Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ API Reference/ API/ Access Analyzer/ Findings/ Retrieving Information About the Specified Finding
Updated on 2025-11-06 GMT+08:00
View PDF
Share

Retrieving Information About the Specified Finding

Function

This API is used to retrieve information about the specified finding.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

AccessAnalyzer:analyzer:getFinding

Read

analyzer *

g:ResourceTag/<tag-key>

-

-

URI

GET /v5/analyzers/{analyzer_id}/findings/{finding_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

analyzer_id

Yes

String

Unique identifier of an analyzer

Minimum: 1

Maximum: 36

finding_id

Yes

String

Unique identifier of a finding.

Minimum: 1

Maximum: 36

Request Parameters

None

Response Parameters

Status code: 200

Table 2 Response body parameters

Parameter

Type

Description

finding

Finding object

Findings.
Table 3 Finding

Parameter

Type

Description

action

Array of strings

Action that can be used by external principals.

analyzed_at

String

Time when a resource is analyzed

condition

Array of FindingCondition objects

Condition that generates findings in the policy statement.

created_at

String

Time when the findings were generated.

finding_details

Array of FindingDetails objects

Finding details.

finding_type

String

Finding type.

  • external_access: external access

  • privilege_escalation: privilege escalation

  • unused_iam_user_access_key: unused access key

  • unused_iam_user_password: unused password

  • unused_permission: unused permission

  • unused_iam_agency: unused agency

  • iam_bp_root_user_has_access_key: an AK/SK pair is bound to the root user

  • iam_bp_access_api_with_password: APIs access using passwords

  • iam_bp_login_protection_disabled: login protection disabled

  • iam_bp_mfa_unconfigured: MFA not added

  • iam_bp_assign_high_risk_sys_policy_or_role_to_user: high-risk system-defined policies or roles attached to users

  • iam_bp_attach_high_risk_sys_identity_policy_to_user: high-risk system-defined identity policies attached to users

  • iam_bp_assign_high_risk_sys_policy_or_role_to_agency: high-risk system-defined policies or roles attached to agencies

  • iam_bp_attach_high_risk_sys_identity_policy_to_agency: high-risk system-defined identity policies attached to agencies

id

String

Unique identifier of a finding.

is_public

Boolean

Whether the policy that generates findings allows public access to resources.

principal

FindingPrincipal object

An external principal that accesses resources in a zone of trust.

resource

String

Unique identifier of a resource.

resource_id

String

Unique identifier of a resource

Minimum: 1

Maximum: 36

resource_owner_account

String

ID of the account that owns resources.

resource_project_id

String

Identifier of the project that the resource belongs to.

Maximum: 36

resource_type

String

Resource type.

  • iam:agency: IAM agency

  • iam:user: IAM user

  • kms:cmk: DEW shared key

  • obs:bucket: OBS bucket

  • swr:repo: SWR image repository

  • cbr:backup: CBR backup

  • ims:image: IMS image

sources

Array of strings

Source of findings, indicating how to grant access that generates the findings.

status

String

Finding status.

  • active

  • archived

  • resolved

updated_at

String

Time when the findings were updated.
Table 4 FindingDetails

Parameter

Type

Description

external_access_details

ExternalAccessDetails object

External access findings.

privilege_escalation_details

PrivilegeEscalationDetails object

Finding details for privilege escalation access.

unused_iam_user_access_key_details

UnusedIamUserAccessKeyDetails object

Finding details for unused keys.

unused_iam_user_password_details

UnusedIamUserPasswordDetails object

Finding details for unused user passwords.

unused_permission_details

UnusedPermissionDetails object

Finding details for unused permissions.

unused_iam_agency_details

UnusedIamAgencyDetails object

Finding details for unused agencies.

iam_bp_root_user_has_access_key_details

IamBpRootUserHasAccessKeyDetails object

Finding details for root users who have access keys.

iam_bp_access_api_with_password_details

IamBpAccessApiWithPasswordDetails object

Finding details for API access with passwords.

iam_bp_login_protection_disabled_details

IamBpLoginProtectionDisabledDetails object

Finding details for disabled login protection.

iam_bp_mfa_unconfigured_details

IamBpMfaUnconfiguredDetails object

Finding details for unbound MFA.

iam_bp_assign_high_risk_sys_policy_or_role_to_user_details

IamBpAssignHighRiskSysPolicyOrRoleToUserDetails object

Finding details for attaching high-risk system permissions or roles to IAM users.

iam_bp_attach_high_risk_sys_identity_policy_to_user_details

IamBpAttachHighRiskSysIdentityPolicyToUserDetails object

Finding details for attaching high-risk system identity policies to IAM users.

iam_bp_assign_high_risk_sys_policy_or_role_to_agency_details

IamBpAssignHighRiskSysPolicyOrRoleToAgencyDetails object

Finding details for attaching high-risk system policies or roles to IAM agencies.

iam_bp_attach_high_risk_sys_identity_policy_to_agency_details

IamBpAttachHighRiskSysIdentityPolicyToAgencyDetails object

Finding details for attaching high-risk system identity policies to IAM agencies.
Table 5 ExternalAccessDetails

Parameter

Type

Description

action

Array of strings

Action that can be used by external principals.

condition

Array of FindingCondition objects

Condition that generates findings in the policy statement.

