Collibra Data Access GraphQL API
The Collibra Data Access GraphQL API allows you to fetch and manipulate all entities in the Data Access application
API Endpoints
https://<your_collibra_url>/data-access/queryQueries
accessControl
Description
Retrieves a single access control by its ID.
Response
Returns an AccessControlResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
query accessControl($id: ID!) {
accessControl(id: $id) {
... on AccessControl {
...AccessControlFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": 4}
Response
{"data": {"accessControl": AccessControl}}
accessControls
Description
Retrieves a paginated list of access controls.
Response
Returns an AccessControlConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - AccessControlFilterInput
|
|
order - [AccessControlOrderByInput!]
|
Example
Query
query accessControls(
$after: String,
$limit: Int,
$filter: AccessControlFilterInput,
$order: [AccessControlOrderByInput!]
) {
accessControls(
after: $after,
limit: $limit,
filter: $filter,
order: $order
) {
... on AccessControlConnection {
...AccessControlConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "abc123",
"limit": 987,
"filter": AccessControlFilterInput,
"order": [AccessControlOrderByInput]
}
Response
{"data": {"accessControls": AccessControlConnection}}
accessRequest
Description
Retrieves a single access request by its ID.
Response
Returns an AccessRequestResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
query accessRequest($id: ID!) {
accessRequest(id: $id) {
... on AccessRequest {
...AccessRequestFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": 4}
Response
{"data": {"accessRequest": AccessRequest}}
accessRequests
Description
Retrieves a paginated list of access requests.
Response
Returns an AccessRequestConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - AccessRequestFilterInput
|
|
order - [AccessRequestOrderByInput!]
|
Example
Query
query accessRequests(
$after: String,
$limit: Int,
$filter: AccessRequestFilterInput,
$order: [AccessRequestOrderByInput!]
) {
accessRequests(
after: $after,
limit: $limit,
filter: $filter,
order: $order
) {
... on AccessRequestConnection {
...AccessRequestConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "abc123",
"limit": 987,
"filter": AccessRequestFilterInput,
"order": [AccessRequestOrderByInput]
}
Response
{"data": {"accessRequests": AccessRequestConnection}}
account
Description
Retrieves a single account by its ID.
Example
Query
query account($id: ID!) {
account(id: $id) {
id
accountName
name
email
createdAt
modifiedAt
deleted
tags {
... on TagConnection {
...TagConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
user {
...UserFragment
}
dataSource {
...DataSourceFragment
}
}
}
Variables
{"id": 4}
Response
{
"data": {
"account": {
"id": 4,
"accountName": "abc123",
"name": "xyz789",
"email": "xyz789",
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"deleted": true,
"tags": TagConnection,
"user": User,
"dataSource": DataSource
}
}
}
accounts
Description
Retrieves a paginated list of accounts.
Response
Returns an AccountConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - AccountFilterInput
|
|
order - [AccountOrderByInput!]
|
Example
Query
query accounts(
$after: String,
$limit: Int,
$filter: AccountFilterInput,
$order: [AccountOrderByInput!]
) {
accounts(
after: $after,
limit: $limit,
filter: $filter,
order: $order
) {
... on AccountConnection {
...AccountConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "abc123",
"limit": 123,
"filter": AccountFilterInput,
"order": [AccountOrderByInput]
}
Response
{"data": {"accounts": AccountConnection}}
currentUser
Description
Retrieves the currently authenticated user.
Response
Returns a User
Example
Query
query currentUser {
currentUser {
id
name
email
collibraUid
type
createdAt
modifiedAt
numberOfAccounts {
...CountFragment
}
accounts {
... on AccountConnection {
...AccountConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
tags {
... on TagConnection {
...TagConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
allTags {
... on TagConnection {
...TagConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
numberOfDistinctAccess {
... on Count {
...CountFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
distinctAccess {
... on GroupedUserAccessReturnItemConnection {
...GroupedUserAccessReturnItemConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
accessControls {
... on AccessControlConnection {
...AccessControlConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
}
Response
{
"data": {
"currentUser": {
"id": 4,
"name": "abc123",
"email": "abc123",
"collibraUid": "abc123",
"type": "Human",
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"numberOfAccounts": Count,
"accounts": AccountConnection,
"tags": TagConnection,
"allTags": TagConnection,
"numberOfDistinctAccess": Count,
"distinctAccess": GroupedUserAccessReturnItemConnection,
"accessControls": AccessControlConnection
}
}
}
dataObject
Description
Retrieves a single data object by its ID.
Response
Returns a DataObject!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
query dataObject($id: ID!) {
dataObject(id: $id) {
id
name
fullName
description
type
objectType {
...DataObjectTypeFragment
}
deleted
dataType
ownerLock
createdAt
modifiedAt
applicablePermissions {
...PermissionFragment
}
tags {
... on TagConnection {
...TagConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
allTags {
... on TagConnection {
...TagConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
parent {
...DataObjectFragment
}
parents {
...DataObjectFragment
}
children {
... on DataObjectConnection {
...DataObjectConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
numberOfDistinctAccess {
... on Count {
...CountFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
distinctAccess {
... on GroupedDataAccessReturnItemConnection {
...GroupedDataAccessReturnItemConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
directDataSource {
...DataSourceFragment
}
dataSource {
...DataSourceFragment
}
owners {
... on User {
...UserFragment
}
... on AccessControl {
...AccessControlFragment
}
}
accessControls {
... on AccessControlConnection {
...AccessControlConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
catalogAsset {
... on CatalogAsset {
...CatalogAssetFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
}
}
}
Variables
{"id": 4}
Response
{
"data": {
"dataObject": {
"id": 4,
"name": "xyz789",
"fullName": "abc123",
"description": "xyz789",
"type": "xyz789",
"objectType": DataObjectType,
"deleted": false,
"dataType": "xyz789",
"ownerLock": false,
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"applicablePermissions": [Permission],
"tags": TagConnection,
"allTags": TagConnection,
"parent": DataObject,
"parents": [DataObject],
"children": DataObjectConnection,
"numberOfDistinctAccess": Count,
"distinctAccess": GroupedDataAccessReturnItemConnection,
"directDataSource": DataSource,
"dataSource": DataSource,
"owners": [User],
"accessControls": AccessControlConnection,
"catalogAsset": CatalogAsset
}
}
}
dataObjects
Description
Retrieves a paginated list of data objects.
Response
Returns a DataObjectConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - DataObjectFilterInput
|
|
order - [DataObjectOrderByInput!]
|
Example
Query
query dataObjects(
$after: String,
$limit: Int,
$filter: DataObjectFilterInput,
$order: [DataObjectOrderByInput!]
) {
dataObjects(
after: $after,
limit: $limit,
filter: $filter,
order: $order
) {
... on DataObjectConnection {
...DataObjectConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "xyz789",
"limit": 123,
"filter": DataObjectFilterInput,
"order": [DataObjectOrderByInput]
}
Response
{"data": {"dataObjects": DataObjectConnection}}
dataSource
Description
Retrieves a single data source by its ID.
Response
Returns a DataSourceResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
query dataSource($id: ID!) {
dataSource(id: $id) {
... on DataSource {
...DataSourceFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
... on AlreadyExistsError {
...AlreadyExistsErrorFragment
}
}
}
Variables
{"id": "4"}
Response
{"data": {"dataSource": DataSource}}
dataSources
Description
Retrieves a paginated list of data sources.
Response
Returns a DataSourceConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - DataSourceFilterInput
|
|
order - [DataSourceOrderByInput!]
|
Example
Query
query dataSources(
$after: String,
$limit: Int,
$filter: DataSourceFilterInput,
$order: [DataSourceOrderByInput!]
) {
dataSources(
after: $after,
limit: $limit,
filter: $filter,
order: $order
) {
... on DataSourceConnection {
...DataSourceConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "abc123",
"limit": 123,
"filter": DataSourceFilterInput,
"order": [DataSourceOrderByInput]
}
Response
{"data": {"dataSources": DataSourceConnection}}
grantCategories
Description
Retrieves a list of all grant categories.
Response
Returns [GrantCategory!]!
Example
Query
query grantCategories {
grantCategories {
id
createdAt
modifiedAt
isSystem
name
namePlural
description
icon
isDefault
canCreate
descriptionMandatory
allowDuplicateNames
multiDataSource
defaultTypePerDataSource {
...GrantCategoryTypeForDataSourceFragment
}
globalExceptions
allowedWhoItems {
...GrantCategoryAllowedWhoItemsFragment
}
allowedWhatItems {
...GrantCategoryAllowedWhatItemsFragment
}
nameRegEx
nameRegExMsg
namingHintRegEx
namingHintRegExMsg
locksOnCreate
}
}
Response
{
"data": {
"grantCategories": [
{
"id": "4",
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"isSystem": false,
"name": "abc123",
"namePlural": "abc123",
"description": "abc123",
"icon": "xyz789",
"isDefault": true,
"canCreate": true,
"descriptionMandatory": false,
"allowDuplicateNames": true,
"multiDataSource": false,
"defaultTypePerDataSource": [
GrantCategoryTypeForDataSource
],
"globalExceptions": true,
"allowedWhoItems": GrantCategoryAllowedWhoItems,
"allowedWhatItems": GrantCategoryAllowedWhatItems,
"nameRegEx": "xyz789",
"nameRegExMsg": "abc123",
"namingHintRegEx": "abc123",
"namingHintRegExMsg": "abc123",
"locksOnCreate": ["WhoLock"]
}
]
}
}
grantCategory
Description
Retrieves a single grant category by its ID.
Response
Returns a GrantCategoryResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
query grantCategory($id: ID!) {
grantCategory(id: $id) {
... on GrantCategory {
...GrantCategoryFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": 4}
Response
{"data": {"grantCategory": GrantCategory}}
grantCategoryByName
Description
Retrieves a single grant category by its name.
Response
Returns a GrantCategoryResult!
Arguments
| Name | Description |
|---|---|
name - String!
|
Example
Query
query grantCategoryByName($name: String!) {
grantCategoryByName(name: $name) {
... on GrantCategory {
...GrantCategoryFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"name": "abc123"}
Response
{"data": {"grantCategoryByName": GrantCategory}}
issues
Description
Retrieves the paginated list of issues.
Response
Returns an IssueConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - IssueFilterInput
|
|
order - [IssueOrderByInput!]
|
Example
Query
query issues(
$after: String,
$limit: Int,
$filter: IssueFilterInput,
$order: [IssueOrderByInput!]
) {
issues(
after: $after,
limit: $limit,
filter: $filter,
order: $order
) {
... on IssueConnection {
...IssueConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "abc123",
"limit": 123,
"filter": IssueFilterInput,
"order": [IssueOrderByInput]
}
Response
{"data": {"issues": IssueConnection}}
numberOfIssues
Description
Retrieves the number of issues matching the given filter.
Response
Returns a Count
Arguments
| Name | Description |
|---|---|
filter - IssueFilterInput
|
Example
Query
query numberOfIssues($filter: IssueFilterInput) {
numberOfIssues(filter: $filter) {
total
limitedCount
}
}
Variables
{"filter": IssueFilterInput}
Response
{
"data": {
"numberOfIssues": {
"total": 987,
"limitedCount": "abc123"
}
}
}
roleAssignments
Description
Retrieves the role assignments matching the given filter. Currently this is only used for the ownerRole.
Response
Returns a RoleAssignmentConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - RoleAssignmentFilterInput
|
|
order - [RoleAssignmentOrderInput!]
|
Example
Query
query roleAssignments(
$after: String,
$limit: Int,
$filter: RoleAssignmentFilterInput,
$order: [RoleAssignmentOrderInput!]
) {
roleAssignments(
after: $after,
limit: $limit,
filter: $filter,
order: $order
) {
... on RoleAssignmentConnection {
...RoleAssignmentConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "abc123",
"limit": 123,
"filter": RoleAssignmentFilterInput,
"order": [RoleAssignmentOrderInput]
}
Response
{"data": {"roleAssignments": RoleAssignmentConnection}}
search
Description
Use full text search for finding entities in Collibra Data Access.
Response
Returns a SearchResultItemConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
query - String!
|
|
filter - SearchFilterInput
|
Example
Query
query search(
$after: String,
$limit: Int,
$query: String!,
$filter: SearchFilterInput
) {
search(
after: $after,
limit: $limit,
query: $query,
filter: $filter
) {
... on SearchResultItemConnection {
...SearchResultItemConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "xyz789",
"limit": 123,
"query": "abc123",
"filter": SearchFilterInput
}
Response
{"data": {"search": SearchResultItemConnection}}
tagKeys
Description
Retrieves a paginated list of tags keys that are used.
Response
Returns a TagKeyConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - TagKeyFilterInput
|
Example
Query
query tagKeys(
$after: String,
$limit: Int,
$filter: TagKeyFilterInput
) {
tagKeys(
after: $after,
limit: $limit,
filter: $filter
) {
... on TagKeyConnection {
...TagKeyConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "xyz789",
"limit": 987,
"filter": TagKeyFilterInput
}
Response
{"data": {"tagKeys": TagKeyConnection}}
tagValues
Description
Retrieves a paginated list of tags values that are used.
Response
Returns a TagValueConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - TagValueFilterInput
|
Example
Query
query tagValues(
$after: String,
$limit: Int,
$filter: TagValueFilterInput
) {
tagValues(
after: $after,
limit: $limit,
filter: $filter
) {
... on TagValueConnection {
...TagValueConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "xyz789",
"limit": 987,
"filter": TagValueFilterInput
}
Response
{"data": {"tagValues": TagValueConnection}}
user
Description
Retrieves a single identity by its ID.
Response
Returns a UserResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
query user($id: ID!) {
user(id: $id) {
... on User {
...UserFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": "4"}
Response
{"data": {"user": User}}
userByEmail
Description
Retrieves a single identity by its email address.
Response
Returns a UserResult
Arguments
| Name | Description |
|---|---|
email - String!
|
Example
Query
query userByEmail($email: String!) {
userByEmail(email: $email) {
... on User {
...UserFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"email": "abc123"}
Response
{"data": {"userByEmail": User}}
users
Description
Retrieves a paginated list of identities.
Response
Returns a UserConnectionResult!
Arguments
| Name | Description |
|---|---|
after - String
|
|
limit - Int
|
|
filter - UserFilterInput
|
|
order - [UserOrderByInput!]
|
Example
Query
query users(
$after: String,
$limit: Int,
$filter: UserFilterInput,
$order: [UserOrderByInput!]
) {
users(
after: $after,
limit: $limit,
filter: $filter,
order: $order
) {
... on UserConnection {
...UserConnectionFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"after": "abc123",
"limit": 987,
"filter": UserFilterInput,
"order": [UserOrderByInput]
}
Response
{"data": {"users": UserConnection}}
Mutations
activateAccessControl
Description
Put an access control to active.
Response
Returns an AccessControlResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
mutation activateAccessControl($id: ID!) {
activateAccessControl(id: $id) {
... on AccessControl {
...AccessControlFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": "4"}
Response
{"data": {"activateAccessControl": AccessControl}}
addWhatDataObjectsToAccessControl
Please use updateAccessControl with whatDataObjectsToAdd.
Description
Add new WHAT items to the given access control. When a data object already exists in the WHAT list and overridePermissions is false, the permissions are merged. If overridePermissions is true, the permissions are replaced.
Response
Returns an AccessControlResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
|
toAdd - [AccessControlWhatInputDO!]
|
|
overridePermissions - Boolean
|
Example
Query
mutation addWhatDataObjectsToAccessControl(
$id: ID!,
$toAdd: [AccessControlWhatInputDO!],
$overridePermissions: Boolean
) {
addWhatDataObjectsToAccessControl(
id: $id,
toAdd: $toAdd,
overridePermissions: $overridePermissions
) {
... on AccessControl {
...AccessControlFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"id": "4",
"toAdd": [AccessControlWhatInputDO],
"overridePermissions": false
}
Response
{
"data": {
"addWhatDataObjectsToAccessControl": AccessControl
}
}
addWhatDataObjectsToAccessControlFromAccessRequest
Description
Add new WHAT items to the given access control. This will basically do the same as addWhatDataObjectsToAccessControl (with overridePermissions=false), but will also synchronously recalculate the access request implementation state so it can immediately be shown.
