grants
Creates, updates, deletes, gets or lists a grants resource.
Overview
| Name | grants |
| Type | Resource |
| Id | okta.users.grants |
Fields
The following fields are returned by SELECT queries:
- list_grants_for_user_and_client
- list_user_grants
- get_user_grant
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Grant object (example: oag3ih1zrm1cBFOiq0h6) |
_embedded | object | Embedded resources related to the Grant |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID of the app integration (example: oag3ih1zrm1cBFOiq0h6) |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
createdBy | object | User that created the object |
issuer | string | The issuer of your org authorization server. This is typically your Okta domain. (example: https://my_test_okta_org.oktapreview.com) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopeId | string | The name of the Okta scope for which consent is granted (example: okta.users.read) |
source | string | User type source that granted consent (example: ADMIN) |
status | string | Status (example: ACTIVE) |
userId | string | User ID that granted consent (if source is END_USER) (example: 00u5t60iloOHN9pBi0h7) |
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Grant object (example: oag3ih1zrm1cBFOiq0h6) |
_embedded | object | Embedded resources related to the Grant |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID of the app integration (example: oag3ih1zrm1cBFOiq0h6) |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
createdBy | object | User that created the object |
issuer | string | The issuer of your org authorization server. This is typically your Okta domain. (example: https://my_test_okta_org.oktapreview.com) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopeId | string | The name of the Okta scope for which consent is granted (example: okta.users.read) |
source | string | User type source that granted consent (example: ADMIN) |
status | string | Status (example: ACTIVE) |
userId | string | User ID that granted consent (if source is END_USER) (example: 00u5t60iloOHN9pBi0h7) |
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Grant object (example: oag3ih1zrm1cBFOiq0h6) |
_embedded | object | Embedded resources related to the Grant |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID of the app integration (example: oag3ih1zrm1cBFOiq0h6) |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
createdBy | object | User that created the object |
issuer | string | The issuer of your org authorization server. This is typically your Okta domain. (example: https://my_test_okta_org.oktapreview.com) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopeId | string | The name of the Okta scope for which consent is granted (example: okta.users.read) |
source | string | User type source that granted consent (example: ADMIN) |
status | string | Status (example: ACTIVE) |
userId | string | User ID that granted consent (if source is END_USER) (example: 00u5t60iloOHN9pBi0h7) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_grants_for_user_and_client | select | subdomain | expand, after, limit | Lists all grants for a specified user and client |
list_user_grants | select | subdomain | scopeId, expand, after, limit | Lists all grants for the specified user |
get_user_grant | select | subdomain | expand | Retrieves a grant for the specified user |
revoke_grants_for_user_and_client | delete | subdomain | Revokes all grants for the specified user and client | |
revoke_user_grants | delete | subdomain | Revokes all grants for a specified user | |
revoke_user_grant | delete | subdomain | Revokes one grant for a specified user |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination. |
expand | string | Valid value: scope. If specified, scope details are included in the _embedded attribute. |
limit | integer (int32) | Specifies the number of grants to return |
scopeId | string | The scope ID to filter on |
SELECT examples
- list_grants_for_user_and_client
- list_user_grants
- get_user_grant
Lists all grants for a specified user and client
SELECT
id,
_embedded,
_links,
clientId,
created,
createdBy,
issuer,
lastUpdated,
scopeId,
source,
status,
userId
FROM okta.users.grants
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}'
AND after = '{{ after }}'
AND limit = '{{ limit }}';
Lists all grants for the specified user
SELECT
id,
_embedded,
_links,
clientId,
created,
createdBy,
issuer,
lastUpdated,
scopeId,
source,
status,
userId
FROM okta.users.grants
WHERE subdomain = '{{ subdomain }}' -- required
AND scopeId = '{{ scopeId }}'
AND expand = '{{ expand }}'
AND after = '{{ after }}'
AND limit = '{{ limit }}';
Retrieves a grant for the specified user
SELECT
id,
_embedded,
_links,
clientId,
created,
createdBy,
issuer,
lastUpdated,
scopeId,
source,
status,
userId
FROM okta.users.grants
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
DELETE examples
- revoke_grants_for_user_and_client
- revoke_user_grants
- revoke_user_grant
Revokes all grants for the specified user and client
DELETE FROM okta.users.grants
WHERE subdomain = '{{ subdomain }}' --required;
Revokes all grants for a specified user
DELETE FROM okta.users.grants
WHERE subdomain = '{{ subdomain }}' --required;
Revokes one grant for a specified user
DELETE FROM okta.users.grants
WHERE subdomain = '{{ subdomain }}' --required;