Graphql
Example Queries
This document provides you with some examples for common use cases and how to handle them with the IdentityHub graphql API
I'm looking for a single user by it's DN, id or entryUUID
graphql
query FindUser {
byDN: user(by: { dn: "cn=testuser,ou=users,o=data" }) {
id
dn
name
label
groups {
nodes {
id
dn
name
label
}
}
hasRole
}
byId: user(by: { id: "kqRVc2VyxBB6mlqbArkSTpvJeppamwK5" }) {
id
dn
name
label
groups {
nodes {
id
dn
name
label
}
}
hasRole
}
byEntryUUID: user(by: { entryUUID: "7a9a5a9b02b9124e9bc97a9a5a9b02b9" }) {
id
dn
name
label
groups {
nodes {
id
dn
name
label
}
}
hasRole
}
}
I want to find all users meeting some complex criteria
Finds all users that were created after the 1st december 2018, that do not have the givenName Max or Erika, the lastName starts with the letter a and that are either in company1, company2 or company3
graphql
query SearchUsers {
users(
where: {
createTimestamp: { lte: "2018-12-01" }
_not_: { givenName: { eq: "Max" }, _and_: { givenName: { eq: "Erika" } } }
lastName: { startsWith: "a" }
company: { eq: ["company1", "company2", "company3"] }
}
paging: { first: 10 }
) {
estimatedSize
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
edges {
cursor
node {
id
entryDN
entryUUID
cn
firstName
lastName
company
avatar: photo
}
}
}
}
Who am I? (infos about the logged in user)
graphql
query WhoAmI {
viewer {
id
entryUUID
firstName
lastName
mail
}
}
Show me the first 10 of my userapp tasks (filtered by a string)
graphql
query SearchViewerTasks {
viewer {
tasks(where: { q: "test" }, paging: { first: 10 }) {
estimatedSize
edges {
cursor
node {
id
processName
createTime
activityName
bulkApprovable
confirmationNumber
recipient {
... on User {
firstName
lastName
photo
mail
}
... on Group {
description
}
}
addressee {
... on User {
firstName
lastName
photo
mail
}
... on Group {
description
}
}
}
}
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
}
}
}
Show me the first 10 permissions I can request via the userapp that contain the string test
graphql
query SearchViewerPermissions {
viewer {
permissions(where: { q: "test" }, paging: { first: 10 }) {
estimatedSize
edges {
cursor
node {
id
dn
name
desc
entityType
bulkRequestable
categories
link
multiAssignable
excluded
edition
isNewForm
isExpirationRequired
}
}
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
}
}
}
Show me the first 10 userapp roles that I am assigned to with level 20 and containing the string compliance
graphql
query SearchViewerRoles {
viewer {
roles(where: { level: 20, q: "compliance" }, paging: { first: 10 }) {
estimatedSize
edges {
cursor
node {
id
name
description
categories {
id
name
}
level {
name
value
cn
}
level
}
}
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
}
}
}
I want to request a certain permission for myself
graphql
mutation RequestPermission {
requestPermission(
input: {
dn: "cn=identity-hub-test,cn=level30,cn=roledefs,cn=roleconfig,cn=appconfig,cn=user application driver,cn=driverset1,o=system"
entityType: role
reason: "some reason"
effectiveDate: "2020-12-12T10:00:00Z"
expirationDate: "2021-12-12T10:00:00Z"
}
) {
success
}
}
I want to request a certain permission for someone else
graphql
mutation RequestPermission {
requestPermission(
input: {
dn: "cn=identity-hub-test,cn=level30,cn=roledefs,cn=roleconfig,cn=appconfig,cn=user application driver,cn=driverset1,o=system"
entityType: role
reason: "some reason"
effectiveDate: "2020-12-12T10:00:00Z"
expirationDate: "2021-12-12T10:00:00Z"
recipient: "kqRVc2VyxBB6mlqbArkSTpvJeppamwK5"
}
) {
success
}
}
I want to approve a userapp task that is assigned to me
graphql
mutation TaskAction {
taskAction(
input: {
id: "VGFzazo5OTZjNjdmN2MxMTQ0ZjU3YTBkNzE3NGJhM2I2MDRlZg"
action: approve
comment: "that is ok"
}
) {
success
message
}
}