Response
Returns an AccessControlFromAccessRequestResult!
Arguments
| Name | Description |
|---|---|
accessControlId - ID!
|
|
toAdd - [AccessControlWhatInputDO!]
|
|
accessRequestId - ID!
|
Example
Query
mutation addWhatDataObjectsToAccessControlFromAccessRequest(
$accessControlId: ID!,
$toAdd: [AccessControlWhatInputDO!],
$accessRequestId: ID!
) {
addWhatDataObjectsToAccessControlFromAccessRequest(
accessControlId: $accessControlId,
toAdd: $toAdd,
accessRequestId: $accessRequestId
) {
... on AccessControlFromAccessRequest {
...AccessControlFromAccessRequestFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"accessControlId": 4,
"toAdd": [AccessControlWhatInputDO],
"accessRequestId": "4"
}
Response
{
"data": {
"addWhatDataObjectsToAccessControlFromAccessRequest": AccessControlFromAccessRequest
}
}
addWhoToAccessControl
Please use updateAccessControl in combination with the input field
whoItemsToAdd. Description
Add new WHO items to the given access control. When a specific WHO item (user, group or access control) is already present in the WHO list, the expiration information is updated when needed.
Response
Returns an AccessControlResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
|
toAdd - [WhoItemInput!]
|
Example
Query
mutation addWhoToAccessControl(
$id: ID!,
$toAdd: [WhoItemInput!]
) {
addWhoToAccessControl(
id: $id,
toAdd: $toAdd
) {
... on AccessControl {
...AccessControlFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"id": "4",
"toAdd": [WhoItemInput]
}
Response
{"data": {"addWhoToAccessControl": AccessControl}}
addWhoToAccessControlFromAccessRequest
Description
Add new WHO items to the given access control in the context of an access request. This will basically do the same as addWhoToAccessControl, but will also synchronously recalculate the access request implementation state so it can immediately be shown.
Response
Returns an AccessControlFromAccessRequestResult!
Arguments
| Name | Description |
|---|---|
accessControlId - ID!
|
|
toAdd - [WhoItemInput!]
|
|
accessRequestId - ID!
|
Example
Query
mutation addWhoToAccessControlFromAccessRequest(
$accessControlId: ID!,
$toAdd: [WhoItemInput!],
$accessRequestId: ID!
) {
addWhoToAccessControlFromAccessRequest(
accessControlId: $accessControlId,
toAdd: $toAdd,
accessRequestId: $accessRequestId
) {
... on AccessControlFromAccessRequest {
...AccessControlFromAccessRequestFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"accessControlId": 4,
"toAdd": [WhoItemInput],
"accessRequestId": 4
}
Response
{
"data": {
"addWhoToAccessControlFromAccessRequest": AccessControlFromAccessRequest
}
}
cancelAccessRequest
Description
Cancel one of the access requests you created.
Response
Returns an AccessRequestResult!
Example
Query
mutation cancelAccessRequest(
$id: ID!,
$comment: String
) {
cancelAccessRequest(
id: $id,
comment: $comment
) {
... on AccessRequest {
...AccessRequestFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": 4, "comment": "abc123"}
Response
{"data": {"cancelAccessRequest": AccessRequest}}
closeAccessRequest
Description
Close an access request. You need to be one of the assignees to do this.
Response
Returns an AccessRequestResult!
Example
Query
mutation closeAccessRequest(
$id: ID!,
$comment: String
) {
closeAccessRequest(
id: $id,
comment: $comment
) {
... on AccessRequest {
...AccessRequestFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": 4, "comment": "abc123"}
Response
{"data": {"closeAccessRequest": AccessRequest}}
createAccessControl
Description
Create a new access control.
Response
Arguments
| Name | Description |
|---|---|
input - AccessControlInput!
|
|
enableAdditionalAccessRequests - Boolean
|
Example
Query
mutation createAccessControl(
$input: AccessControlInput!,
$enableAdditionalAccessRequests: Boolean
) {
createAccessControl(
input: $input,
enableAdditionalAccessRequests: $enableAdditionalAccessRequests
) {
... on AccessControl {
...AccessControlFragment
}
... on AccessControlWithOptionalAccessRequests {
...AccessControlWithOptionalAccessRequestsFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
}
}
Variables
{
"input": AccessControlInput,
"enableAdditionalAccessRequests": true
}
Response
{"data": {"createAccessControl": AccessControl}}
createAccessRequest
Description
Create a new access request.
Response
Returns an AccessRequestResult!
Arguments
| Name | Description |
|---|---|
input - AccessRequestInput!
|
Example
Query
mutation createAccessRequest($input: AccessRequestInput!) {
createAccessRequest(input: $input) {
... on AccessRequest {
...AccessRequestFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"input": AccessRequestInput}
Response
{"data": {"createAccessRequest": AccessRequest}}
createComment
Description
Add a comment on an entity.
Response
Returns a CommentResult!
Arguments
| Name | Description |
|---|---|
input - CommentInput!
|
Example
Query
mutation createComment($input: CommentInput!) {
createComment(input: $input) {
... on Comment {
...CommentFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"input": CommentInput}
Response
{"data": {"createComment": Comment}}
createDataSource
Description
Create a new data source.
Response
Returns a DataSourceResult!
Arguments
| Name | Description |
|---|---|
input - DataSourceInput!
|
Example
Query
mutation createDataSource($input: DataSourceInput!) {
createDataSource(input: $input) {
... on DataSource {
...DataSourceFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
... on AlreadyExistsError {
...AlreadyExistsErrorFragment
}
}
}
Variables
{"input": DataSourceInput}
Response
{"data": {"createDataSource": DataSource}}
deactivateAccessControl
Description
Put an access control to inactive. It will be removed from the underlying system, but will still exist in Collibra Data Access.
Response
Returns an AccessControlResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
mutation deactivateAccessControl($id: ID!) {
deactivateAccessControl(id: $id) {
... on AccessControl {
...AccessControlFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": "4"}
Response
{"data": {"deactivateAccessControl": AccessControl}}
deleteAccessControl
Description
Delete an access control. It will be removed from the underlying system and 48 hours after the sync it will be removed from Collibra Data Access.
Response
Returns an AccessControlResult!
Example
Query
mutation deleteAccessControl(
$id: ID!,
$overrideLocks: Boolean
) {
deleteAccessControl(
id: $id,
overrideLocks: $overrideLocks
) {
... on AccessControl {
...AccessControlFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": "4", "overrideLocks": false}
Response
{"data": {"deleteAccessControl": AccessControl}}
deleteComment
Description
Delete a comment.
Response
Returns a DeleteCommentResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
mutation deleteComment($id: ID!) {
deleteComment(id: $id) {
... on DeleteComment {
...DeleteCommentFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": "4"}
Response
{"data": {"deleteComment": DeleteComment}}
deleteDataSource
Description
Delete a data source. This will mark the data source as deleted and start cleaning up everything in it asynchronously. This action is destructive and cannot be undone!
Response
Returns a DeleteDataSourceResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
Example
Query
mutation deleteDataSource($id: ID!) {
deleteDataSource(id: $id) {
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on DeleteDataSource {
...DeleteDataSourceFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": 4}
Response
{"data": {"deleteDataSource": PermissionDeniedError}}
reassignRole
Description
Reassign a specific role from one user to another on all entities.
Response
Returns a RoleResult!
Example
Query
mutation reassignRole(
$from: ID!,
$to: ID!,
$role: ID!
) {
reassignRole(
from: $from,
to: $to,
role: $role
) {
... on Role {
...RoleFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"from": 4, "to": 4, "role": "4"}
Response
{"data": {"reassignRole": Role}}
removeWhatDataObjectsFromAccessControl
Please use updateAccessControl with whatDataObjectsToRemove.
Description
Remove WHAT data objects from the given access control.
Response
Returns an AccessControlResult!
Example
Query
mutation removeWhatDataObjectsFromAccessControl(
$id: ID!,
$toRemove: [String!]
) {
removeWhatDataObjectsFromAccessControl(
id: $id,
toRemove: $toRemove
) {
... on AccessControl {
...AccessControlFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"id": 4, "toRemove": ["abc123"]}
Response
{
"data": {
"removeWhatDataObjectsFromAccessControl": AccessControl
}
}
removeWhoFromAccessControl
Please use updateAccessControl in combination with the input field
whoItemsToRemove. Description
Remove WHO items from the given access control. The toRemove array can contain IDs of users, groups and/or access controls. The typesToInclude parameter can be used to specify that only certain WHO item types should be removed (e.g. only grants).
Response
Returns an AccessControlResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
|
toRemove - [String!]
|
|
typesToInclude - [AccessWhoItemType]
|
Example
Query
mutation removeWhoFromAccessControl(
$id: ID!,
$toRemove: [String!],
$typesToInclude: [AccessWhoItemType]
) {
removeWhoFromAccessControl(
id: $id,
toRemove: $toRemove,
typesToInclude: $typesToInclude
) {
... on AccessControl {
...AccessControlFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"id": 4,
"toRemove": ["abc123"],
"typesToInclude": ["WhoGrant"]
}
Response
{"data": {"removeWhoFromAccessControl": AccessControl}}
updateAccessControl
Description
Update an existing access control.
Response
Arguments
| Name | Description |
|---|---|
id - ID!
|
|
input - AccessControlInput!
|
|
enableAdditionalAccessRequests - Boolean
|
|
overrideLocks - Boolean
|
Example
Query
mutation updateAccessControl(
$id: ID!,
$input: AccessControlInput!,
$enableAdditionalAccessRequests: Boolean,
$overrideLocks: Boolean
) {
updateAccessControl(
id: $id,
input: $input,
enableAdditionalAccessRequests: $enableAdditionalAccessRequests,
overrideLocks: $overrideLocks
) {
... on AccessControl {
...AccessControlFragment
}
... on AccessControlWithOptionalAccessRequests {
...AccessControlWithOptionalAccessRequestsFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
}
}
Variables
{
"id": 4,
"input": AccessControlInput,
"enableAdditionalAccessRequests": true,
"overrideLocks": true
}
Response
{"data": {"updateAccessControl": AccessControl}}
updateComment
Description
Update an existing comment.
Response
Returns a CommentResult!
Arguments
| Name | Description |
|---|---|
input - CommentUpdateInput!
|
Example
Query
mutation updateComment($input: CommentUpdateInput!) {
updateComment(input: $input) {
... on Comment {
...CommentFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"input": CommentUpdateInput}
Response
{"data": {"updateComment": Comment}}
updateDataSource
Description
Update an existing data source.
Response
Returns a DataSourceResult!
Arguments
| Name | Description |
|---|---|
id - ID!
|
|
input - DataSourceInput!
|
Example
Query
mutation updateDataSource(
$id: ID!,
$input: DataSourceInput!
) {
updateDataSource(
id: $id,
input: $input
) {
... on DataSource {
...DataSourceFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
... on AlreadyExistsError {
...AlreadyExistsErrorFragment
}
}
}
Variables
{
"id": "4",
"input": DataSourceInput
}
Response
{"data": {"updateDataSource": DataSource}}
updateRoleAssigneesOnAccessControl
Description
Update the assigned roles on a specific access control.
Response
Returns a RoleResult!
Arguments
| Name | Description |
|---|---|
accessControl - ID!
|
|
roleInput - RoleAssigneeInput!
|
Example
Query
mutation updateRoleAssigneesOnAccessControl(
$accessControl: ID!,
$roleInput: RoleAssigneeInput!
) {
updateRoleAssigneesOnAccessControl(
accessControl: $accessControl,
roleInput: $roleInput
) {
... on Role {
...RoleFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"accessControl": "4",
"roleInput": RoleAssigneeInput
}
Response
{"data": {"updateRoleAssigneesOnAccessControl": Role}}
updateRoleAssigneesOnDataObject
Description
Update the assigned roles on a specific data object.
Response
Returns a RoleResult!
Arguments
| Name | Description |
|---|---|
dataObject - ID!
|
|
roleInput - RoleAssigneeInput!
|
Example
Query
mutation updateRoleAssigneesOnDataObject(
$dataObject: ID!,
$roleInput: RoleAssigneeInput!
) {
updateRoleAssigneesOnDataObject(
dataObject: $dataObject,
roleInput: $roleInput
) {
... on Role {
...RoleFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{
"dataObject": "4",
"roleInput": RoleAssigneeInput
}
Response
{"data": {"updateRoleAssigneesOnDataObject": Role}}
updateRoleAssigneesOnDataSource
Description
Update the assigned roles on a specific data source.
Response
Returns a RoleResult!
Arguments
| Name | Description |
|---|---|
dataSource - ID!
|
|
roleInput - RoleAssigneeInput!
|
Example
Query
mutation updateRoleAssigneesOnDataSource(
$dataSource: ID!,
$roleInput: RoleAssigneeInput!
) {
updateRoleAssigneesOnDataSource(
dataSource: $dataSource,
roleInput: $roleInput
) {
... on Role {
...RoleFragment
}
... on PermissionDeniedError {
...PermissionDeniedErrorFragment
}
... on NotFoundError {
...NotFoundErrorFragment
}
... on InvalidInputError {
...InvalidInputErrorFragment
}
}
}
Variables
{"dataSource": 4, "roleInput": RoleAssigneeInput}
Response
{"data": {"updateRoleAssigneesOnDataSource": Role}}
Types
AbacComparisonExpression
Example
BinaryExpressionLiteralBool
AbacComparisonExpressionAggregator
Description
Represents an aggregator boolean expression with a single operator (e.g. X AND Y AND Z).
Fields
| Field Name | Description |
|---|---|
operator - BinaryExpressionAggregatorOperator!
|
The aggregator operator to use. |
operands - [AbacComparisonExpression!]!
|
The list of operands to combine with the operator. |
Example
{
"operator": "And",
"operands": [BinaryExpressionLiteralBool]
}
AbacComparisonExpressionAggregatorInput
Description
Input object to create an aggregator expression (e.g. X OR Y OR Z).
Fields
| Input Field | Description |
|---|---|
operator - BinaryExpressionAggregatorOperator!
|
The operator to use. |
operands - [AbacComparisonExpressionInput!]!
|
The operands which will be combined with the operator. |
Example
{
"operator": "And",
"operands": [AbacComparisonExpressionInput]
}
AbacComparisonExpressionBinaryLiteral
Description
Represents a literal of type boolean (i.e. true or false).
Fields
| Field Name | Description |
|---|---|
value - Boolean!
|
Example
{"value": false}
AbacComparisonExpressionComparison
Description
Represents a single simple comparison expression (i.e. field=value)
Fields
| Field Name | Description |
|---|---|
operator - AbacComparisonExpressionComparisonOperator!
|
The comparison operator to use |
leftOperand - String!
|
The field to compare the value with. |
rightOperand - AbacComparisonExpressionOperand!
|
The right operand. |
Example
{
"operator": "PropertyEquals",
"leftOperand": "xyz789",
"rightOperand": AbacComparisonExpressionBinaryLiteral
}
AbacComparisonExpressionComparisonInput
Description
Input object to create a comparison expression (i.e. field < value).
Fields
| Input Field | Description |
|---|---|
operator - AbacComparisonExpressionComparisonOperator!
|
The operator for the expression. |
leftOperand - String!
|
The field to compare the value against. |
rightOperand - AbacComparisonExpressionOperandInput!
|
The value operand. |
Example
{
"operator": "PropertyEquals",
"leftOperand": "abc123",
"rightOperand": AbacComparisonExpressionOperandInput
}
AbacComparisonExpressionComparisonOperator
Description
The different comparison operators.
Values
| Enum Value | Description |
|---|---|
|
|
To compare the operands with the equals (=) operator. |
|
|
To check if the given value is in a list of values. |
|
|
To check if the object, or any of its ancestors, has a certain tag. |
|
|
To check if the object, or any of its descendants, has a certain tag. |
|
|
To check if the value start with a certain string. |
|
|
To check if the value ends with a certain string. |
|
|
To check if the value contains a certain string. |
Example
"PropertyEquals"
AbacComparisonExpressionInput
Description
Input object to create an ABAC expression. Exactly one of the fields should be specified, depending on the type.
