Identity and Access Management API, REST: SubjectDetails.BatchGet
Returns the details of multiple subjects by their IDs.
HTTP request
POST https://iam.api.yandexcloud.kz/iam/v1/subjects:batchGet
Body parameters
{
"subjectIds": [
"string"
],
"filter": "string",
"fieldMask": "string",
"resourceContext": {
"id": "string",
"type": "string"
}
}
|
Field |
Description |
|
subjectIds[] |
string IDs of the subjects to return. The number of elements must be in the range 1-1000. |
|
filter |
string A filter expression in CEL (Common Expression Language) that filters the subjects listed in the response. The maximum string length in characters is 10000. |
|
fieldMask |
string (field-mask) A comma-separated names off ALL fields to be updated. If |
|
resourceContext |
The resource to which the returned subjects have access. Can only be an organization or a folder. |
Resource
A Resource. For more information, see Resource.
|
Field |
Description |
|
id |
string Required field. ID of the resource. The maximum string length in characters is 50. |
|
type |
string Required field. The type of the resource, e.g. resource-manager.folder, billing.account, compute.snapshot, etc. The maximum string length in characters is 64. |
Response
HTTP Code: 200 - OK
{
"subjects": [
{
"sub": "string",
"type": "string",
"createdAt": "string",
"status": "string",
"name": "string",
"lastAuthenticatedAt": "string",
"groups": [
{
"id": "string",
"name": "string",
"type": "string"
}
],
// Includes only one of the fields `userAccount`, `serviceAccount`, `group`, `invitee`
"userAccount": {
"givenName": "string",
"familyName": "string",
"preferredUsername": "string",
"email": "string",
"phoneNumber": "string",
"subjectContainer": {
"id": "string",
"name": "string",
"containerType": "string"
},
"lastIdProofAt": "string",
"suspendReason": "string",
"jobInfo": {
"companyName": "string",
"department": "string",
"jobTitle": "string",
"employeeId": "string"
},
"expiresAt": "string",
"modifiedAt": "string"
},
"serviceAccount": {
"cloud": {
"id": "string",
"name": "string"
},
"folder": {
"id": "string",
"name": "string"
},
"serviceAgent": {
"serviceId": "string",
"microserviceId": "string"
}
},
"group": {
"id": "string",
"name": "string",
"type": "string"
},
"invitee": {
"email": "string",
"preferredUsername": "string"
},
// end of the list of possible fields
"externalId": "string"
}
]
}
|
Field |
Description |
|
subjects[] |
List of the requested subjects. |
Subject
|
Field |
Description |
|
sub |
string Required field. Subject - Identifier for the End-User at the Issuer. The maximum string length in characters is 100. |
|
type |
enum (SubjectType) Required field. Subject type.
|
|
createdAt |
string (date-time) Creation time String in RFC3339 To work with values in this field, use the APIs described in the |
|
status |
enum (SubjectStatus) Status
|
|
name |
string End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences. |
|
lastAuthenticatedAt |
string (date-time) Last time the access token was created. Filled only for federated users (not for global users). String in RFC3339 To work with values in this field, use the APIs described in the |
|
groups[] |
Groups to which the subject belongs |
|
userAccount |
Details of a user account subject. Set when the subject is a user account. Includes only one of the fields Subject type-specific details. |
|
serviceAccount |
Details of a service account subject. Set when the subject is a service account. Includes only one of the fields Subject type-specific details. |
|
group |
Details of a group subject. Set when the subject is a group. Includes only one of the fields Subject type-specific details. |
|
invitee |
Details of an invitee subject. Set when the subject is an invitee. Includes only one of the fields Subject type-specific details. |
|
externalId |
string Subject id in external container |
Group
|
Field |
Description |
|
id |
string ID of the group. |
|
name |
string Name of the group. |
|
type |
enum (GroupType) Type of the group.
|
UserAccount
|
Field |
Description |
|
givenName |
string Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters. |
|
familyName |
string Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters. |
|
preferredUsername |
string Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. |
|
|
string End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. |
|
phoneNumber |
string End-User's preferred phone number. |
|
subjectContainer |
Subject container |
|
lastIdProofAt |
string (date-time) Last time when subject identification was proofed. String in RFC3339 To work with values in this field, use the APIs described in the |
|
suspendReason |
string Reason of subject's suspension |
|
jobInfo |
Information about job |
|
expiresAt |
string (date-time) The subject will be suspended at the specified time String in RFC3339 To work with values in this field, use the APIs described in the |
|
modifiedAt |
string (date-time) Last time when the user account attributes were modified String in RFC3339 To work with values in this field, use the APIs described in the |
SubjectContainer
|
Field |
Description |
|
id |
string ID of the subject container. |
|
name |
string Name of the subject container. |
|
containerType |
enum (ContainerType) Type of the subject container.
|
JobInfo
|
Field |
Description |
|
companyName |
string Name of the company the user works for. |
|
department |
string Department the user belongs to. |
|
jobTitle |
string Job title of the user. |
|
employeeId |
string Employee identifier of the user. |
ServiceAccount
|
Field |
Description |
|
cloud |
Cloud the service account belongs to. |
|
folder |
Folder the service account belongs to. |
|
serviceAgent |
Service agent details. Set when the service account is a service agent. |
Cloud
|
Field |
Description |
|
id |
string ID of the cloud. |
|
name |
string Name of the cloud. |
Folder
|
Field |
Description |
|
id |
string ID of the folder. |
|
name |
string Name of the folder. |
ServiceAgent
|
Field |
Description |
|
serviceId |
string ID of the service the service agent acts on behalf of. |
|
microserviceId |
string ID of the microservice the service agent acts on behalf of. |
Invitee
|
Field |
Description |
|
|
string E-mail address of the invitee. |
|
preferredUsername |
string Preferred username of the invitee. |