# Analyze access policies within a organization Analyze access policies within a organization Endpoint: POST /v1/orgs/{org}/analyze-access-policies Version: 1.0 Security: x-api-key ## Path parameters: - `org` (string, required) Organization identifier ## Header parameters: - `Harness-Account` (string) Identifier field of the account the resource is scoped to. This is required for Authorization methods other than the x-api-key header. If you are using the x-api-key header, this can be skipped. ## Query parameters: - `page` (integer) Pagination page number strategy: Specify the page number within the paginated collection related to the number of items on each page. - `limit` (integer) Pagination: Number of items to return. - `sort` (string) Parameter on the basis of which sorting is done. Enum: "identifier", "name", "created", "updated" - `order` (string) Order on the basis of which sorting is done. Enum: "ASC", "DESC" ## Request fields (application/json): - `query_scope` (object) This includes details about the scope for which policies should be analysed - `query_scope.filter` (string) Filter provide a way of either selecting ONLY specified scope or also include its child scopes. Enum: "INCLUDING_CHILD_SCOPE", "EXCLUDING_CHILD_SCOPE" - `query_scope.scope` (object) Scope of the Resource - `query_scope.scope.account` (string, required) Account Identifier - `query_scope.scope.org` (string) Org Identifier - `query_scope.scope.project` (string) Project Identifier - `query_scope.include_access_policies_from_parent_scope` (boolean) - `principal` (object) Role assignment principal - `principal.scope_level` (string) Principal scope level - `principal.identifier` (string, required) Principal identifier - `principal.type` (string, required) Principal type Enum: "USER", "USER_GROUP", "SERVICE_ACCOUNT" - `permission_identifier` (string) Permission identifier for which access policies need to be analysed. - `resource_group_identifier` (string) Resource group identifiert for which access policies need to be analysed. - `role` (object) Request to analyze policies based on Role details - `role.identifier` (string) Role identifier - `role.scope_level` (string) Scope level at which role is defined. This can be from query scope level or parent scope level. - `resource` (object) Request to analyze access policies based on Resource details. Resource scope can be provided from query scope or its child scope - `resource.identifier` (string) Identifier of resource in given scope - `resource.type` (string) Type of resource in a given scope - `resource.attribute` (object) Resource attribute such as "type" in case of Environment or Connector - `advance_options` (object) Advance Options to control the output of a given query - `advance_options.expand_role` (boolean) True, if response should list all permissions inside role. - `advance_options.expand_resource_group` (boolean) True, if response should list all resources inside a resource group. - `advance_options.expand_user_group` (boolean) True, if response should list all users inside a user group. ## Response 200 fields (application/json): - `access_policy_analysis_response` (array) - `access_policy_analysis_response.role_assignment` (object) This contains Role Assignment details and to which Principal this Role Assignment is assigned. - `access_policy_analysis_response.role_assignment.scope` (object, required) Scope of the Resource - `access_policy_analysis_response.role_assignment.scope.account` (string, required) Account Identifier - `access_policy_analysis_response.role_assignment.scope.org` (string) Org Identifier - `access_policy_analysis_response.role_assignment.scope.project` (string) Project Identifier - `access_policy_analysis_response.role_assignment.role_assignment_id` (string, required) Role assignment Identifier - `access_policy_analysis_response.role_assignment.principal` (object) Principal for which role assignment is created - `access_policy_analysis_response.role_assignment.principal.identifier` (string, required) Principal Identifier - `access_policy_analysis_response.role_assignment.principal.name` (string) Principal Name - `access_policy_analysis_response.role_assignment.principal.type` (string, required) Principal type - `access_policy_analysis_response.role_assignment.principal.scope_level` (string) Scope of Principal - `access_policy_analysis_response.resource_group` (object) Resource Group details which is assigned along with role to provide access on resources. - `access_policy_analysis_response.resource_group.identifier` (string) Resource group identifier - `access_policy_analysis_response.resource_group.name` (string) Resource group name - `access_policy_analysis_response.role` (object) Role details - `access_policy_analysis_response.role.identifier` (string) Role Identifier - `access_policy_analysis_response.role.name` (string) Role Name - `access_policy_analysis_response.role.scope_level` (string) Scope at which Role is created - `access_policy_analysis_response.permission` (object) Permission details which are assigned via given role assignment - `access_policy_analysis_response.permission.identifier` (string) Permisision identifier - `access_policy_analysis_response.permission.name` (string) Permission Name - `access_policy_analysis_response.resource` (object) Request to analyze access policies based on Resource details. Resource scope can be provided from query scope or its child scope - `access_policy_analysis_response.resource.identifier` (string) Identifier of resource in given scope - `access_policy_analysis_response.resource.type` (string) Type of resource in a given scope - `access_policy_analysis_response.resource.attribute` (object) Resource attribute such as "type" in case of Environment or Connector