Fields
| Input Field | Description |
|---|---|
literal - Boolean
|
In case you want to simply have a boolean literal to determine the outcome. |
comparison - AbacComparisonExpressionComparisonInput
|
To specify a single comparison (e.g. field < value). |
aggregator - AbacComparisonExpressionAggregatorInput
|
To specify an aggregator expression (e.g. X OR Y OR Z). |
unaryExpression - AbacComparisonExpressionUnaryExpressionInput
|
To specify a unary expression (e.g. NOT X). |
Example
{
"literal": true,
"comparison": AbacComparisonExpressionComparisonInput,
"aggregator": AbacComparisonExpressionAggregatorInput,
"unaryExpression": AbacComparisonExpressionUnaryExpressionInput
}
AbacComparisonExpressionLiteral
Description
Input object to represent a literal value. Exactly one of the fields should be specified.
Example
{
"bool": true,
"string": "abc123",
"stringList": ["abc123"]
}
AbacComparisonExpressionOperand
Example
AbacComparisonExpressionBinaryLiteral
AbacComparisonExpressionOperandInput
Description
Input object to represent an operand.
Fields
| Input Field | Description |
|---|---|
literal - AbacComparisonExpressionLiteral
|
The literal value of the operand. |
Example
{"literal": AbacComparisonExpressionLiteral}
AbacComparisonExpressionStringListLiteral
Description
Represents a literal of type string list.
Fields
| Field Name | Description |
|---|---|
value - [String!]
|
Example
{"value": ["abc123"]}
AbacComparisonExpressionStringLiteral
Description
Represents a literal of type string.
Fields
| Field Name | Description |
|---|---|
value - String!
|
Example
{"value": "xyz789"}
AbacComparisonExpressionUnaryExpression
Description
Represents a unary expression (e.g. NOT X)?
Fields
| Field Name | Description |
|---|---|
operator - BinaryExpressionUnaryExpressionOperator!
|
The unary operator to use. |
operand - AbacComparisonExpression
|
The operand for the expression. |
Example
{
"operator": "Not",
"operand": BinaryExpressionLiteralBool
}
AbacComparisonExpressionUnaryExpressionInput
Description
Input object to create a unary expression (e.g. NOT X).
Fields
| Input Field | Description |
|---|---|
operator - BinaryExpressionUnaryExpressionOperator!
|
The operator to use. |
operand - AbacComparisonExpressionInput!
|
The operand to use with the operator. |
Example
{
"operator": "Not",
"operand": AbacComparisonExpressionInput
}
AccessControl
Description
Represents an access control object in the system. An access control is the abstract model representing grants, masks, filters and groups (determined by the action field).
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique identifier of the access control. |
createdAt - Time!
|
Timestamp when the access control was created. |
modifiedAt - Time!
|
Timestamp when the access control was last modified. |
category - GrantCategory
|
In case the access control is a grant (action), this contains the grant category (determining the behavior of the grant). |
name - String!
|
Name of the access control. |
namingHint - String
|
Naming hint for the access control, used for generating the actual names in target systems. |
state - AccessControlState!
|
State of the access control. |
action - AccessControlAction!
|
Action of the access control to determine if it is a grant, mask, filter or group. |
description - String!
|
Detailed description of the access control. |
source - String
|
Source defines the source of the access control, if managed by third party tool. |
roleAssetLink - RoleAssetLink
|
The linked Collibra asset (e.g. Data Product Port, Data Set) associated with this access control. |
whoAbacRules - [WhoAbacRule!]
|
The list of ABAC rules for calculating the WHO items dynamically. |
whatAbacRules - [WhatAbacRule!]
|
The list of ABAC rules for calculating the WHAT items dynamically. |
whatAbacScope - DataObjectConnectionResult!
|
Retrieves the scope Data Objects for a specific WHAT ABAC rule. |
Arguments |
|
policyRule - String
|
The policy rule as a string. This is used only for certain cases, like imported row-level filters and column masks or for row-level filters that are implemented like this. |
external - Boolean!
|
Indicates whether the access control is managed externally (in the Data Source) or internally (in the Collibra Data Access application). |
notInternalizable - Boolean!
|
For externally managed access controls, indicates whether the access control cannot be internalized. |
locks - [AccessControlLockData!]!
|
The list of locks that are configured on this access control. Locks can be used to prevent editing certain parts of the access control, typically because they are managed outside of Collibra Data Access and so should be imported from instead of exported to the data source). |
complete - Boolean
|
Indicates if this external access control is complete, meaning that all linked entities are knows in Collibra Data Access. If an imported access control is incomplete, information will be lost when internalizing the access control, because only the known entities will be kept. |
filterCriteria - DataComparisonExpression
|
For access controls with action=Filter, this contains the boolean expression determining the filter criteria. |
pendingUpdates - Int!
|
For large updates to the access control, some changes may be handled asynchronously in the background. This field indicates the number of pending updates still being processed. |
entityPartOfWho - Boolean
|
Returns true is the given entity is part of the WHO items of this access control (excluding promises). If entityId is not set, the current user will be used. |
entityPartOfWhoDetails - AccessWhoItem
|
Returns details about the given entity being part of the WHO items of this access control (excluding promises). If entityId is not set, the current user will be used. |
availablePromise - PromiseDetailsResult
|
Returns true if there is an available promise for the given entity on this access control. If entityId is not set, the current user will be used. |
Arguments
|
|
who - AccessWhoItemConnectionResult!
|
Retrieves the WHO items for this access control. When unpack is set to true, this will return all the users that are part of the WHO items, including those coming through inheritance (of grants or groups). |
Arguments
|
|
numberOfWho - Count!
|
Retrieves the number of WHO items for this access control. When unpack is set to true, this will return the number of (unique) users that are part of the WHO items, including those coming through inheritance of upstream grants and groups). |
Arguments
|
|
whoUnknown - Boolean!
|
If true, it indicates that the who of this access control couldn't be parsed on import |
whatDataObjects - AccessWhatDataObjectItemConnectionResult!
|
Retrieves the WHAT data objects which are directly linked to this access control. |
Arguments |
|
whatUnpackedDataObjects - AccessWhatDataObjectItemConnectionResult!
|
Retrieves the WHAT data objects which are linked to this access control either directly or through inheritance from downstream grants. |
Arguments |
|
whatAccessControls - AccessWhatAccessControlItemConnectionResult!
|
Retrieves the access controls which are in the WHAT list of this access control. This basically means that this access control is in the WHO list of those access controls. |
Arguments |
|
numberOfDataObjects - Count
|
Retrieves the number of WHAT data objects which are directly linked to this access control. Data Objects related through ABAC rules are excluded. |
numberOfUnpackedDataObjects - Count
|
Retrieves the number of WHAT data objects which are linked to this access control either directly or through inheritance from downstream grants. Data Objects related through ABAC rules are included. |
numberOfWhatAccessControls - Count
|
Retrieves the number of access controls which are in the WHAT list of this access control. |
Arguments |
|
whatUnknown - Boolean!
|
If true, it indicates that the what of this access control couldn't be parsed on import |
dataSources - [DataSource!]
|
Retrieves the data sources that this access control will get deployed to. |
syncData - [SyncData!]
|
Retrieves synchronization information for each linked data source. |
syncStatus - SyncStatus!
|
Retrieves the aggregated sync status for this access control across all linked data sources. |
permissionsOnDataObject - AccessPermissionsResult
|
Retrieves the permissions this access control (grant) provides on a specific data object. |
Arguments
|
|
validityForDataObject - Time
|
Get the validity date for a specific data object in the WHAT items of this access control.. This only works for grants of category Direct Access. |
Arguments
|
|
validityForUser - Time
|
Retrieves the validity date for a specific user in the WHO items of this access control. |
Arguments
|
|
validityForAccessControl - Time
|
Retrieves the validity date for a specific access control in the WHO items of this access control. |
Arguments
|
|
owners - [RoleAssignmentTo]
|
Retrieves the owners of this access control. |
tags - TagConnectionResult!
|
Retrieves the tags linked to this access control. |
Arguments |
|
Example
{
"id": "4",
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"category": GrantCategory,
"name": "xyz789",
"namingHint": "abc123",
"state": "Active",
"action": "Grant",
"description": "xyz789",
"source": "xyz789",
"roleAssetLink": RoleAssetLink,
"whoAbacRules": [WhoAbacRule],
"whatAbacRules": [WhatAbacRule],
"whatAbacScope": DataObjectConnection,
"policyRule": "xyz789",
"external": true,
"notInternalizable": false,
"locks": [AccessControlLockData],
"complete": false,
"filterCriteria": BinaryExpressionLiteralBool,
"pendingUpdates": 987,
"entityPartOfWho": false,
"entityPartOfWhoDetails": AccessWhoItem,
"availablePromise": PermissionDeniedError,
"who": AccessWhoItemConnection,
"numberOfWho": Count,
"whoUnknown": false,
"whatDataObjects": AccessWhatDataObjectItemConnection,
"whatUnpackedDataObjects": AccessWhatDataObjectItemConnection,
"whatAccessControls": AccessWhatAccessControlItemConnection,
"numberOfDataObjects": Count,
"numberOfUnpackedDataObjects": Count,
"numberOfWhatAccessControls": Count,
"whatUnknown": false,
"dataSources": [DataSource],
"syncData": [SyncData],
"syncStatus": "NotConnected",
"permissionsOnDataObject": AccessPermissions,
"validityForDataObject": "10:15:30Z",
"validityForUser": "10:15:30Z",
"validityForAccessControl": "10:15:30Z",
"owners": [User],
"tags": TagConnection
}
AccessControlAction
Description
The possible actions for an access control. This determines what the access control will do.
Values
| Enum Value | Description |
|---|---|
|
|
For granting users access to data. |
|
|
For masking data in columns. |
|
|
For filtering rows in a table or view. |
|
|
For grouping users or other groups. The access control doesn't have WHAT items in this case. |
|
|
Example
"Grant"
AccessControlConnection
Description
The connection type for paginated lists of AccessControl.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [AccessControlEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [AccessControlEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 123
}
AccessControlConnectionResult
Types
| Union Types |
|---|
Example
AccessControlConnection
AccessControlDataSourceInput
Description
Input object update the data sources linked to the access control.
Example
{"dataSource": 4, "type": "abc123"}
AccessControlEdge
Description
The edge type for AccessControlConnection
Fields
| Field Name | Description |
|---|---|
node - AccessControl
|
The actual access control object. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": AccessControl,
"cursor": "abc123"
}
AccessControlFilterInput
Description
Defines the filter options for listing access controls. When using multiple filter options, all these options need to apply to return the item.
Fields
| Input Field | Description |
|---|---|
actions - [AccessControlAction!]
|
The actions the access controls should have. |
states - [AccessControlState!]
|
The states the access controls should be in. |
categories - [String!]
|
The grant categories the access control should be in. |
external - Boolean
|
To filter on only internal or external access controls. |
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
dataSource - ID
|
To filter access controls which are linked to a specific data source. |
canEditWho - Boolean
|
Only return access controls where the WHO is editable. |
canEditInheritance - Boolean
|
Only return access controls where the inheritance (= linking to other access controls) is editable. |
canEditWhat - Boolean
|
Only return access controls where the WHAT is editable. |
exclude - [String!]
|
Exclude this explicit list of access controls. |
source - String
|
The source of the access control |
owners - [String!]
|
The access control must have any of the given owners (by user ID). |
hasTags - [TagFilter!]
|
Filter by which tags the access control needs to have. |
dataObjectInWhat - ID
|
Only return the access controls that have the given data object in its WHAT list. |
Example
{
"actions": ["Grant"],
"states": ["Active"],
"categories": ["xyz789"],
"external": false,
"search": "xyz789",
"dataSource": 4,
"canEditWho": true,
"canEditInheritance": false,
"canEditWhat": true,
"exclude": ["abc123"],
"source": "xyz789",
"owners": ["xyz789"],
"hasTags": [TagFilter],
"dataObjectInWhat": "4"
}
AccessControlForDataObjectFilterInput
Description
Input object for filtering the access controls associated with a data object.
Fields
| Input Field | Description |
|---|---|
actions - [AccessControlAction!]
|
Limit the actions the access controls must have. |
states - [AccessControlState!]
|
Limit the states the access controls must have. |
external - Boolean
|
To only filter external or internal access controls. |
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
includeDataObjectInheritance - AccessControlForDataObjectInheritanceDirection
|
Determines if we only look at the current data object only or also its descendants and/or ancestors. |
userInWho - String
|
Filter on a specific user that should be a beneficiary of the access control. |
accessControlInWho - String
|
Filter on a specific access control that should be a beneficiary of the access control. |
userPartOfPromise - Boolean
|
Filter on a specific user that should have a promise on the access control. |
accessControlPartOfPromise - Boolean
|
Filter on a specific access control that should have a promise on the access control. |
Example
{
"actions": ["Grant"],
"states": ["Active"],
"external": true,
"search": "xyz789",
"includeDataObjectInheritance": "None",
"userInWho": "xyz789",
"accessControlInWho": "abc123",
"userPartOfPromise": false,
"accessControlPartOfPromise": false
}
AccessControlForDataObjectInheritanceDirection
Description
The possible values for listing access controls for a data object, to also include its descendants and/or ancestors.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"None"
AccessControlForUserFilterInput
Fields
| Input Field | Description |
|---|---|
actions - [AccessControlAction!]
|
Limit the actions the access controls must have. |
categories - [String!]
|
Limit the access controls to grants in one of the given categories. |
states - [AccessControlState!]
|
Limit the states the access controls must have. |
external - Boolean
|
To only filter external or internal access controls. |
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
dataSource - ID
|
Limit to access controls in the given data source. |
userPartOfPromise - Boolean
|
If true, also the access controls where the user is part of a promise (but not granted) are returned. |
Example
{
"actions": ["Grant"],
"categories": ["xyz789"],
"states": ["Active"],
"external": false,
"search": "abc123",
"dataSource": "4",
"userPartOfPromise": true
}
AccessControlFromAccessRequest
Description
Represents the result object for an action to an access control, which is triggered during the implementation of an access request. It contains both the access control and the access request that triggered the action.
Fields
| Field Name | Description |
|---|---|
accessControl - AccessControl!
|
The access control that was updated or created. |
accessRequest - AccessRequest!
|
The access request from which the action was triggered. |
Example
{
"accessControl": AccessControl,
"accessRequest": AccessRequest
}
AccessControlFromAccessRequestResult
Types
| Union Types |
|---|
Example
AccessControlFromAccessRequest
AccessControlInput
Description
Input object for creating and updating access controls.
