response

Returns a list of per-instance resource grants for the subject.

Examples

List grants for a subject

Request

curl -X 'GET' \
'https://<YOUR-SERVER-URL>/api/auth/subjects/USER/jane.doe%40acme.com/grants?resourceType=SECRET_NAME' \
-H 'accept: application/json' \
-H 'X-Authorization: <TOKEN>'

Response

[
{
"target": {
"type": "SECRET_NAME",
"id": "API_KEY_NEURO"
},
"access": [
"READ",
"DELETE",
"CREATE",
"EXECUTE",
"UPDATE"
]
}
]