Object Types

Schema

The ObjectType type represent directory object types.

Listing Object Types

Use the objectTypes query to search for object types.

List All

The following query is used to paginate over all object types:

{
  objectTypes(first: 3) {
    nodes {
      id
      name
      isSubject
      displayName
      ordinal
      status
      lifecycle {
        createdAt
      }
    }
    pageInfo {
      hasNextPage
      endCursor
    }
  }
}

Results

{
"data": {
  "objectTypes": {
    "nodes": [
      {
        "id": 10001,
        "name": "user",
        "isSubject": true,
        "displayName": "User",
        "ordinal": 100,
        "status": [],
        "lifecycle": {
          "createdAt": "2022-08-16T01:02:39.336401Z"
        }
      },
      {
        "id": 10003,
        "name": "group",
        "isSubject": true,
        "displayName": "Group",
        "ordinal": 200,
        "status": [],
        "lifecycle": {
          "createdAt": "2022-08-16T01:02:39.336401Z"
        }
      },
      {
        "id": 10002,
        "name": "identity",
        "isSubject": false,
        "displayName": "Identity",
        "ordinal": 300,
        "status": [
          "READONLY"
        ],
        "lifecycle": {
          "createdAt": "2022-08-16T01:02:39.336401Z"
        }
      }
    ],
    "pageInfo": {
      "hasNextPage": true,
      "endCursor": "K/+3AwEBBkN1cnNvcgH/uAABAgEIT3B0c0hhc2gBBgABBEtleXMB/7oAAAAW/7kCAQEIW11zdHJpbmcB/7oAAQwAABn/uAH4an7my8dlas8BAgM0MDAFMTAwMDQA"
    }
  }
}
}

Filtering

The objectTypes query can also be used to filter object types by providing where criteria. The following query selects object types that are subjects and their name contains the substring "user":

{
  objectTypes(
    first: 3,
    where: {isSubject: true, name: {contains: "user"}}
  ) {
    nodes {
      id
      name
      isSubject
      displayName
      ordinal
      status
    }
  }
}

Results

{
  "data": {
    "objectTypes": {
      "nodes": [
        {
          "id": 10001,
          "name": "user",
          "isSubject": true,
          "displayName": "User",
          "ordinal": 100,
          "status": []
        },
        {
          "id": 10006,
          "name": "user-v1",
          "isSubject": true,
          "displayName": "UserV1",
          "ordinal": 1000,
          "status": [
            "HIDDEN",
            "READONLY"
          ]
        }
      ]
    }
  }
}

Creating and Modifying Object Types

The setObjetType mutations is used to create new object types or modify existing ones.

Create

The query below creates an "Organization" object type with the aim of defining various organizations and grant users different levels of access to them. The query returns all fields of the resulting object type:

mutation CreateOrganizationObjectType {
  setObjectType(type: {
    name: "org"
    displayName: "Organization"
    isSubject: false
    ordinal: 350
    status: []
  }) {
    objectType {
      id
      name
      displayName
      isSubject
      ordinal
      status
    }
  }
}

The name of the new type is "org". It must be unique among all object types and, like the ID, can be used to refer to the type in other queries and mutations.

The display name, "Organization", is how the type appears in the Aserto Console.

Organization objects do not represent subjects—they are resources that subjects may access with various permissions. Therefore, the isSubject field is set to false.

Ordinal determines where the object type appears in the list relative to other types, and no additional flags are set in the status field.

Results

{
  "data": {
    "setObjectType": {
      "objectType": {
        "id": 1,
        "name": "org",
        "displayName": "Organization",
        "isSubject": false,
        "ordinal": 350,
        "status": []
      }
    }
  }
}

Modify

All object type fields can be modified after creation except for the ID. The same setObjetType mutation used above to create a new object type is also used to modify existing ones.

To modify the name of the new type to "organization" we need to refer to the type by its ID. Since an object type is uniquely identified by its name, the id field in setObjetType is only required when changing an object type's name.

mutation CreateOrganizationObjectType {
  setObjectType(type: {
    id: 1
    name: "organization"
    displayName: "Organization"
    isSubject: false
    ordinal: 350
    status: []
  }) {
    objectType {
      id
      name
      displayName
      isSubject
      ordinal
      status
    }
  }
}

Results

{
  "data": {
    "setObjectType": {
      "objectType": {
        "id": 1,
        "name": "organization",
        "displayName": "Organization",
        "isSubject": false,
        "ordinal": 350,
        "status": []
      }
    }
  }
}

To modify any field(s) besided name we can omit the ID since the name uniquely identifies the object type. The query below changes the ordinal value and adds the READONLY flag to the object type's status field.

mutation CreateOrganizationObjectType {
  setObjectType(type: {
    name: "organization"
    displayName: "Organization"
    isSubject: false
    ordinal: 450
    status: [READONLY]
  }) {
    objectType {
      id
      name
      displayName
      isSubject
      ordinal
      status
    }
  }
}

Results

{
  "data": {
    "setObjectType": {
      "objectType": {
        "id": 1,
        "name": "organization",
        "displayName": "Organization",
        "isSubject": false,
        "ordinal": 350,
        "status": [READONLY]
      }
    }
  }
}

Schema​

Listing Object Types​

List All​

Filtering​

Creating and Modifying Object Types​

Create​

Modify​

Schema

Listing Object Types

List All

Filtering

Creating and Modifying Object Types

Create

Modify