Fields
| Input Field | Description |
|---|---|
name - String
|
Name of the access control. |
namingHint - String
|
Naming hint for the access control, used for generating the actual names in target systems. |
action - AccessControlAction
|
Action of the access control to determine if it is a grant, mask, filter or group. |
description - String
|
Detailed description of the access control. |
category - String
|
In case the access control is a grant (action), this contains the grant category (determining the behavior of the grant). |
source - String
|
Source defines the source of the access control, if managed by third party tool. |
whoAbacRules - [WhoAbacRuleInput]
|
The list of ABAC rules for calculating the WHO items dynamically. |
whoItems - [WhoItemInput!]
|
The list of static WHO items for this access control. Cannot be used together with whoItemsToAdd or whoItemsToRemove. |
whoItemsToAdd - [WhoItemInput!]
|
The list of static WHO items to add to this access control (diff-based update). Cannot be used together with whoItems. |
whoItemsToRemove - [WhoItemRemoveInput!]
|
The list of static WHO items to remove from this access control (diff-based update). Cannot be used together with whoItems. |
whatAbacRules - [WhatAbacRuleInput]
|
The list of ABAC rules for calculating the WHAT items dynamically. |
whatDataObjects - [AccessControlWhatInputDO!]
|
The list of static WHAT data object items for this access control. Cannot be used together with whatDataObjectsToAdd or whatDataObjectsToRemove. |
whatAccessControls - [AccessControlWhatInputAP!]
|
The list of static WHAT access controls for this access control. Cannot be used together with whatAccessControlsToAdd or whatAccessControlsToRemove. |
whatDataObjectsToAdd - [AccessControlWhatInputDO!]
|
The list of static WHAT data objects to add to this access control (diff-based update). Cannot be used together with whatDataObjects. |
whatDataObjectsToRemove - [WhatDataObjectRemoveInput!]
|
The list of static WHAT data objects to remove from this access control (diff-based update). Cannot be used together with whatDataObjects. When permissions and globalPermissions are both omitted, the entire WHAT link is removed. When specific permissions are provided, only those are removed. |
whatAccessControlsToAdd - [AccessControlWhatInputAP!]
|
The list of static WHAT access controls to add to this access control (diff-based update). Cannot be used together with whatAccessControls. |
whatAccessControlsToRemove - [ID!]
|
The list of static WHAT access control IDs to remove from this access control (diff-based update). Cannot be used together with whatAccessControls. |
policyRule - String
|
The policy rule as a string. This is used only for certain cases, like imported row-level filters and column masks or for row-level filters that are implemented like this. |
filterCriteria - DataComparisonExpressionInput
|
For access controls with action=Filter, this contains the boolean expression determining the filter criteria. |
dataSources - [AccessControlDataSourceInput!]
|
The data sources that this access control will get deployed to. |
locks - [AccessControlLockDataInput!]
|
The locks that should apply to this access control. |
external - Boolean
|
Indicates whether the access control is managed externally (in the Data Source) or internally (in the Collibra Data Access application). |
Example
{
"name": "xyz789",
"namingHint": "abc123",
"action": "Grant",
"description": "abc123",
"category": "xyz789",
"source": "abc123",
"whoAbacRules": [WhoAbacRuleInput],
"whoItems": [WhoItemInput],
"whoItemsToAdd": [WhoItemInput],
"whoItemsToRemove": [WhoItemRemoveInput],
"whatAbacRules": [WhatAbacRuleInput],
"whatDataObjects": [AccessControlWhatInputDO],
"whatAccessControls": [AccessControlWhatInputAP],
"whatDataObjectsToAdd": [AccessControlWhatInputDO],
"whatDataObjectsToRemove": [WhatDataObjectRemoveInput],
"whatAccessControlsToAdd": [AccessControlWhatInputAP],
"whatAccessControlsToRemove": [4],
"policyRule": "abc123",
"filterCriteria": DataComparisonExpressionInput,
"dataSources": [AccessControlDataSourceInput],
"locks": [AccessControlLockDataInput],
"external": true
}
AccessControlLock
Description
The parts that can possibly be locked on an access control.
Values
| Enum Value | Description |
|---|---|
|
|
The users in the WHO list of the access control cannot be edited. |
|
|
The access controls in the WHO list of the access control cannot be edited. |
|
|
The WHAT list of the access control cannot be edited. |
|
|
The name of the access control cannot be edited. |
|
|
The access control cannot be deleted. This also has the impact that, when the access control is edited, after the synchronization, the access control will be made external again. |
|
|
The owners of the access control cannot be edited. |
Example
"WhoLock"
AccessControlLockData
Description
Represents a lock on an access control field.
Fields
| Field Name | Description |
|---|---|
lockKey - AccessControlLock!
|
The part that is locked. |
details - AccessControlLockDetails!
|
Details about the locking. |
Example
{
"lockKey": "WhoLock",
"details": AccessControlLockDetails
}
AccessControlLockDataInput
Description
Input for defining the lock settings
Fields
| Input Field | Description |
|---|---|
lockKey - AccessControlLock!
|
The part of the access control to lock. |
details - AccessControlLockDetailsInput
|
The lock details. Default = {lockType: UserOnly} |
Example
{
"lockKey": "WhoLock",
"details": AccessControlLockDetailsInput
}
AccessControlLockDetails
Description
Represents the details about locks on parts of an access control.
Fields
| Field Name | Description |
|---|---|
reason - String
|
The reason explaining why this is locked. |
lockType - AccessControlLockType!
|
The type of lock. |
Example
{
"reason": "abc123",
"lockType": "ImportExport"
}
AccessControlLockDetailsInput
Description
Input for defining the lock details.
Fields
| Input Field | Description |
|---|---|
reason - String
|
The reason for locking this part of the access control. |
lockType - AccessControlLockType
|
The lock type. Default = UserOnly |
Example
{
"reason": "xyz789",
"lockType": "ImportExport"
}
AccessControlLockType
Description
The types of lock.
Values
| Enum Value | Description |
|---|---|
|
|
The data can only be updated through the import. |
|
|
The data can still be updated through the API, but not in the UI. |
Example
"ImportExport"
AccessControlOrderByInput
Description
Defines the sorting configuration for access control lists.
Example
{
"name": "Asc",
"createdAt": "Asc",
"modifiedAt": "Asc",
"action": "Asc",
"state": "Asc",
"sync": "Asc"
}
AccessControlResult
Types
| Union Types |
|---|
Example
AccessControl
AccessControlState
Description
The possible states an access control can be in.
Values
| Enum Value | Description |
|---|---|
|
|
This access control is active and so will be synced to or from the underlying system. |
|
|
This access control is not active and so will not be synced to the underlying system (removed if it was synced before). |
|
|
This access control is deleted and, once synced to the underlying system, it will be automatically deleted with a 48 hour delay. |
Example
"Active"
AccessControlType
Description
A single access control type.
Fields
| Field Name | Description |
|---|---|
isDefault - Boolean
|
If true, this is the default access control type (when creating a new access control). |
type - String
|
The internal identifier for the access control type. |
label - String
|
The display label for the access control type. |
description - String
|
The description of the access control type. |
isNamedEntity - Boolean
|
If true, this access control is a named entity in the data source. |
canBeCreated - Boolean
|
If true, access controls can we created with this type. |
canBeAssumed - Boolean
|
If true, access controls of this type can be assumed by a user in the data source (e.g. an Account Role in Snowflake). |
canAssumeMultiple - Boolean
|
If true, multiple access controls of this type can be assumed by a user in the data source (e.g. an Account Role in Snowflake). |
allowedWhoAccessControlTypes - [String!]
|
Used to limit the types of WHO links that can be set on this access control. |
commonParentType - String
|
Optional data object type which needs to be the common parent for all data objects in the WHAT list (e.g. a Database Role in Snowflake requires all WHAT items to be from the same database). |
Example
{
"isDefault": false,
"type": "abc123",
"label": "xyz789",
"description": "abc123",
"isNamedEntity": true,
"canBeCreated": true,
"canBeAssumed": true,
"canAssumeMultiple": true,
"allowedWhoAccessControlTypes": [
"abc123"
],
"commonParentType": "abc123"
}
AccessControlWhatAccessControlFilterInput
Description
Defines the sorting configuration for the access control WHAT list (access controls).
Fields
| Input Field | Description |
|---|---|
actions - [AccessControlAction!]
|
|
categories - [String!]
|
|
owners - [String!]
|
|
hasTags - [TagFilter!]
|
|
search - String
|
Example
{
"actions": ["Grant"],
"categories": ["xyz789"],
"owners": ["xyz789"],
"hasTags": [TagFilter],
"search": "abc123"
}
AccessControlWhatDoByNameInput
AccessControlWhatInputAP
Description
Input object to represent an access control WHAT item for the access control.
Fields
| Input Field | Description |
|---|---|
accessControl - ID!
|
The ID of the access control to add in the WHAT of the access control. |
Example
{"accessControl": "4"}
AccessControlWhatInputDO
Description
Input object to represent a data object WHAT item for the access control.
Fields
| Input Field | Description |
|---|---|
permissions - [String]
|
The permissions to grant on the data object. |
globalPermissions - [String]
|
The global permissions to grant on the data object. |
dataObjects - [ID]
|
The list of data object IDs to provide the access to. Either this or dataObjectByName needs to be specified. |
dataObjectByName - [AccessControlWhatDoByNameInput!]
|
The reference by name to indicate the data object to provide access to. Either this or dataObjects needs to be specified. |
expiresAt - Time
|
The time at which this WHAT item will expire. Only used for Direct Access grants. |
Example
{
"permissions": ["abc123"],
"globalPermissions": ["abc123"],
"dataObjects": ["4"],
"dataObjectByName": [AccessControlWhatDoByNameInput],
"expiresAt": "10:15:30Z"
}
AccessControlWhoListFilter
Description
For filtering the WHO items of an access control. When using multiple filter options, all these options need to apply to return the item.
Fields
| Input Field | Description |
|---|---|
whoType - AccessWhoItemType
|
To only filter on either grants or promises. |
targetUser - ID
|
Only get the WHO item for a specific user. |
targetAccessControl - ID
|
Only get the WHO item for a specific access control. |
entityType - EntityType
|
Only get WHO items with a specific type (User or AccessControl) |
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
abacRule - ID
|
Optional ABAC rule to filter the who-list on. Only applicable when requesting users who-list without unpacking |
Example
{
"whoType": "WhoGrant",
"targetUser": 4,
"targetAccessControl": 4,
"entityType": "AccessControl",
"search": "xyz789",
"abacRule": "4"
}
AccessControlWhoOrderByInput
Description
Defines the sorting configuration for the access control WHO list.
Fields
| Input Field | Description |
|---|---|
name - Sort
|
Example
{"name": "Asc"}
AccessControlWithOptionalAccessRequests
Description
Represents the result of an access control update when access requests were created as part of the update.
Fields
| Field Name | Description |
|---|---|
accessControl - AccessControl!
|
The updated access control. |
accessRequests - [AccessRequest!]!
|
The list of access requests that was created as part of the update. |
Example
{
"accessControl": AccessControl,
"accessRequests": [AccessRequest]
}
AccessControlWithOptionalAccessRequestsResult
Example
AccessControl
AccessFilterInput
Description
For filtering access elements. When using multiple filter options, all these options need to apply to return the item.
Fields
| Input Field | Description |
|---|---|
actions - [AccessControlAction!]
|
The actions the access controls should have. |
categories - [String!]
|
The grant categories the access control should be in. |
states - [AccessControlState!]
|
The states the access controls should be in. |
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
owners - [String!]
|
The access control must have any of the given owners (by user ID). |
hasTags - [TagFilter!]
|
Filter by which tags the access control needs to have. |
Example
{
"actions": ["Grant"],
"categories": ["abc123"],
"states": ["Active"],
"search": "xyz789",
"owners": ["xyz789"],
"hasTags": [TagFilter]
}
AccessPermissions
Description
Represents the permissions granted by an access control on a specific data object.
Example
{
"permissions": ["abc123"],
"globalPermissions": ["xyz789"]
}
AccessPermissionsResult
Types
| Union Types |
|---|
Example
AccessPermissions
AccessRequest
Description
Represents an access request object in the system.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique identifier of the access request. |
createdAt - Time!
|
Timestamp when the access request was created. |
createdBy - User
|
The user that created the access request. |
modifiedAt - Time!
|
Timestamp when the access request was last modified. |
closedAt - Time
|
If closed, this is the date the access request was closed. |
name - String
|
The display name for the access request. |
description - String!
|
The description of the access request. |
status - AccessRequestStatus!
|
The current status of the access request. |
outcome - AccessRequestOutcome!
|
The outcome of the access request. |
processingSteps - [AccessRequestStatus!]
|
The list of status steps the access requests needs to go through. |
implementationExpiresAt - Time
|
The expiration time that was requested. |
anyExpirationAllowed - Boolean!
|
If true, any expiration can be set by the implementer to satisfy the request. |
implementationAssignees - [AccessRequestAssigneeIdentity]
|
The list of assignees for implementing the access request. |
whatList - AccessRequestWhatItemConnectionResult!
|
The list of items that the requester is access to. |
Arguments |
|
userList - UserConnectionResult!
|
The list of users for which the access is requested (beneficiaries). |
Arguments |
|
unpackedUserList - UserConnectionResult!
|
The unpacked list of users for which the access is requested. |
Arguments |
|
accessControlList - AccessControlConnectionResult!
|
The list of access controls for which the access is requested. |
Arguments |
|
calculateIndividualOutcome - AccessRequestOutcome!
|
Fetch the outcome for the given WHAT item and WHO item. This answers the question if a specific entity in the WHO list already has access to the given WHAT item or not. |
Example
{
"id": 4,
"createdAt": "10:15:30Z",
"createdBy": User,
"modifiedAt": "10:15:30Z",
"closedAt": "10:15:30Z",
"name": "xyz789",
"description": "xyz789",
"status": "Created",
"outcome": "None",
"processingSteps": ["Created"],
"implementationExpiresAt": "10:15:30Z",
"anyExpirationAllowed": true,
"implementationAssignees": [User],
"whatList": AccessRequestWhatItemConnection,
"userList": UserConnection,
"unpackedUserList": UserConnection,
"accessControlList": AccessControlConnection,
"calculateIndividualOutcome": "None"
}
AccessRequestAccessControlWhatInput
Description
Input type for a WHAT item for an access request, in case it is a access control.
Fields
| Input Field | Description |
|---|---|
id - String!
|
The ID of the access control. |
Example
{"id": "xyz789"}
AccessRequestAssigneeIdentity
Types
| Union Types |
|---|
Example
User
AccessRequestConnection
Description
The connection type for paginated lists of AccessRequest.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [AccessRequestEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 123,
"limitedCount": "xyz789",
"edges": [AccessRequestEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 987
}
AccessRequestConnectionResult
Types
| Union Types |
|---|
Example
AccessRequestConnection
AccessRequestDataObjectWhatInput
Description
Input type for a WHAT item for an access request, in case it is a data object.
Example
{
"id": "xyz789",
"permissions": ["xyz789"],
"globalPermissions": ["abc123"]
}
AccessRequestDataObjectWhatItem
Description
Represents a WHAT item of the access request in case it is a data object.
Fields
| Field Name | Description |
|---|---|
dataObject - DataObject!
|
The data object that is requested access to. |
permissions - [String!]
|
The permissions that are requested on this data object. |
globalPermissions - [String!]
|
The global permissions that are requested on this data object. |
Example
{
"dataObject": DataObject,
"permissions": ["xyz789"],
"globalPermissions": ["abc123"]
}
AccessRequestEdge
Description
The edge type for AccessRequestConnection
Fields
| Field Name | Description |
|---|---|
node - AccessRequest
|
The actual access request object. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": AccessRequest,
"cursor": "xyz789"
}
AccessRequestFilterInput
Description
Defines the filter options for listing access requests.
Fields
| Input Field | Description |
|---|---|
search - String
|
The search string to use (will do a case-insensitive 'contains') |
datasource - String
|
The data source that is involved in the access request. |
createdBy - String
|
Filter on the user that created the access request. |
states - [AccessRequestStatus!]
|
Filter on the states of access request. |
outcomes - [AccessRequestOutcome!]
|
Filter on the outcomes of the access request. |
who - [String!]
|
Filter on the beneficiaries for the access request. |
assignees - [String!]
|
Filter on the assignees for the access request. |
Example
{
"search": "abc123",
"datasource": "abc123",
"createdBy": "abc123",
"states": ["Created"],
"outcomes": ["None"],
"who": ["abc123"],
"assignees": ["abc123"]
}
AccessRequestInput
Description
Input type for creating and updating access requests.
Fields
| Input Field | Description |
|---|---|
name - String
|
The display name for the access request. |
description - String
|
The description for the access request. |
who - AccessRequestWhoInput
|
The beneficiaries for the access request. |
what - [AccessRequestWhatInput!]
|
The WHAT items for the acccess request. |
implementationExpiresAt - Time
|
Optional expirtion date for the request. |
anyExpirationAllowed - Boolean
|
If true, any expiration date can be set by the implementer to satisfy the request. |
Example
{
"name": "xyz789",
"description": "abc123",
"who": AccessRequestWhoInput,
"what": [AccessRequestWhatInput],
"implementationExpiresAt": "10:15:30Z",
"anyExpirationAllowed": false
}
AccessRequestOrderByInput
AccessRequestOrderByWhoInput
Description
Defines the sorting configuration for access request WHO items.
Fields
| Input Field | Description |
|---|---|
name - Sort
|
Example
{"name": "Asc"}
AccessRequestOutcome
Description
The possible outcomes for an access request
Values
| Enum Value | Description |
|---|---|
|
|
Not implemented yet. |
|
|
Rejected by one of the assignees. |
|
|
Fully implemented when closed. |
|
|
Only some elements of the request were implemented when closed. |
|
|
Nothing has been implemented yet (on open) |
|
|
Only some elements of the request are currently implemented (on open). |
|
|
Canceled by the requester. |
Example
"None"
AccessRequestResult
Types
| Union Types |
|---|
Example
AccessRequest
AccessRequestStatus
Description
The possible statuses for an access request.
