Skip to main content

List ZITADEL Permissions​

Show all the permissions the user has in ZITADEL (ZITADEL Manager).

Path Parameters
    userId string required

    list limitations and ordering

Header Parameters
    x-zitadel-orgid string

    The default is always the organization of the requesting user. If you like to get the result of another organization include the header. Make sure the user has permission to access the requested data.

Request Body required
    query object

    Object unspecific list filters like offset, limit and asc/desc.

    offset uint64
    limit int64

    Maximum amount of events returned. The default is set to 1000 in https://github.com/zitadel/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If the limit exceeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken.

    asc boolean

    default is descending

    queries object[]
  • Array [
    • orgQuery object
    orgId string
    projectQuery object
    projectId string
    projectGrantQuery object
    projectGrantId string
    iamQuery object
    iam boolean
  • ]
Responses

A successful response.

Schema
    details object
    totalResult uint64
    processedSequence uint64
    viewTimestamp date-time

    the last time the view got updated

    result object[]
  • Array [
    • userId string
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwner resource_owner is the organization an object belongs to
    roles string[]
    displayName string

    display name of the user

    iam boolean

    one of type use iam, org id, project id or project grant id

    orgId string

    one of type use iam, org id, project id or project grant id

    projectId string

    one of type use iam, org id, project id or project grant id

    projectGrantId string

    one of type use iam, org id, project id or project grant id

  • ]
POST /users/:userId/memberships/_search

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN/management/v1
Bearer Token
userId — path required
x-zitadel-orgid — header
Content-Type
Body required
{

  "query": {

    "offset": "0",

    "limit": 100,

    "asc": true

  },

  "queries": [

    {

      "orgQuery": {

        "orgId": "69629023906488334"

      },

      "projectQuery": {

        "projectId": "69629023906488334"

      },

      "projectGrantQuery": {

        "projectGrantId": "69629023906488334"

      },

      "iamQuery": {

        "iam": true

      }

    }

  ]

}
Accept
curl / cURL
curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/memberships/_search' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 100,
    "asc": true
  },
  "queries": [
    {
      "orgQuery": {
        "orgId": "69629023906488334"
      },
      "projectQuery": {
        "projectId": "69629023906488334"
      },
      "projectGrantQuery": {
        "projectGrantId": "69629023906488334"
      },
      "iamQuery": {
        "iam": true
      }
    }
  ]
}'