Skip to main content

View Access

Viewing resource access in Nexla allows you to understand who has access to your resources, what permissions they have, and how access is configured across your platform. This visibility is essential for security auditing, compliance, and effective access management.

Access Visibility Overview

Understanding current access configurations helps you maintain security, identify potential risks, and ensure appropriate access levels for all users and teams. The system provides comprehensive views of access at both the resource and user levels.

List All Resource Access

View access configurations across all resources in your organization to get a comprehensive understanding of your access landscape.

All Access Endpoint

To retrieve all resource access configurations:

GET /resource_access
List All Access: Request
GET /resource_access

All Access Response

The response provides a comprehensive view of all access configurations:

List All Access: Response
{
  "status": "success",
  "access_configurations": [
    {
      "resource_type": "data_sources",
      "resource_id": 1001,
      "resource_name": "Customer Data Source",
      "owner": {
        "id": 42,
        "full_name": "John Smith"
      },
      "access_grants": [
        {
          "user_id": 43,
          "user_name": "Jane Doe",
          "access_level": "user",
          "granted_at": "2023-01-15T10:00:00.000Z"
        },
        {
          "team_id": 1001,
          "team_name": "Analytics Team",
          "access_level": "viewer",
          "granted_at": "2023-01-15T11:00:00.000Z"
        }
      ]
    },
    {
      "resource_type": "data_sinks",
      "resource_id": 4001,
      "resource_name": "Data Warehouse Sink",
      "owner": {
        "id": 42,
        "full_name": "John Smith"
      },
      "access_grants": [
        {
          "user_id": 44,
          "user_name": "Bob Wilson",
          "access_level": "admin",
          "granted_at": "2023-01-14T15:00:00.000Z"
        }
      ]
    }
  ]
}

View Resource-Specific Access

Examine access configurations for specific resources to understand who can work with them and what they can do.

Resource Access Endpoint

To view access for a specific resource:

GET /resource_access/{resource_type}/{resource_id}
View Resource Access: Request
GET /resource_access/data_sources/1001

Resource Access Response

The response shows detailed access information for the specific resource:

View Resource Access: Response
{
  "status": "success",
  "resource": {
    "type": "data_sources",
    "id": 1001,
    "name": "Customer Data Source",
    "description": "Customer data ingestion from S3"
  },
  "owner": {
    "id": 42,
    "full_name": "John Smith",
    "email": "john.smith@example.com"
  },
  "access_grants": [
    {
      "user_id": 43,
      "user_name": "Jane Doe",
      "user_email": "jane.doe@example.com",
      "access_level": "user",
      "granted_at": "2023-01-15T10:00:00.000Z",
      "granted_by": {
        "id": 42,
        "full_name": "John Smith"
      }
    },
    {
      "team_id": 1001,
      "team_name": "Analytics Team",
      "access_level": "viewer",
      "granted_at": "2023-01-15T11:00:00.000Z",
      "granted_by": {
        "id": 42,
        "full_name": "John Smith"
      },
      "team_members": [
        {
          "id": 45,
          "full_name": "Alice Johnson",
          "email": "alice.johnson@example.com"
        },
        {
          "id": 46,
          "full_name": "Charlie Brown",
          "email": "charlie.brown@example.com"
        }
      ]
    }
  ],
  "inherited_access": [
    {
      "source": "organization",
      "access_level": "viewer",
      "description": "Organization members can view resource status"
    }
  ]
}

View User Access

Understand what resources a specific user can access across your platform.

User Access Endpoint

To view all resources accessible to a specific user:

GET /users/{user_id}/access
View User Access: Request
GET /users/43/access

User Access Response

The response shows all resources the user can access and their permission levels:

View User Access: Response
{
  "status": "success",
  "user": {
    "id": 43,
    "full_name": "Jane Doe",
    "email": "jane.doe@example.com"
  },
  "direct_access": [
    {
      "resource_type": "data_sources",
      "resource_id": 1001,
      "resource_name": "Customer Data Source",
      "access_level": "user",
      "granted_at": "2023-01-15T10:00:00.000Z"
    }
  ],
  "team_access": [
    {
      "team_id": 1001,
      "team_name": "Analytics Team",
      "access_level": "viewer",
      "resources": [
        {
          "resource_type": "data_sources",
          "resource_id": 1002,
          "resource_name": "Sales Data Source",
          "access_level": "viewer"
        },
        {
          "resource_type": "data_sinks",
          "resource_id": 4001,
          "resource_name": "Data Warehouse Sink",
          "access_level": "viewer"
        }
      ]
    }
  ],
  "organization_access": [
    {
      "resource_type": "teams",
      "access_level": "viewer",
      "description": "Can view team information across organization"
    }
  ]
}

View Team Access

Examine what resources a team can access and how team membership affects individual user permissions.