Values
| Enum Value | Description |
|---|---|
|
|
The access request is created |
|
|
The access request must be implemented by the data owners. |
|
|
The access request has been closed. |
Example
"Created"
AccessRequestStatusUpdate
Description
The comment type representing an update to an access request.
Fields
| Field Name | Description |
|---|---|
outcome - AccessRequestOutcome
|
|
status - AccessRequestStatus
|
Example
{"outcome": "None", "status": "Created"}
AccessRequestWhatInput
Description
Input type for a WHAT item of an access request. Either dataObject or accessControl must be set.
Fields
| Input Field | Description |
|---|---|
dataObject - AccessRequestDataObjectWhatInput
|
The data object that you request access to. |
accessControl - AccessRequestAccessControlWhatInput
|
The access control you request access to. |
Example
{
"dataObject": AccessRequestDataObjectWhatInput,
"accessControl": AccessRequestAccessControlWhatInput
}
AccessRequestWhatItem
Description
Represents a WHAT item in the access request.
Fields
| Field Name | Description |
|---|---|
dataObject - AccessRequestDataObjectWhatItem
|
The data object of the WHAT item. |
accessControl - AccessControlResult
|
The access control of the WHAT item. |
outcome - AccessRequestOutcome
|
The current output (implementation state) of this WHAT item. |
Example
{
"dataObject": AccessRequestDataObjectWhatItem,
"accessControl": AccessControl,
"outcome": "None"
}
AccessRequestWhatItemConnection
Description
The connection type for paginated lists of AccessRequestWhatItem.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [AccessRequestWhatItemEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [AccessRequestWhatItemEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 123
}
AccessRequestWhatItemConnectionResult
Types
| Union Types |
|---|
Example
AccessRequestWhatItemConnection
AccessRequestWhatItemEdge
Description
The edge type for AccessRequestWhatItemConnection
Fields
| Field Name | Description |
|---|---|
node - AccessRequestWhatItem
|
The actual access request WHAT item. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": AccessRequestWhatItem,
"cursor": "xyz789"
}
AccessRequestWhatItemFilterByInput
Description
Defines the sorting configuration for access request WHAT items.
Fields
| Input Field | Description |
|---|---|
search - String
|
Example
{"search": "xyz789"}
AccessRequestWhoInput
Description
Input type for the WHO items of an access request.
Example
{
"users": ["xyz789"],
"accessControls": ["abc123"]
}
AccessWhatAccessControlItem
Description
Represents the access control item in the WHAT list of an access control.
Fields
| Field Name | Description |
|---|---|
accessControl - AccessControl
|
The access control that is part of the WHAT items of this access control. |
expiresAt - Time
|
The optional expiration time for this WHAT item. |
Example
{
"accessControl": AccessControl,
"expiresAt": "10:15:30Z"
}
AccessWhatAccessControlItemConnection
Description
The connection type for paginated lists of AccessWhatAccessControlItem.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [AccessWhatAccessControlItemEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [AccessWhatAccessControlItemEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 987
}
AccessWhatAccessControlItemConnectionResult
Example
AccessWhatAccessControlItemConnection
AccessWhatAccessControlItemEdge
Description
The edge type for AccessWhatAccessControlItemConnection
Fields
| Field Name | Description |
|---|---|
node - AccessWhatAccessControlItem
|
The actual access control item in the WHAT list. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": AccessWhatAccessControlItem,
"cursor": "xyz789"
}
AccessWhatDataObjectItem
Description
Represents the data object item in the WHAT list of an access control.
Fields
| Field Name | Description |
|---|---|
permissions - [String]
|
The permissions that are granted on this data object in the access control. |
globalPermissions - [String]
|
The global permissions that are granted on this data object in the access control. |
dataObject - DataObject
|
The data object that the access is provided on (granted, masked or filtered). |
expiresAt - Time
|
The optional expiration time for this WHAT item. This is only used for Direct Access grants. |
Example
{
"permissions": ["xyz789"],
"globalPermissions": ["abc123"],
"dataObject": DataObject,
"expiresAt": "10:15:30Z"
}
AccessWhatDataObjectItemConnection
Description
The connection type for paginated lists of AccessWhatDataObjectItem.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [AccessWhatDataObjectItemEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "abc123",
"edges": [AccessWhatDataObjectItemEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 987
}
AccessWhatDataObjectItemConnectionResult
Example
AccessWhatDataObjectItemConnection
AccessWhatDataObjectItemEdge
Description
The edge type for AccessWhatDataObjectItemConnection
Fields
| Field Name | Description |
|---|---|
node - AccessWhatDataObjectItem
|
The actual WHAT item for a data object. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": AccessWhatDataObjectItem,
"cursor": "abc123"
}
AccessWhatFilterInput
Description
Defines the filter options for listing the WHAT items of an access control. When using multiple filter options, all these options need to apply to return the item.
Fields
| Input Field | Description |
|---|---|
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
includeDeleted - Boolean
|
If true, also deleted WHAT items are returned. |
owners - [String!]
|
List of user IDs to filter on who owns the WHAT items. |
hasTags - [TagFilter!]
|
Filter by which tags the WHAT item needs to have. |
abacRule - ID
|
Optional ABAC rule to filter the what-list on. Only applicable when requesting data objects WHAT list without unpacking |
Example
{
"search": "abc123",
"includeDeleted": true,
"owners": ["xyz789"],
"hasTags": [TagFilter],
"abacRule": 4
}
AccessWhatOrderByInput
Description
Defines the sorting configuration for the access control WHAT list.
Fields
| Input Field | Description |
|---|---|
name - Sort
|
Example
{"name": "Asc"}
AccessWhoItem
Description
Represents an item in the WHO list of an access control.
Fields
| Field Name | Description |
|---|---|
item - AccessWhoItemItem!
|
The actual item in the WHO list. |
sharedTarget - DataObject
|
|
expiresAt - Time
|
The optional expiration time for this WHO item. |
type - AccessWhoItemType!
|
Determines whether the access is granted directly or only as a promise (pre-approval). |
promiseDuration - Duration
|
In case type=WhoPromise, this indicates the duration of the grant when access to a promise is requested. |
Example
{
"item": User,
"sharedTarget": DataObject,
"expiresAt": "10:15:30Z",
"type": "WhoGrant",
"promiseDuration": "P3Y6M4DT12H30M5S"
}
AccessWhoItemConnection
Description
The connection type for paginated lists of AccessWhoItem.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [AccessWhoItemEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 123,
"limitedCount": "xyz789",
"edges": [AccessWhoItemEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 987
}
AccessWhoItemConnectionResult
Types
| Union Types |
|---|
Example
AccessWhoItemConnection
AccessWhoItemEdge
Description
The edge type for AccessWhoItemConnection
Fields
| Field Name | Description |
|---|---|
node - AccessWhoItem
|
The actual WHO item in the WHO list. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": AccessWhoItem,
"cursor": "xyz789"
}
AccessWhoItemItem
Types
| Union Types |
|---|
Example
User
AccessWhoItemType
Description
The possible values for the type of a WHO item.
Values
| Enum Value | Description |
|---|---|
|
|
Access is immediately granted. |
|
|
Access will automatically be granted if an access requests is created for this user or group. |
Example
"WhoGrant"
Account
Description
Represents an account (in a single data source) of a user.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
The unique identifier of the account. |
accountName - String!
|
The account name. |
name - String!
|
The display name. |
email - String
|
The email address. |
createdAt - Time!
|
The time this account was first created. |
modifiedAt - Time!
|
The time this account was last modified. |
deleted - Boolean!
|
Indicates if this account is deleted or not. |
tags - TagConnectionResult!
|
List the tags of the account. |
Arguments |
|
user - User!
|
The user with which this account is associated. |
dataSource - DataSource!
|
The data source with which this account is associated. |
Example
{
"id": 4,
"accountName": "abc123",
"name": "abc123",
"email": "xyz789",
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"deleted": true,
"tags": TagConnection,
"user": User,
"dataSource": DataSource
}
AccountConnection
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [AccountEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [AccountEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 123
}
AccountConnectionResult
Types
| Union Types |
|---|
Example
AccountConnection
AccountEdge
Description
The edge type for AccountConnection
Example
{
"node": Account,
"cursor": "abc123"
}
AccountFilterInput
Description
Defines the filter options for account lists.
Fields
| Input Field | Description |
|---|---|
dataSources - [ID!]
|
The data sources this account should originate from. |
users - [ID!]
|
The users which should be associated with the account. |
accessControlGroups - [ID!]
|
The groups the account should be in. |
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
includeDeleted - Boolean
|
If true, also deleted accounts will be returned. |
Example
{
"dataSources": ["4"],
"users": ["4"],
"accessControlGroups": ["4"],
"search": "abc123",
"includeDeleted": true
}
AccountOrderByInput
AlreadyExistsError
BaseError
Description
Base interface for error types.
Fields
| Field Name | Description |
|---|---|
message - String!
|
Possible Types
| BaseError Types |
|---|
Example
{"message": "abc123"}
BinaryExpressionAggregatorOperator
Description
The aggregator operators for the boolean expressions.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"And"
BinaryExpressionLiteralBool
Description
Represents a simple boolean expression stating either true or false'.
Fields
| Field Name | Description |
|---|---|
value - Boolean!
|
Example
{"value": true}
BinaryExpressionUnaryExpressionOperator
Description
The unary operators for the boolean expressions.
Values
| Enum Value | Description |
|---|---|
|
|
Example
"Not"
Boolean
Description
The Boolean scalar type represents true or false.
Example
true
CatalogAsset
Description
Contains the information to link a data object in Collibra Data Access to the corresponding Technical Asset in Collibra Catalog.
Fields
| Field Name | Description |
|---|---|
assetId - UUID
|
The ID of the asset in Collibra Catalog. |
assetTypeId - UUID
|
The ID of the type of the asset in Collibra Catalog. |
dataObjects - [DataObject!]
|
The data objects that correspond to this catalog asset. |
roleAssetLink - RoleAssetLink
|
The role asset link that connects this catalog asset to an access control (role), if any. |
Example
{
"assetId": "c278447b-cc03-4681-a85b-58510e203e42",
"assetTypeId": "c278447b-cc03-4681-a85b-58510e203e42",
"dataObjects": [DataObject],
"roleAssetLink": RoleAssetLink
}
CatalogAssetResult
Types
| Union Types |
|---|
Example
CatalogAsset
Comment
Description
Represents a single comment.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
The unique identifier of the comment. |
entityId - ID!
|
The ID of the entity this comment is linked to. |
entityType - EntityType!
|
The type of entity this comment is linked to. |
createdBy - User
|
The user that created the comment. |
createdAt - Time!
|
The time this comment was created. |
modifiedAt - Time!
|
The time this comment was last modified. |
threadId - ID
|
An optional unique identifier of the thread (parent comment) this comment is part of. |
message - MessageValue!
|
The message of the comment. These can be typed to support normal user comments, but also structured comments for specific functionalities. |
thread - CommentConnectionResult!
|
The list of comments in the thread (children of this comment). |
Arguments |
|
Example
{
"id": "4",
"entityId": 4,
"entityType": "AccessControl",
"createdBy": User,
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"threadId": 4,
"message": UserMessage,
"thread": CommentConnection
}
CommentConnection
Description
The connection type for paginated lists of Comment.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [CommentEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "abc123",
"edges": [CommentEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 123
}
CommentConnectionResult
Types
| Union Types |
|---|
Example
CommentConnection
CommentEdge
Description
The edge type for CommentConnection
Example
{
"node": Comment,
"cursor": "xyz789"
}
CommentInput
Description
Input object for creating comments.
Fields
| Input Field | Description |
|---|---|
entityId - ID!
|
The ID of the entity this comment should be on. |
entityType - EntityType!
|
The type of the entity this comment should be on. |
threadId - ID
|
The optional parent comment ID to respond in a thread. |
message - String!
|
The string message. |
Example
{
"entityId": 4,
"entityType": "AccessControl",
"threadId": "4",
"message": "abc123"
}
CommentOrderByInput
Description
Determines the sorting order for comments.
Fields
| Input Field | Description |
|---|---|
createdAt - Sort
|
Example
{"createdAt": "Asc"}
CommentResult
Types
| Union Types |
|---|
Example
Comment
CommentUpdateInput
Count
CountResult
Types
| Union Types |
|---|
Example
Count
DataAccessReturnItemOrderByInput
Description
Specifies the sorting options for sorting the users that have access on a data object.
Fields
| Input Field | Description |
|---|---|
user - UserOrderByInput
|
|
accessControl - AccessControlOrderByInput
|
Example
{
"user": UserOrderByInput,
"accessControl": AccessControlOrderByInput
}
DataComparisonExpression
Example
BinaryExpressionLiteralBool
DataComparisonExpressionAggregator
Description
Represents an aggregator boolean expression with a single operator (e.g. X OR Y OR Z).
Fields
| Field Name | Description |
|---|---|
operator - BinaryExpressionAggregatorOperator!
|
The aggregator operator to use. |
operands - [DataComparisonExpression!]!
|
The list of operands to combine with the operator. |
Example
{
"operator": "And",
"operands": [BinaryExpressionLiteralBool]
}
DataComparisonExpressionAggregatorInput
Description
Input object to create an aggregator expression (e.g. X OR Y OR Z).
Fields
| Input Field | Description |
|---|---|
operator - BinaryExpressionAggregatorOperator!
|
The operator to use. |
operands - [DataComparisonExpressionInput!]!
|
The operands which will be combined with the operator. |
Example
{
"operator": "And",
"operands": [DataComparisonExpressionInput]
}
DataComparisonExpressionBinaryLiteral
Description
Represents a boolean literal.
Fields
| Field Name | Description |
|---|---|
value - Boolean!
|
Example
{"value": true}
DataComparisonExpressionComparison
Description
Represents a single simple comparison expression (i.e. A < B)
Fields
| Field Name | Description |
|---|---|
operator - DataComparisonExpressionComparisonOperator!
|
The comparison operator to use. |
leftOperand - DataComparisonExpressionOperand!
|
The left operand. |
rightOperand - DataComparisonExpressionOperand!
|
The right operand. |
Example
{
"operator": "Equal",
"leftOperand": DataComparisonExpressionReference,
"rightOperand": DataComparisonExpressionReference
}
DataComparisonExpressionComparisonInput
Description
Input object to create a comparison expression (i.e. field < value).
Fields
| Input Field | Description |
|---|---|
operator - DataComparisonExpressionComparisonOperator!
|
The operator for the expression. |
leftOperand - DataComparisonExpressionOperandInput!
|
The left operand. |
rightOperand - DataComparisonExpressionOperandInput!
|
The right operand. |
Example
{
"operator": "Equal",
"leftOperand": DataComparisonExpressionOperandInput,
"rightOperand": DataComparisonExpressionOperandInput
}
DataComparisonExpressionComparisonOperator
Description
The different comparison operators.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Equal"
DataComparisonExpressionEntityType
Description
The possible ways to reference a data object.
Values
| Enum Value | Description |
|---|---|
|
|
Reference will happen through data object ID. |
|
|
Reference will happen through the column name. |
Example
"DataObject"
DataComparisonExpressionFloatLiteral
Description
Represents a float literal.
Fields
| Field Name | Description |
|---|---|
value - Float!
|
Example
{"value": 123.45}
DataComparisonExpressionInput
Description
Input object to create a comparison expression. Exactly one of the fields should be specific, depending on the type.
Fields
| Input Field | Description |
|---|---|
literal - Boolean
|
In case you want to simply have a boolean literal to determine the outcome. |
comparison - DataComparisonExpressionComparisonInput
|
To specify a single comparison (e.g. field < value). |
aggregator - DataComparisonExpressionAggregatorInput
|
To specify an aggregator expression (e.g. X OR Y OR Z). |
unaryExpression - DataComparisonExpressionUnaryExpressionInput
|
To specify a unary expression (e.g. NOT X). |
Example
{
"literal": true,
"comparison": DataComparisonExpressionComparisonInput,
"aggregator": DataComparisonExpressionAggregatorInput,
"unaryExpression": DataComparisonExpressionUnaryExpressionInput
}
DataComparisonExpressionIntLiteral
Description
Represents an integer literal.
