gitlab-org--gitlab-foss/doc/api/graphql/audit_report.md

122 lines
3.9 KiB
Markdown

---
stage: Govern
group: Compliance
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Set up an Audit Report with GraphQL **(FREE)**
This page describes how you can use the GraphiQL explorer to set up an audit report
for a specific subset of users.
You can run the same query directly via a HTTP endpoint, using `cURL`. For more information, see our
guidance on getting started from the [command line](getting_started.md#command-line).
The [example users query](#set-up-the-graphiql-explorer) looks for a subset of users in
a GitLab instance either by username or
[Global ID](../../development/api_graphql_styleguide.md#global-ids).
The query includes:
- [`pageInfo`](#pageinfo)
- [`nodes`](#nodes)
## pageInfo
This contains the data needed to implement pagination. GitLab uses cursor-based
[pagination](getting_started.md#pagination). For more information, see
[Pagination](https://graphql.org/learn/pagination/) in the GraphQL documentation.
## nodes
In a GraphQL query, `nodes` is used to represent a collection of [`nodes` on a graph](https://en.wikipedia.org/wiki/Vertex_(graph_theory)).
In this case, the collection of nodes is a collection of `User` objects. For each one,
we output:
- Their user's `id`.
- The `membership` fragment, which represents a Project or Group membership belonging
to that user. Outputting a fragment is denoted with the `...memberships` notation.
The GitLab GraphQL API is extensive and a large amount of data for a wide variety of entities can be output.
See the official [reference documentation](reference/index.md) for the most up-to-date information.
## Set up the GraphiQL explorer
This procedure presents a substantive example that you can copy and paste into GraphiQL
explorer. GraphiQL explorer is available for:
- GitLab.com users at [https://gitlab.com/-/graphql-explorer](https://gitlab.com/-/graphql-explorer).
- Self-managed users at `https://gitlab.example.com/-/graphql-explorer`.
1. Copy the following code excerpt:
```graphql
{
users(usernames: ["user1", "user2", "user3"]) {
pageInfo {
endCursor
startCursor
hasNextPage
}
nodes {
id
...memberships
}
}
}
fragment membership on MemberInterface {
createdAt
updatedAt
accessLevel {
integerValue
stringValue
}
createdBy {
id
}
}
fragment memberships on User {
groupMemberships {
nodes {
...membership
group {
id
name
}
}
}
projectMemberships {
nodes {
...membership
project {
id
name
}
}
}
}
```
1. Open the [GraphiQL explorer tool](https://gitlab.com/-/graphql-explorer).
1. Paste the `query` listed above into the left window of your GraphiQL explorer tool.
1. Select **Play** to get the result shown here:
![GraphiQL explorer search for boards](img/user_query_example_v13_2.png)
NOTE:
[The GraphQL API returns a GlobalID, rather than a standard ID.](getting_started.md#queries-and-mutations) It also expects a GlobalID as an input rather than
a single integer.
This GraphQL query returns the groups and projects that the user has been *explicitly* made a member of.
Since the GraphiQL explorer uses the session token to authorize access to resources,
the output is limited to the projects and groups accessible to the currently signed-in user.
If you've signed in as an instance administrator, you would have access to all records, regardless of ownership.
For more information on:
- GraphQL specific entities, such as Fragments and Interfaces, see the official
[GraphQL documentation](https://graphql.org/learn/).
- Individual attributes, see the [GraphQL API Resources](reference/index.md).