Team Access Endpoint

To view all resources accessible to a specific team:

GET /teams/{team_id}/access
View Team Access: Request
GET /teams/1001/access

Team Access Response

The response shows all resources the team can access and team member details:

View Team Access: Response
{
  "status": "success",
  "team": {
    "id": 1001,
    "name": "Analytics Team",
    "description": "Team for data analytics and reporting"
  },
  "owner": {
    "id": 42,
    "full_name": "John Smith"
  },
  "team_access": [
    {
      "resource_type": "data_sources",
      "resource_id": 1002,
      "resource_name": "Sales Data Source",
      "access_level": "viewer",
      "granted_at": "2023-01-15T11:00:00.000Z"
    },
    {
      "resource_type": "data_sinks",
      "resource_id": 4001,
      "resource_name": "Data Warehouse Sink",
      "access_level": "viewer",
      "granted_at": "2023-01-15T11:00:00.000Z"
    }
  ],
  "team_members": [
    {
      "id": 45,
      "full_name": "Alice Johnson",
      "email": "alice.johnson@example.com",
      "admin": false,
      "inherited_access": "viewer"
    },
    {
      "id": 46,
      "full_name": "Charlie Brown",
      "email": "charlie.brown@example.com",
      "admin": false,
      "inherited_access": "viewer"
    }
  ]
}

Access Audit and History

Track changes to access configurations over time for compliance and security auditing.

Access Audit Endpoint

To view access change history:

GET /resource_access/{resource_type}/{resource_id}/audit
View Access Audit: Request
GET /resource_access/data_sources/1001/audit

Access Audit Response

The response shows the complete history of access changes:

View Access Audit: Response
{
  "status": "success",
  "resource": {
    "type": "data_sources",
    "id": 1001,
    "name": "Customer Data Source"
  },
  "audit_log": [
    {
      "timestamp": "2023-01-15T11:00:00.000Z",
      "action": "grant_access",
      "user_id": 43,
      "user_name": "Jane Doe",
      "access_level": "user",
      "performed_by": {
        "id": 42,
        "full_name": "John Smith"
      }
    },
    {
      "timestamp": "2023-01-15T10:00:00.000Z",
      "action": "grant_access",
      "team_id": 1001,
      "team_name": "Analytics Team",
      "access_level": "viewer",
      "performed_by": {
        "id": 42,
        "full_name": "John Smith"
      }
    },
    {
      "timestamp": "2023-01-15T09:00:00.000Z",
      "action": "create_resource",
      "performed_by": {
        "id": 42,
        "full_name": "John Smith"
      }
    }
  ]
}

Use query parameters to filter and search access configurations based on specific criteria.

Filtering Options

Filter access configurations by various criteria:

GET /resource_access?resource_type=data_sources
GET /resource_access?user_id=43
GET /resource_access?team_id=1001
GET /resource_access?access_level=admin

Search Functionality

Search for specific access configurations:

GET /resource_access?search=customer
GET /resource_access?search=jane.doe@example.com

Access Visibility Benefits

Understanding your access landscape provides several key benefits.

Security and Compliance

  • Access Monitoring: Identify who has access to sensitive resources
  • Permission Auditing: Verify access levels are appropriate
  • Compliance Reporting: Generate reports for regulatory requirements
  • Risk Assessment: Identify potential security risks

Operational Efficiency

  • Access Troubleshooting: Quickly resolve access-related issues
  • Resource Planning: Understand resource usage patterns
  • Team Management: Optimize team access configurations
  • User Onboarding: Streamline access provisioning for new users

Best Practices

To effectively view and manage resource access:

  1. Regular Reviews: Periodically review all access configurations
  2. Documentation: Maintain clear records of access decisions
  3. Monitoring: Track access patterns and identify anomalies
  4. Automation: Use automated tools for access reporting
  5. Training: Ensure team members understand access policies

Error Handling

Common access viewing issues and solutions:

  • Permission Denied: Ensure you have appropriate access rights
  • Resource Not Found: Verify the resource ID exists and is accessible
  • Invalid Parameters: Check that query parameters are correctly formatted
  • Organization Issues: Confirm organization membership and access

After viewing access configurations, you may need to:

Modify Access

PUT /resource_access

Revoke Access

DELETE /resource_access

Monitor Usage

GET /resource_access/{resource_type}/{resource_id}/usage