Fields
| Field Name | Description |
|---|---|
value - Int!
|
Example
{"value": 987}
DataComparisonExpressionLiteral
Description
Input object to represent a literal value. Exactly one of the fields should be specified.
Example
{
"bool": false,
"int": 987,
"float": 987.65,
"str": "abc123",
"timestamp": "10:15:30Z"
}
DataComparisonExpressionOperand
Example
DataComparisonExpressionReference
DataComparisonExpressionOperandInput
Description
Input object to represent an operand. Exactly one of the fields should be specified.
Fields
| Input Field | Description |
|---|---|
reference - DataComparisonExpressionReferenceInput
|
A reference to a data object. |
literal - DataComparisonExpressionLiteral
|
A literal. |
Example
{
"reference": DataComparisonExpressionReferenceInput,
"literal": DataComparisonExpressionLiteral
}
DataComparisonExpressionReference
Description
Represents an operand referring to an object in the Collibra Data Access graph
Fields
| Field Name | Description |
|---|---|
entityType - DataComparisonExpressionEntityType!
|
The type with which the object is referenced. |
entityId - ID!
|
The ID of the entity. |
item - DataObject
|
The actual data object that is referenced. |
Example
{
"entityType": "DataObject",
"entityId": "4",
"item": DataObject
}
DataComparisonExpressionReferenceInput
Description
Input object to reference a data object.
Fields
| Input Field | Description |
|---|---|
entityType - DataComparisonExpressionEntityType!
|
The way you want to reference the data object. |
entityId - ID!
|
The data object ID or column name. |
Example
{
"entityType": "DataObject",
"entityId": "4"
}
DataComparisonExpressionStringLiteral
Description
Represents a string literal.
Fields
| Field Name | Description |
|---|---|
value - String!
|
Example
{"value": "xyz789"}
DataComparisonExpressionTimestampLiteral
Description
Represents a timestamp literal.
Fields
| Field Name | Description |
|---|---|
value - Time!
|
Example
{"value": "10:15:30Z"}
DataComparisonExpressionUnaryExpression
Description
Represents a unary expression (e.g. NOT X).
Fields
| Field Name | Description |
|---|---|
operator - BinaryExpressionUnaryExpressionOperator!
|
The unary operator to use. |
operand - DataComparisonExpression
|
The operand for the expression. |
Example
{
"operator": "Not",
"operand": BinaryExpressionLiteralBool
}
DataComparisonExpressionUnaryExpressionInput
Description
Input object to create a unary expression (e.g. NOT X).
Fields
| Input Field | Description |
|---|---|
operator - BinaryExpressionUnaryExpressionOperator!
|
The operator to use. |
operand - DataComparisonExpressionInput!
|
The operand to use with the operator. |
Example
{
"operator": "Not",
"operand": DataComparisonExpressionInput
}
DataObject
Description
Represents a data object in Collibra Data Access. These represents all the data entities in a data source (e.g. database, schema, table, column, folder, file, ...).
Fields
| Field Name | Description |
|---|---|
id - ID!
|
A internal unique identifier for the data object. |
name - String!
|
The name of the data object. |
fullName - String!
|
A name that can uniquely identify the data object within the data source. This is generated by the connector in a predefined format. |
description - String!
|
The description of the data object. |
type - String!
|
The type name of data object (one of the data object types defined in the data source meta data). |
objectType - DataObjectType
|
The actual type of the data object from the data source, containing characteristics for the type. |
deleted - Boolean!
|
Indicates if the data object is deleted (unknown) or not. |
dataType - String
|
Typically used for column to indicate the data type. |
ownerLock - Boolean!
|
If true, the owners for this data object cannot be edited through the UI and API. Typically because they are imported from the data source. |
createdAt - Time!
|
The time this data object was first created. |
modifiedAt - Time!
|
The time this data object was last modified. |
applicablePermissions - [Permission!]!
|
The list of data source permissions that can be set on this data object. This includes the permissions that can be set on the descendant of this data object as well. |
tags - TagConnectionResult!
|
The tags which are set directly on this data object. |
Arguments |
|
allTags - TagConnectionResult!
|
The tags set on this data object or any of its ancestors. |
Arguments |
|
parent - DataObject
|
The direct parent data object. |
parents - [DataObject!]!
|
All the ancestor objects in order (from direct parent to top-level). Can be used for building a breadcrumb. |
children - DataObjectConnectionResult!
|
The list of child data object. |
Arguments |
|
numberOfDistinctAccess - CountResult
|
Returns the number of users that have access to this data object. |
distinctAccess - GroupedDataAccessReturnItemConnectionResult!
|
List the users that have access to this data object, together with the permissions the user has and through which access controls these permissions are acquired. |
Arguments |
|
directDataSource - DataSource
|
Returns the direct data source linked to the data object. Returns null if there is none (probably because it has a parent data object). |
dataSource - DataSource
|
Returns the data source linked to the data object. This can be linked through its parents. |
owners - [RoleAssignmentTo]
|
Retrieves the owners of this data object. |
Arguments
|
|
accessControls - AccessControlConnectionResult!
|
Lists the access controls that are associated with this data object. |
Arguments |
|
catalogAsset - CatalogAssetResult
|
The asset in Collibra Catalog that this data object is linked to. |
Example
{
"id": 4,
"name": "abc123",
"fullName": "xyz789",
"description": "abc123",
"type": "abc123",
"objectType": DataObjectType,
"deleted": true,
"dataType": "xyz789",
"ownerLock": false,
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"applicablePermissions": [Permission],
"tags": TagConnection,
"allTags": TagConnection,
"parent": DataObject,
"parents": [DataObject],
"children": DataObjectConnection,
"numberOfDistinctAccess": Count,
"distinctAccess": GroupedDataAccessReturnItemConnection,
"directDataSource": DataSource,
"dataSource": DataSource,
"owners": [User],
"accessControls": AccessControlConnection,
"catalogAsset": CatalogAsset
}
DataObjectConnection
Description
The connection type for paginated lists of DataObject.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [DataObjectEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [DataObjectEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 123
}
DataObjectConnectionResult
Types
| Union Types |
|---|
Example
DataObjectConnection
DataObjectEdge
Description
The edge type for DataObjectConnection
Fields
| Field Name | Description |
|---|---|
node - DataObject
|
The actual data object. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": DataObject,
"cursor": "xyz789"
}
DataObjectFilterInput
Description
Input object for filtering a list of data objects.
Fields
| Input Field | Description |
|---|---|
dataSources - [ID!]
|
Limit only to data objects in specific data sources. |
parents - [ID!]
|
Limit only to data objects with given (direct) parents. |
ancestors - [ID!]
|
Limit only to data objects with given ancestors. |
types - [String!]
|
Limit only to data object with given types. Cannot be used together with the excludedTypes filter. |
excludedTypes - [String!]
|
Do not returns data objects with the given types. Cannot be used together with the types filter. |
canHavePermissions - Boolean
|
Only returns data objects of types that can have permissions assigned to them (e.g. this will exclude columns). This is false by default. |
fullNames - [String!]
|
Filter on the full names of the data object. |
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
includeDataSource - Boolean
|
If true, also data top-level data object of type datasource is included. |
owners - [String!]
|
Limit the data objects for which any of the given users is an owner. |
includeDeleted - Boolean
|
If true, also deleted (unknown) data objects are included. |
dataTypes - [String!]
|
Limit to certain data types (typically for columns). |
exclude - [String!]
|
Excluded a fixed list of data objects. |
hasTags - [TagFilter!]
|
Filters by the tags that the data object has. |
whatAbacRule - WhatAbacRuleInput
|
Return only data objects matched by the given WHAT ABAC rule. The rule's scope is mandatory. ANDed with all other filter fields (e.g. types, search, dataSources). permissions / globalPermissions on the rule are ignored. |
Example
{
"dataSources": [4],
"parents": ["4"],
"ancestors": ["4"],
"types": ["abc123"],
"excludedTypes": ["xyz789"],
"canHavePermissions": false,
"fullNames": ["xyz789"],
"search": "xyz789",
"includeDataSource": true,
"owners": ["xyz789"],
"includeDeleted": false,
"dataTypes": ["xyz789"],
"exclude": ["abc123"],
"hasTags": [TagFilter],
"whatAbacRule": WhatAbacRuleInput
}
DataObjectOrderByInput
DataObjectType
Description
Describes a data object type (e.g. table, schema, column, folder, file ...).
Fields
| Field Name | Description |
|---|---|
name - String!
|
The unique name of the data object type within the data source. |
type - String!
|
The name of the type of the data object type. This is used to group similar data object types in the same table in the user interface. For example, external-table, table and special-table could all have type table. |
label - String
|
The display label for this data object type. |
children - [String!]!
|
The data object types that can be a child of this data object type (referenced by the name field). |
permissions - [DataObjectTypePermission!]!
|
The permissions which are applicable on this data object type. |
globalPermissions - [DataObjectTypeGlobalPermission!]
|
The global permissions which are applicable on this data object type. |
canHavePermissions - Boolean
|
If false, no permissions can be set on this data object type (also not inherited from the parents). For example, a column typically doesn't have permissions. |
catalogType - String
|
Used to map the data object type to a catalog type in Collibra. For example, a data object type 'project' for Google BigQuery could map to catalog type 'database' in Collibra. |
canBeMasked - Boolean!
|
If true, the data object type can be used as what item of a mask |
canBeFiltered - Boolean!
|
If true, the data object type can be used as what item of a filter |
Example
{
"name": "xyz789",
"type": "xyz789",
"label": "abc123",
"children": ["xyz789"],
"permissions": [DataObjectTypePermission],
"globalPermissions": [DataObjectTypeGlobalPermission],
"canHavePermissions": true,
"catalogType": "abc123",
"canBeMasked": false,
"canBeFiltered": false
}
DataObjectTypeGlobalPermission
Description
Describes the global permissions on a data object type.
Example
{
"globalPermission": "xyz789",
"permissions": ["xyz789"]
}
DataObjectTypePermission
Description
Describes a permission on a data object type.
Fields
| Field Name | Description |
|---|---|
permission - String!
|
The permission itself, specific to the data source (e.g. SELECT, INSERT, roles/bigquery.dataViewer...). |
globalPermissions - [String!]
|
The global permissions under which this permission can be categorized. |
description - String
|
The description of the permissions. |
cannotBeGranted - Boolean
|
If true, this permission cannot be set by the user in the user interface. |
Example
{
"permission": "abc123",
"globalPermissions": ["xyz789"],
"description": "xyz789",
"cannotBeGranted": true
}
DataSource
Description
Represents a data sourcein Collibra Data Access.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
The unique identifier of the data source. |
name - String!
|
The display name of the data source. |
description - String!
|
The description of the data source. |
createdAt - Time!
|
Indicates when the data source was initially created. |
modifiedAt - Time!
|
Indicates when the data source was last modified. |
accessLastChanged - Time
|
Indicates when access controls in this data source were last modified. |
supportsColumnMasking - Boolean!
|
If true, this data source supports column masking. This is set by the connector during a sync. |
supportsRowFiltering - Boolean!
|
If true, this data source supports row-level filtering. This is set by the connector during a sync. |
hasAcl - Boolean!
|
If true, this data source contains ACL-type access controls. This is set by the connector during a sync. |
dataObjectTypes - [DataObjectType!]!
|
The list of data object types that are available in this data source. This is set by the connector during a sync. |
accessControlTypes - [AccessControlType!]!
|
The list of access control types that are available in this data source. This is set by the connector during a sync. |
type - String!
|
The type identifier of this data source. This is set by the connector during a sync. |
system - Boolean!
|
If true, this data source is provisioned by the system (e.g. the Collibra system data source) and cannot be edited, synced, or deleted. |
maskingMetadata - MaskingMetadata
|
Contains meta data about how column masking works in this data source. |
filterMetadata - FilterMetadata
|
Contains meta data about how row-level filtering works in this data source. |
tags - TagConnectionResult!
|
List the tags that are set on this data source. |
Arguments |
|
dataObjects - DataObjectConnectionResult!
|
List the data objects in this data source. |
Arguments |
|
accessControls - AccessControlConnectionResult!
|
List the access controls that are linked to this data source. |
Arguments |
|
owners - [RoleAssignmentTo]
|
List the owners of the data source. |
Arguments
|
|
dataSourceLastSuccessfulSync - Time
|
The time at which the data objects of this data source were last successfully synced. |
identitiesLastSuccessfulSync - Time
|
The time at which the identities of this data source were last successfully synced. |
accessControlsFromTargetLastSuccessfulSync - Time
|
The time at which the access controls of this data source were last successfully synced. |
accessControlsToTargetLastSuccessfulSync - Time
|
The time at which the access controls to this data source were last successfully synced. |
parent - DataSource
|
The optional parent data source. |
children - [DataSource]!
|
The optional children data sources. |
accountsForCurrentUser - AccountConnectionResult!
|
Lists the accounts of the current user in the given data source. |
Arguments |
|
syncSchedule - DataSourceSyncScheduleSettings
|
Retrieves the synchronization schedule settings for this data source. |
catalogSystemId - UUID
|
The UUID of the System asset in Collibra Catalog. |
defaultGrantType - String!
|
Gets the default grant type for a specific grant category in this data source. |
Arguments
|
|
Example
{
"id": "4",
"name": "abc123",
"description": "abc123",
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"accessLastChanged": "10:15:30Z",
"supportsColumnMasking": false,
"supportsRowFiltering": true,
"hasAcl": false,
"dataObjectTypes": [DataObjectType],
"accessControlTypes": [AccessControlType],
"type": "xyz789",
"system": true,
"maskingMetadata": MaskingMetadata,
"filterMetadata": FilterMetadata,
"tags": TagConnection,
"dataObjects": DataObjectConnection,
"accessControls": AccessControlConnection,
"owners": [User],
"dataSourceLastSuccessfulSync": "10:15:30Z",
"identitiesLastSuccessfulSync": "10:15:30Z",
"accessControlsFromTargetLastSuccessfulSync": "10:15:30Z",
"accessControlsToTargetLastSuccessfulSync": "10:15:30Z",
"parent": DataSource,
"children": [DataSource],
"accountsForCurrentUser": AccountConnection,
"syncSchedule": DataSourceSyncScheduleSettings,
"catalogSystemId": "c278447b-cc03-4681-a85b-58510e203e42",
"defaultGrantType": "xyz789"
}
DataSourceConnection
Description
The connection type for paginated lists of DataSource.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [DataSourceEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [DataSourceEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 987
}
DataSourceConnectionResult
Types
| Union Types |
|---|
Example
DataSourceConnection
DataSourceEdge
Description
The edge type for DataSourceConnection
Fields
| Field Name | Description |
|---|---|
node - DataSource
|
The actual data source. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": DataSource,
"cursor": "abc123"
}
DataSourceFilterInput
Description
Represents the filter options for listing data sources.
Fields
| Input Field | Description |
|---|---|
types - [String!]
|
|
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
parent - String
|
Only show data sources with a specific parent data source. |
owners - [String!]
|
List of user IDs to filter on who owns the data source. |
includeSystem - Boolean
|
If false, system data sources are excluded from the results. By default, system data sources are included. |
Example
{
"types": ["abc123"],
"search": "xyz789",
"parent": "abc123",
"owners": ["abc123"],
"includeSystem": true
}
DataSourceInput
Description
Input object for creating or updating a data source.
Fields
| Input Field | Description |
|---|---|
name - String
|
The display name of the data source. |
description - String
|
The description of the data source. |
parent - String
|
The optional parent data source. |
syncSchedule - DataSourceSyncScheduleInput
|
The synchronization schedule configuration. |
catalogSystemId - UUID
|
The optional UUID of the system asset from Collibra Catalog this data source corresponds with. Pass 00000000-0000-0000-0000-000000000000 to clear. |
type - String
|
type indicates the type of data source (Snowflake, BigQuery, etc.). |
edgeSiteId - String
|
The ID of the Edge Site associated with this data source. |
edgeConnectionId - String
|
The ID of the Edge Connection associated with this data source. |
Example
{
"name": "abc123",
"description": "xyz789",
"parent": "abc123",
"syncSchedule": DataSourceSyncScheduleInput,
"catalogSystemId": "c278447b-cc03-4681-a85b-58510e203e42",
"type": "xyz789",
"edgeSiteId": "xyz789",
"edgeConnectionId": "abc123"
}
DataSourceOrderByInput
Description
Defines the sorting options when listing data sources.