is_public

Boolean

Whether the policy that generates findings allows public access to resources.

principal

FindingPrincipal object

An external principal that accesses resources in a zone of trust.

sources

Array of strings

Source of findings, indicating how to grant access that generates the findings.
Table 6 FindingCondition

Parameter

Type

Description

key

String

Identifier or name of a condition key.

value

String

Value of the condition key.
Table 7 PrivilegeEscalationDetails

Parameter

Type

Description

actions

Array of strings

Specified set of operations to be analyzed.

resource

String

Unique identifier of a resource.

principal

FindingPrincipal object

Principal that accesses resources in a zone of trust.

active_action

String

Operations that can be triggered through privilege escalation access paths.

path

Array of PrivilegeEscalationStep objects

Step of the privilege escalation access path.
Table 8 PrivilegeEscalationStep

Parameter

Type

Description

principal

FindingPrincipal object

Principal that accesses resources in a zone of trust.

resources

Array of strings

Resources involved in this step.

action

String

Operations involved in this step.
Table 9 UnusedIamUserAccessKeyDetails

Parameter

Type

Description

access_key_id

String

Unique ID of a user access key.

last_accessed

String

Last access time of a user access key.
Table 10 UnusedIamUserPasswordDetails

Parameter

Type

Description

last_accessed

String

Last access time of a user password.
Table 11 UnusedPermissionDetails

Parameter

Type

Description

service

String

Name of the cloud service that the permission belongs to.

last_accessed

String

Last access time of the cloud service.

actions

Array of UnusedAction objects

Unused actions.
Table 12 UnusedAction

Parameter

Type

Description

action

String

Authorization item name.

last_accessed

AnyType

Last access time of the authorization item.
Table 13 UnusedIamAgencyDetails

Parameter

Type

Description

last_accessed

String

Last access time of the agency.
Table 14 IamBpRootUserHasAccessKeyDetails

Parameter

Type

Description

access_key_id

String

Unique ID of a user access key.

Minimum: 1

Maximum: 40

last_accessed

String

Last access time of a user access key.

created_at

String

Time when the user access key is created.
Table 15 IamBpAccessApiWithPasswordDetails

Parameter

Type

Description

user_id

String

Unique ID of the user.

Minimum: 1

Maximum: 36

last_access_api_with_pwd_at

String

Last time when a user accessed APIs with a password.

user_created_at

String

Time when the user was created.
Table 16 IamBpLoginProtectionDisabledDetails

Parameter

Type

Description

user_id

String

Unique ID of the user.

Minimum: 1

Maximum: 36

user_created_at

String

Time when the user was created.
Table 17 IamBpMfaUnconfiguredDetails

Parameter

Type

Description

user_id

String

Unique ID of the user.

Minimum: 1

Maximum: 36

user_created_at

String

Time when the user was created.
Table 18 IamBpAssignHighRiskSysPolicyOrRoleToUserDetails

Parameter

Type

Description

user_id

String

Unique ID of the user.

Minimum: 1

Maximum: 36

permission_name

String

Permission name.
Table 19 IamBpAttachHighRiskSysIdentityPolicyToUserDetails

Parameter

Type

Description

user_id

String

Unique ID of the user.

Minimum: 1

Maximum: 36

policy_name

String

Policy name.
Table 20 IamBpAssignHighRiskSysPolicyOrRoleToAgencyDetails

Parameter

Type

Description

agency_id

String

Unique ID of the agency.

Minimum: 1

Maximum: 36

permission_name

String

Permission name.
Table 21 IamBpAttachHighRiskSysIdentityPolicyToAgencyDetails

Parameter

Type

Description

agency_id

String

Unique ID of the agency.

Minimum: 1

Maximum: 36

policy_name

String

Policy name.
Table 22 FindingPrincipal

Parameter

Type

Description

identifier

String

Identifier of a principal.

type

String

Type of a principal.

  • all_principal: all principals

  • account

  • all_user_in_account: all users in an account

  • all_agency_in_account: all agencies in an account

  • all_identity_provider_in_account: all identity providers in an account

  • specific_user: specific user

  • specific_agency: specific agency

  • specific_group: specific user group

  • specific_identity_provider: specific identity provider

Example Requests

Retrieving information about the specified finding

GET https://{hostname}/v5/analyzers/{analyzer_id}/findings/{finding_id}

Example Responses

Status code: 200

OK

{
  "finding" : {
    "action" : [ "obs:bucket:listBucket" ],
    "analyzed_at" : "2023-09-07T08:04:41.698Z",
    "condition" : [ {
      "key" : "g:PrincipalOrgId",
      "value" : "org_id"
    } ],
    "created_at" : "2023-09-07T08:04:41.698Z",
    "id" : "{finding_id}",
    "is_public" : false,
    "principal" : {
      "identifier" : "{domain_id}",
      "type" : "account"
    },
    "resource" : "obs:{region_id}::bucket:{bucket_name}",
    "resource_owner_account" : "{domain_id}",
    "resource_type" : "obs:bucket",
    "sources" : [ "bucket_policy" ],
    "status" : "active",
    "updated_at" : "2023-09-07T08:04:41.698Z"
  }
}

Status Codes

Status Code

Description

200

OK

Error Codes

See Error Codes.

Parent topic: Findings