Fields
| Input Field | Description |
|---|---|
name - Sort
|
Example
{"name": "Asc"}
DataSourceResult
Types
| Union Types |
|---|
Example
DataSource
DataSourceSyncScheduleInput
Description
Input object to set the sync scheduling for a data source.
Fields
| Input Field | Description |
|---|---|
global - String
|
The cron expression for the global synchronization. Null will not update the global cron expression. Empty string will remove the global cron expression. |
dataObjectSync - String
|
If set, this overrides the global cron expression for the data object sync specifically. Null will not update the global cron expression. Empty string will remove the global cron expression. |
identitySync - String
|
If set, this overrides the global cron expression for the identity sync specifically. Null will not update the global cron expression. Empty string will remove the global cron expression. |
accessToTargetSync - String
|
If set, this overrides the global cron expression for the access control to target sync specifically. Null will not update the global cron expression. Empty string will remove the global cron expression. |
accessFromTargetSync - String
|
If set, this overrides the global cron expression for the access control from target sync specifically. Null will not update the global cron expression. Empty string will remove the global cron expression. |
Example
{
"global": "xyz789",
"dataObjectSync": "xyz789",
"identitySync": "xyz789",
"accessToTargetSync": "xyz789",
"accessFromTargetSync": "abc123"
}
DataSourceSyncScheduleSettings
Description
Represents the schedule settings for the data source synchronizations.
Fields
| Field Name | Description |
|---|---|
global - String
|
The cron expression for the global synchronization. |
dataObjectSync - String
|
If set, this overrides the global cron expression for the data object sync specifically. |
identitySync - String
|
If set, this overrides the global cron expression for the identity sync specifically. |
accessToTargetSync - String
|
If set, this overrides the global cron expression for the access control to target sync specifically. |
accessFromTargetSync - String
|
If set, this overrides the global cron expression for the access control from target sync specifically. |
Example
{
"global": "xyz789",
"dataObjectSync": "abc123",
"identitySync": "abc123",
"accessToTargetSync": "xyz789",
"accessFromTargetSync": "xyz789"
}
DeleteComment
Description
The result object for deleting a comment.
Fields
| Field Name | Description |
|---|---|
success - Boolean!
|
Example
{"success": false}
DeleteCommentResult
Types
| Union Types |
|---|
Example
DeleteComment
DeleteDataSource
Description
The result of deleting a data source.
Fields
| Field Name | Description |
|---|---|
success - Boolean!
|
Example
{"success": true}
DeleteDataSourceResult
Types
| Union Types |
|---|
Example
PermissionDeniedError
Duration
Example
"P3Y6M4DT12H30M5S"
EntityType
Description
All different types of entities in the system
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AccessControl"
FilterMetadata
Description
The meta data about how row-level filtering works in the data source.
Example
{
"filterOverridePermissions": ["abc123"],
"applicableTypes": ["abc123"]
}
Float
Description
The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
Example
987.65
GrantCategory
Description
Represent a grant category. Grant categories are used to categorize access controls with action=Grant to allow structuring them better.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
A unique identifier for the grant category. |
createdAt - Time!
|
The time at which the grant category was created. |
modifiedAt - Time!
|
The time at which the grant category was last modified. |
isSystem - Boolean!
|
If true, this grant category is provisioned by the system and cannot be edited or removed. |
name - String!
|
Display name for the grant category. |
namePlural - String!
|
The plural form of the display name for the grant category. |
description - String!
|
Description of the grant category. |
icon - String!
|
The icon to use in the user interface to identify grants of this category. |
isDefault - Boolean!
|
If true, new access controls will be created in this category as default and imported (external) access controls will also be in this category. |
canCreate - Boolean!
|
If true, access controls of this category can be created in the UI. |
descriptionMandatory - Boolean!
|
If true, providing a description for access controls in this category is mandatory. |
allowDuplicateNames - Boolean!
|
If true, it is possible to create multiple access controls with the same name in this category. Otherwise, this will be blocked. |
multiDataSource - Boolean!
|
If true, access controls in this category can be linked to multiple data sources. Otherwise, they will be limited to a single data source. |
defaultTypePerDataSource - [GrantCategoryTypeForDataSource!]
|
For each data source, a default access control type can be specified. |
globalExceptions - Boolean!
|
If true, no local exceptions for masks and filters are calculated for corresponding access controls. Regular global exceptions will be used instead. |
allowedWhoItems - GrantCategoryAllowedWhoItems!
|
Specifies which types can be put as WHO items for access controls in this category. |
allowedWhatItems - GrantCategoryAllowedWhatItems!
|
Specifies which types can be put as WHAT items for access controls in this category. |
nameRegEx - String
|
If specified, the name of access controls in this category need to comply with the given regular expression. |
nameRegExMsg - String
|
The message shown to the user when the name does not comply with the regular expression. |
namingHintRegEx - String
|
If specified, the naming hint of access controls in this category need to comply with the given regular expression. |
namingHintRegExMsg - String
|
The message shown to the user when the name does not comply with the regular expression. |
locksOnCreate - [AccessControlLock!]
|
The locks that need to be set when an access control in this category is created. |
Example
{
"id": 4,
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"isSystem": true,
"name": "abc123",
"namePlural": "abc123",
"description": "xyz789",
"icon": "abc123",
"isDefault": true,
"canCreate": false,
"descriptionMandatory": false,
"allowDuplicateNames": false,
"multiDataSource": false,
"defaultTypePerDataSource": [
GrantCategoryTypeForDataSource
],
"globalExceptions": false,
"allowedWhoItems": GrantCategoryAllowedWhoItems,
"allowedWhatItems": GrantCategoryAllowedWhatItems,
"nameRegEx": "abc123",
"nameRegExMsg": "xyz789",
"namingHintRegEx": "abc123",
"namingHintRegExMsg": "xyz789",
"locksOnCreate": ["WhoLock"]
}
GrantCategoryAllowedWhatItems
Description
Specifies which WHAT items are allowed for a grant category.
Fields
| Field Name | Description |
|---|---|
dataObject - Boolean!
|
If true, data objects are allowed in the WHAT list of the access control. |
Example
{"dataObject": false}
GrantCategoryAllowedWhoItems
Description
Specifies which WHO items are allowed for a grant category.
Fields
| Field Name | Description |
|---|---|
user - Boolean!
|
If true, users are allowed in the WHO list of the access control. |
group - Boolean!
|
If true, groups are allowed in the WHO list of the access control |
inheritance - Boolean!
|
If true, other access controls from any category are allowed in the WHO list of the access control. |
self - Boolean!
|
If true, other access controls from the same category are allowed in the WHO list of the access control. |
categories - [String!]
|
Access controls from the given categories are allowed in the WHO list of the access control. |
Example
{
"user": false,
"group": false,
"inheritance": true,
"self": true,
"categories": ["xyz789"]
}
GrantCategoryResult
Types
| Union Types |
|---|
Example
GrantCategory
GrantCategoryTypeForDataSource
Description
Specifies the type of the access control in the data source for a grant category.
Example
{
"dataSource": "4",
"type": "abc123"
}
GroupedDataAccessReturnItem
Description
Represents the information about the access a user has on a specific data object across one or more access controls.
Fields
| Field Name | Description |
|---|---|
permissions - [String]
|
The permissions the user has on the data object. |
globalPermissions - [String]
|
The global permissions the user has on the data object. |
user - User!
|
The user that has the access on the data object. |
nearestAccessControls - [AccessControl]
|
The access controls that provide the access to the data object for the user. |
expiresAt - Time
|
The time the access for the user expires. |
Example
{
"permissions": ["xyz789"],
"globalPermissions": ["abc123"],
"user": User,
"nearestAccessControls": [AccessControl],
"expiresAt": "10:15:30Z"
}
GroupedDataAccessReturnItemConnection
Description
The connection type for paginated lists of GroupedDataAccessReturnItem.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [GroupedDataAccessReturnItemEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [GroupedDataAccessReturnItemEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 987
}
GroupedDataAccessReturnItemConnectionResult
Example
GroupedDataAccessReturnItemConnection
GroupedDataAccessReturnItemEdge
Description
The edge type for GroupedDataAccessReturnItemConnection
Fields
| Field Name | Description |
|---|---|
node - GroupedDataAccessReturnItem
|
The actual item. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": GroupedDataAccessReturnItem,
"cursor": "xyz789"
}
GroupedUserAccessReturnItem
Description
Represents the information about the access a specific user has on a data object across one or more access controls.
Fields
| Field Name | Description |
|---|---|
permissions - [String]
|
The permissions the user has on the data object. |
globalPermissions - [String]
|
The global permissions the user has on the data object. |
dataObject - DataObject!
|
The data object the user has access to. |
nearestAccessControls - [AccessControl]
|
The access controls that provide the access to the data object for the user. |
expiresAt - Time
|
The time the access for the user expires. This will always be null when there are multiple items in nearestAccessControls |
Example
{
"permissions": ["abc123"],
"globalPermissions": ["xyz789"],
"dataObject": DataObject,
"nearestAccessControls": [AccessControl],
"expiresAt": "10:15:30Z"
}
GroupedUserAccessReturnItemConnection
Description
The connection type for paginated lists of GroupedUserAccessReturnItemEdge.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [GroupedUserAccessReturnItemEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [GroupedUserAccessReturnItemEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 123
}
GroupedUserAccessReturnItemConnectionResult
Example
GroupedUserAccessReturnItemConnection
GroupedUserAccessReturnItemEdge
Description
The edge type for GroupedUserAccessReturnItemConnection
Fields
| Field Name | Description |
|---|---|
node - GroupedUserAccessReturnItem
|
The actual item in the edge. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": GroupedUserAccessReturnItem,
"cursor": "xyz789"
}
ID
Description
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Example
4
Int
Description
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Example
123
InvalidInputError
Issue
Description
Represents an issue in Collibra Data Access. An issue can be created by the system when a potential problem is detected.
Fields
| Field Name | Description |
|---|---|
entity - IssueEntity!
|
The entity object on which the issue occurs. |
entityId - ID!
|
The ID of the entity on which the issue occurs. |
entityType - EntityType!
|
The type of the entity on which the issue occurs. |
issueType - IssueType!
|
The type of issue. |
issueLevel - IssueLevel!
|
The severity level of the issue. |
message - String!
|
The message describing the issue. |
createdAt - Time!
|
The time at which the issue was initially raised. |
otherEntityType - EntityType
|
The type of an optional additional entity the issue may be linked to. |
otherEntityId - String
|
The ID of an optional additional entity the issue may be linked to. |
Example
{
"entity": PermissionDeniedError,
"entityId": "4",
"entityType": "AccessControl",
"issueType": "AccessControlSync",
"issueLevel": "Recommendation",
"message": "abc123",
"createdAt": "10:15:30Z",
"otherEntityType": "AccessControl",
"otherEntityId": "xyz789"
}
IssueConnection
Description
The connection type for paginated lists of IssueConnection.
Fields
| Field Name | Description |
|---|---|
total - Int
|
|
limitedCount - String
|
|
edges - [IssueEdge!]
|
|
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 123,
"limitedCount": "xyz789",
"edges": [IssueEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 987
}
IssueConnectionResult
Types
| Union Types |
|---|
Example
IssueConnection
IssueEdge
Description
The edge type for IssueConnection
Example
{
"node": Issue,
"cursor": "abc123"
}
IssueEntity
Types
| Union Types |
|---|
Example
PermissionDeniedError
IssueFilterInput
Description
Represents the possible filter options for listing issues.
Fields
| Input Field | Description |
|---|---|
entityId - ID
|
Filter by the specific entity the issue is attached to. |
entityType - EntityType
|
Filter by the type of entity the issue is attached to. |
issueType - IssueType
|
Filter by issue type. |
issueLevel - IssueLevel
|
Filter by severity level. |
otherEntityId - ID
|
Filter by the additional entity the issue is attached to. |
otherEntityType - EntityType
|
Filter by the type of the additional entity the issue is attached to. |
Example
{
"entityId": "4",
"entityType": "AccessControl",
"issueType": "AccessControlSync",
"issueLevel": "Recommendation",
"otherEntityId": 4,
"otherEntityType": "AccessControl"
}
IssueLevel
Description
The different issue severity levels.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"Recommendation"
IssueOrderByInput
IssueType
Description
Possible issue types.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Raised when the WHO-scope ABAC rule recalculation failed for an access control. |
|
|
Raised when the WHAT-scope ABAC rule recalculation failed for an access control. |
Example
"AccessControlSync"
MaskType
Description
A single masking type.
Fields
| Field Name | Description |
|---|---|
displayName - String!
|
The display name of the masking type. |
externalId - String!
|
The IDof the masking type known by the connector. |
description - String!
|
The description of the masking type. |
dataTypes - [String!]
|
The list of data types on which this masking rule can be applied. |
precedence - Int
|
Determines precedence order between masking types so solve conflicts when multiple masking rules apply for a certain user on a certain column. |
Example
{
"displayName": "xyz789",
"externalId": "xyz789",
"description": "abc123",
"dataTypes": ["abc123"],
"precedence": 987
}
MaskingMetadata
Description
The meta data about how column masking works in the data source.
Fields
| Field Name | Description |
|---|---|
maskTypes - [MaskType!]
|
The available masking types the data source supports. |
defaultMaskExternalName - String
|
The default mask type. |
applicableTypes - [String!]
|
The data object types on which column masking is applicable. |
Example
{
"maskTypes": [MaskType],
"defaultMaskExternalName": "abc123",
"applicableTypes": ["xyz789"]
}
MessageValue
Types
| Union Types |
|---|
Example
UserMessage
NotFoundError
PageInfo
Permission
PermissionDeniedError
Description
Error when permission to the requested resource is denied.
Fields
| Field Name | Description |
|---|---|
message - String!
|
Example
{"message": "xyz789"}
PromiseDetailsResult
Types
| Union Types |
|---|
Example
PermissionDeniedError
Role
RoleAssetLink
Description
Represents a link between an access control (role/grant) and a Collibra asset (e.g. Data Product Port, Data Set).
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique identifier of the role asset link. |
assetId - ID!
|
The Collibra asset ID linked to the access control. |
accessControl - AccessControlResult
|
The access control (role) that this link belongs to. |
createdAt - Time!
|
Timestamp when the link was created. |
Example
{
"id": "4",
"assetId": "4",
"accessControl": AccessControl,
"createdAt": "10:15:30Z"
}
RoleAssigneeInput
RoleAssignment
Description
Represents the assignment of a role.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
The unique identifier for this role assignment. |
to - RoleAssignmentTo!
|
Describes who/what the role is assigned to. |
on - RoleAssignmentOn
|
Optionally describes which entity the role is assigned on. |
role - Role!
|
The role that is assigned. |
createdAt - Time
|
The time at which this role assignment was first created. |
modifiedAt - Time
|
The time at which this role assignment was last modified. |
Example
{
"id": "4",
"to": User,
"on": DataObject,
"role": Role,
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z"
}
RoleAssignmentConnection
Description
The connection type for paginated lists of RoleAssignment.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [RoleAssignmentEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "abc123",
"edges": [RoleAssignmentEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 987
}
RoleAssignmentConnectionResult
Types
| Union Types |
|---|
Example
RoleAssignmentConnection
RoleAssignmentEdge
Description
The edge type for RoleAssignmentConnection
Fields
| Field Name | Description |
|---|---|
node - RoleAssignment
|
The actual role assignment. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": RoleAssignment,
"cursor": "abc123"
}
RoleAssignmentFilterInput
Description
Describes the filter options for listing role assignments.
Fields
| Input Field | Description |
|---|---|
resource - ID
|
Filter on assignments on a specific resource. |
role - ID
|
Filter assignments for a specific role. |
user - ID
|
Filter assignments to a specific user. |
inherited - Boolean
|
Also included inherited assignments (from ancestor resources). By default (if not set), this is true. |
inheritedOnly - Boolean
|
If true, only the assignments on the ancestor resources are returned. By default (if not set), this is false. |
Example
{
"resource": "4",
"role": 4,
"user": "4",
"inherited": true,
"inheritedOnly": true
}
RoleAssignmentOn
Types
| Union Types |
|---|
Example
DataObject
RoleAssignmentOrderInput
RoleAssignmentTo
Types
| Union Types |
|---|
Example
User
RoleOwnerFilterInput
Description
Input object for filtering listing owners.
Fields
| Input Field | Description |
|---|---|
inherited - Boolean
|
Also included inherited assignments (from ancestor resources). By default (if not set), this is false. Default = false |
inheritedOnly - Boolean
|
If true, only the assignments on the ancestor resources are returned. By default (if not set), this is false. Default = false |
Example
{"inherited": false, "inheritedOnly": true}
RoleResult
Types
| Union Types |
|---|
Example
Role
SearchFilterInput
Description
Defines the filter options for doing full-text search.
Fields
| Input Field | Description |
|---|---|
types - [SearchType!]
|
Filter only on specific entity types. |
dataSources - [String!]
|
To search for data objects and access controls within specific data sources. |
dataObjectTypes - [String!]
|
To search for data objects with specific data object types. |
dataObjectIn - [String!]
|
To search for data objects within specific data object ancestors. |
grantCategories - [String!]
|
To search for access controls (grant) with specific categories. |
accessControlActions - [AccessControlAction!]
|
To search for access controls with specific actions. |
owners - [String!]
|
To search for entities which are owned by the given users or groups. |
tags - [TagFilter!]
|
To filter the search results by tags. For data objects this will look both up and down in the hierarchy. |
Example
{
"types": ["DataSource"],
"dataSources": ["abc123"],
"dataObjectTypes": ["xyz789"],
"dataObjectIn": ["xyz789"],
"grantCategories": ["xyz789"],
"accessControlActions": ["Grant"],
"owners": ["abc123"],
"tags": [TagFilter]
}
SearchItem
Types
| Union Types |
|---|
Example
User
SearchResultItem
Description
Represents a single search result item.
Fields
| Field Name | Description |
|---|---|
item - SearchItem
|
The item itself. |
score - Float
|
The search match score. |
Example
{"item": User, "score": 123.45}
SearchResultItemConnection
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [SearchResultItemEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [SearchResultItemEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 123
}
SearchResultItemConnectionResult
Types
| Union Types |
|---|
Example
SearchResultItemConnection
SearchResultItemEdge
Description
The edge type for SearchResultItemConnection
Fields
| Field Name | Description |
|---|---|
node - SearchResultItem
|
The actual search result item. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": SearchResultItem,
"cursor": "abc123"
}
SearchType
Description
The possible values for the entity types to search on.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"DataSource"
Sort
Values
| Enum Value | Description |
|---|---|
|
|
Sort ascendingly (lowest to highest) |
|
|
Sort descendingly (highest to lowest) |
Example
"Asc"
String
Description
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Example
"abc123"
StringValue
Fields
| Field Name | Description |
|---|---|
value - String
|
Example
{"value": "abc123"}
SyncData
Description
Represents the synchronization data for an access control on a specific data source.
Fields
| Field Name | Description |
|---|---|
dataSource - DataSource!
|
The data source this is applicable to |
actualName - String
|
The actual name of the access control in the target system, if applicable. |
accessControlType - AccessControlType
|
The meta data of the access control type in the target system. |
lastSuccessfulSync - Time
|
The time of the last successful sync. |
syncStatus - SyncStatus!
|
The current synchronization status of the access control on the data source. |
maskType - MaskType
|
In case of a mask access control, this indicates the type of mask. |
deleted - Boolean!
|
Whether the access control is marked as deleted. |
Example
{
"dataSource": DataSource,
"actualName": "xyz789",
"accessControlType": AccessControlType,
"lastSuccessfulSync": "10:15:30Z",
"syncStatus": "NotConnected",
"maskType": MaskType,
"deleted": false
}
SyncStatus
Values
| Enum Value | Description |
|---|---|
|
|
This data source has not been synced yet. |
|
|
The sync process has failed. |
|
|
This data source hasn't been synced in a long time. |
|
|
The sync process is currently running. |
|
|
The data source is fully synced. |
|
|
There are access control changes made in the data source that have not been synced yet. |
Example
"NotConnected"
Tag
Description
Represents a tag (key/value pair) on an entity.
Fields
| Field Name | Description |
|---|---|
key - String!
|
The key of the tag. |
stringValue - String
|
The string value of the tag. |
inherited - Boolean
|
Indicates if this tag was set directly on the entity or if it was inherited from a parent entity. |
source - String!
|
The source of the tag to differentiate between where the tag was coming from (e.g. the data source itself, Collibra catalog, ...). |
createdAt - Time!
|
Time when the tag was first created. |
modifiedAt - Time!
|
Time when the tag was last modified. |
Example
{
"key": "abc123",
"stringValue": "xyz789",
"inherited": true,
"source": "abc123",
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z"
}
TagConnection
Description
The connection type for paginated lists of Tag.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [TagEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "abc123",
"edges": [TagEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 123
}
TagConnectionResult
Types
| Union Types |
|---|
Example
TagConnection
TagEdge
Description
The edge type for TagConnection
Example
{
"node": Tag,
"cursor": "xyz789"
}
TagFilter
TagKeyConnection
Description
The connection type for paginated list of a tag keys.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [TagKeyEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [TagKeyEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 987
}
TagKeyConnectionResult
Types
| Union Types |
|---|
Example
TagKeyConnection
TagKeyEdge
Description
The edge type for TagKeyConnection
Fields
| Field Name | Description |
|---|---|
node - StringValue!
|
The actual tag key. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": StringValue,
"cursor": "abc123"
}
TagKeyFilterInput
Description
Specifies the filter options to filter lists of tags.
Fields
| Input Field | Description |
|---|---|
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
Example
{"search": "xyz789"}
TagOrderByInput
TagValueConnection
Description
The connection type for paginated list of tag values.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [TagValueEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 987,
"limitedCount": "xyz789",
"edges": [TagValueEdge],
"pageInfo": PageInfo,
"limit": 123,
"offset": 123
}
TagValueConnectionResult
Types
| Union Types |
|---|
Example
TagValueConnection
TagValueEdge
Description
The edge type for TagValueConnection
Fields
| Field Name | Description |
|---|---|
node - StringValue!
|
The actual string value of the tag. |
cursor - String
|
The cursor of this item for pagination. |
Example
{
"node": StringValue,
"cursor": "abc123"
}
TagValueFilterInput
Time
Example
"10:15:30Z"
UUID
Example
"c278447b-cc03-4681-a85b-58510e203e42"
User
Description
Represents a user in Collibra Data Access. It can be a human user or a machine user (service account) which groups accounts in different data sources.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
The unique identifier for the user. |
name - String!
|
The display name for the user. |
email - String
|
The email address for the user. This will be used to match new accounts. If the email address matches, the new accounts will be automatically added to the user. |
collibraUid - String
|
Deprecated: use accounts field filtered by the Collibra data source instead. Query accounts filtered by the Collibra system data source instead. |
type - UserType!
|
Whether this user is a human or machine user. |
createdAt - Time!
|
The time at which this user object was first created. |
modifiedAt - Time!
|
The time at which this user object was last modified. |
numberOfAccounts - Count
|
The number of accounts this user has. |
accounts - AccountConnectionResult!
|
List the accounts this user has in the different data sources. |
Arguments |
|
tags - TagConnectionResult!
|
List the tags that are directly assigned to the user. |
Arguments |
|
allTags - TagConnectionResult!
|
List the tags that are assigned to the user or any of the groups the user is in. |
Arguments |
|
numberOfDistinctAccess - CountResult
|
Returns the number of data objects that this user has access to. |
distinctAccess - GroupedUserAccessReturnItemConnectionResult!
|
List the data objects that this user has access to, together with the permissions the user has on these data objects. |
Arguments |
|
accessControls - AccessControlConnectionResult!
|
List the access controls that this user is a beneficiary of. |
Arguments
|
|
Example
{
"id": "4",
"name": "xyz789",
"email": "abc123",
"collibraUid": "abc123",
"type": "Human",
"createdAt": "10:15:30Z",
"modifiedAt": "10:15:30Z",
"numberOfAccounts": Count,
"accounts": AccountConnection,
"tags": TagConnection,
"allTags": TagConnection,
"numberOfDistinctAccess": Count,
"distinctAccess": GroupedUserAccessReturnItemConnection,
"accessControls": AccessControlConnection
}
UserAccessReturnItemOrderByInput
Fields
| Input Field | Description |
|---|---|
dataObject - DataObjectOrderByInput
|
Example
{"dataObject": DataObjectOrderByInput}
UserConnection
Description
The connection type for paginated lists of User.
Fields
| Field Name | Description |
|---|---|
total - Int
|
The total count of the items. Preferably use limitedCount instead of total as this is not good for performance. |
limitedCount - String
|
The limited count of the items. |
edges - [UserEdge!]
|
The list of edges containing the actual queried items. |
pageInfo - PageInfo!
|
Pagination information for the retrieved items. |
limit - Int
|
The limit used for the query. This can differ from the input limit due to restrictions or defaults. |
offset - Int
|
The offset that was used. This will only be filled in if possible (when cursors are sequential numbers). |
Example
{
"total": 123,
"limitedCount": "xyz789",
"edges": [UserEdge],
"pageInfo": PageInfo,
"limit": 987,
"offset": 987
}
UserConnectionResult
Types
| Union Types |
|---|
Example
UserConnection
UserEdge
Description
The edge type for UserConnection
Example
{
"node": User,
"cursor": "abc123"
}
UserFilterInput
Description
Defines the filter options for listing users.
Fields
| Input Field | Description |
|---|---|
dataSources - [ID!]
|
Only return the users what have an account in any of the given data sources. |
search - String
|
The search string to use (will do a case-insensitive 'contains'). |
type - UserType
|
Only return human or machine users. |
exclude - [String!]
|
Exclude a specific fixed list of users. |
hasTags - [TagFilter!]
|
Only return users that have certain tags. |
isCollibraUser - Boolean
|
To filter users that exists or not exists as a Collibra platform user |
whoAbacRule - WhoAbacRuleInput
|
Return only users matched by the given WHO ABAC rule. ANDed with all other filter fields (e.g. search, type, dataSources). |
Example
{
"dataSources": [4],
"search": "xyz789",
"type": "Human",
"exclude": ["abc123"],
"hasTags": [TagFilter],
"isCollibraUser": true,
"whoAbacRule": WhoAbacRuleInput
}
UserMessage
Description
Represents a normal user comment.
Fields
| Field Name | Description |
|---|---|
message - String!
|
The string value of the message. |
Example
{"message": "abc123"}
UserOrderByInput
UserResult
Types
| Union Types |
|---|
Example
User
UserType
Description
The possible user types.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"Human"
WhatAbacRule
Description
Represents a single ABAC rule for the WHAT items of an access control.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
doTypes - [String!]
|
The data object types that this ABAC rule applies to. |
permissions - [String!]
|
The permissions the data objects from this ABAC rule will receive. |
globalPermissions - [String!]
|
The global permissions the data objects from this ABAC rule will receive. |
rule - AbacComparisonExpression
|
The boolean expression defining the ABAC rule. |
scope - DataObjectConnectionResult!
|
Retrieves the scope Data Objects for a specific WHAT ABAC rule. |
Arguments |
|
Example
{
"id": 4,
"doTypes": ["xyz789"],
"permissions": ["abc123"],
"globalPermissions": ["abc123"],
"rule": BinaryExpressionLiteralBool,
"scope": DataObjectConnection
}
WhatAbacRuleInput
Description
Input object for creating and updating WHAT ABAC rules in an access control.
Fields
| Input Field | Description |
|---|---|
id - ID
|
The optional ID of the ABAC rule to create or update. If not specified a new ID will be generated. |
doTypes - [String!]
|
The data object types that will be matched by this ABAC rule. |
permissions - [String!]
|
In case of a grant, the permissions that will be granted on the data objects matching the ABAC rule. |
globalPermissions - [String!]
|
In case of a grant, the global permissions that will be granted on the data objects matching the ABAC rule. |
scope - [String!]
|
The list of data objects in which this ABAC rule will apply. Only descendants of these data objects will be considered. |
rule - AbacComparisonExpressionInput!
|
The actual boolean expression to define which data objects to match. |
Example
{
"id": "4",
"doTypes": ["xyz789"],
"permissions": ["xyz789"],
"globalPermissions": ["xyz789"],
"scope": ["xyz789"],
"rule": AbacComparisonExpressionInput
}
WhatDataObjectRemoveInput
Description
Input object to identify a WHAT data object to remove from an access control. When both permissions and globalPermissions are omitted, the entire WHAT link is removed. When specific permissions are provided, only those permissions are subtracted.
Fields
| Input Field | Description |
|---|---|
dataObject - ID!
|
The ID of the data object to remove or remove permissions from. |
permissions - [String!]
|
Specific permissions to remove. When omitted (together with globalPermissions), removes the entire WHAT link. |
globalPermissions - [String!]
|
Specific global permissions to remove. When omitted (together with permissions), removes the entire WHAT link. |
Example
{
"dataObject": "4",
"permissions": ["xyz789"],
"globalPermissions": ["xyz789"]
}
WhoAbacRule
Description
Represents a single ABAC rule for the WHO items of an access control.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
rule - AbacComparisonExpression
|
The boolean expression defining the ABAC rule. |
type - AccessWhoItemType!
|
Determines whether the users from this ABAC rule will get access granted directly or only a promise (pre-approval). |
promiseDuration - Duration
|
In case type=WhoPromise, this indicates the duration of the promise. |
Example
{
"id": "4",
"rule": BinaryExpressionLiteralBool,
"type": "WhoGrant",
"promiseDuration": "P3Y6M4DT12H30M5S"
}
WhoAbacRuleInput
Description
Input object for creating and updating WHO ABAC rules in an access control.
Fields
| Input Field | Description |
|---|---|
id - ID
|
The optional ID of the ABAC rule to create or update. If not specified a new ID will be generated. |
rule - AbacComparisonExpressionInput!
|
The actual boolean expression to define which users to match. |
type - AccessWhoItemType!
|
Defines if the users that are matched by this ABAC rule will get the access granted directly or as a promise (pre-approval). |
promiseDuration - Duration
|
In case type=whoPromise, this indicates for how long the promise will provide access when requested. |
Example
{
"id": 4,
"rule": AbacComparisonExpressionInput,
"type": "WhoGrant",
"promiseDuration": "P3Y6M4DT12H30M5S"
}
WhoItemInput
Description
Input object to represent a WHO item for the access control. Only one of user, accessControl, dataSource or recipient should be filled in, depending on the type of the WHO item.
Fields
| Input Field | Description |
|---|---|
user - ID
|
The ID of the user for the WHO item. |
accessControl - ID
|
The ID of the access control for the WHO item. |
dataSource - ID
|
The ID of the data source for the WHO item (for shares). |
recipient - String
|
The identifier of the recipient account (for shares). |
expiresAt - Time
|
The time at which this WHO item will expire. |
type - AccessWhoItemType
|
Defines if the users that are matched by this ABAC rule will get the access granted directly or as a promise (pre-approval). |
promiseDuration - Duration
|
In case type=whoPromise, this indicates for how long the promise will provide access when requested. |
Example
{
"user": 4,
"accessControl": 4,
"dataSource": 4,
"recipient": "xyz789",
"expiresAt": "10:15:30Z",
"type": "WhoGrant",
"promiseDuration": "P3Y6M4DT12H30M5S"
}
WhoItemRemoveInput
Description
Input object to identify a WHO item to remove from an access control. Only one of user, accessControl, dataSource or recipient should be filled in.
Fields
| Input Field | Description |
|---|---|
user - ID
|
The ID of the user for the WHO item. |
accessControl - ID
|
The ID of the access control for the WHO item. |
dataSource - ID
|
The ID of the data source for the WHO item (for shares). |
recipient - String
|
The identifier of the recipient account (for shares). |
type - AccessWhoItemType
|
Defines if the WHO item is a grant or promise. |
Example
{
"user": 4,
"accessControl": "4",
"dataSource": 4,
"recipient": "xyz789",
"type": "WhoGrant"
}