# Get resolved access Compute the effective access a user has across all entities in an organization. Resolves and returns the effective access level a user has for each entity, taking into account direct grants, department-based grants, role-based grants, and composite slice membership. Each entity entry includes grant paths showing how access was derived. #### Path Parameters **`organization_id`** string required The unique identifier of the organization (format: `org_*`). **`user_id`** string required The unique identifier of the user (format: `usr_*`). #### Query Parameters **`entity_type`** string optional Filter results to a specific entity type. Allowed values: `knowledge_slice`, `vector_store`, `assistant`. ## Returns A resolved access response containing the `user_id` and an `entities` array. Each entity includes `entity_type`, `entity_id`, `access_level` (the highest effective level), and `grant_paths` explaining how access was derived. Request ```bash cURL curl -s -X GET "https://api.aitronos.com/v1/organizations/org_xyz789/users/usr_def456/resolved-access?entity_type=knowledge_slice" \ -H "Authorization: Bearer $ACCESS_TOKEN" ``` ```python Python SDK from aitronos import Aitronos client = Aitronos(api_key="your-api-key") result = client.access_control.get_resolved_access( organization_id="org_xyz789", user_id="usr_def456", entity_type="knowledge_slice", ) print(result) ``` ```python Python import requests org_id = "org_xyz789" user_id = "usr_def456" url = f"https://api.aitronos.com/v1/organizations/{org_id}/users/{user_id}/resolved-access" headers = {"Authorization": "Bearer YOUR_ACCESS_TOKEN"} params = {"entity_type": "knowledge_slice"} response = requests.get(url, headers=headers, params=params) print(response.json()) ``` ```javascript JavaScript const orgId = "org_xyz789"; const userId = "usr_def456"; const params = new URLSearchParams({ entity_type: "knowledge_slice" }); const response = await fetch( `https://api.aitronos.com/v1/organizations/${orgId}/users/${userId}/resolved-access?${params}`, { headers: { "Authorization": `Bearer ${accessToken}`, }, } ); const data = await response.json(); console.log(data); ``` Response ```json 200 OK { "user_id": "usr_def456", "entities": [ { "entity_type": "knowledge_slice", "entity_id": "kslice_abc123", "access_level": "write", "grant_paths": [ { "type": "direct", "access_level": "read", "department_id": null, "role_id": null, "composite_id": null }, { "type": "department", "access_level": "write", "department_id": "dept_eng01", "role_id": null, "composite_id": null } ] }, { "entity_type": "knowledge_slice", "entity_id": "kslice_def456", "access_level": "admin", "grant_paths": [ { "type": "role", "access_level": "admin", "department_id": null, "role_id": "role_admin01", "composite_id": null } ] } ] } ``` ```json 401 Error { "success": false, "error": { "code": "AUTHENTICATION_REQUIRED", "message": "Please log in to continue.", "system_message": "Authentication required", "type": "client_error", "status": 401, "details": {}, "trace_id": "abc-123-def", "timestamp": "2025-11-02T08:21:45Z" } } ``` ## Related Resources - [List Grants](/docs/api-reference/access-control/list-grants) - [Create Grant](/docs/api-reference/access-control/create-grant) - [Bulk Create Grants](/docs/api-reference/access-control/bulk-create-grants) - [Update Grant](/docs/api-reference/access-control/update-grant) - [Revoke Grant](/docs/api-reference/access-control/revoke-grant) - [Slice Grants](/docs/api-reference/access-control/slice-grants) - [Store Grants](/docs/api-reference/access-control/store-grants) - [Assistant Grants](/docs/api-reference/access-control/assistant-grants) - [Users with Access](/docs/api-reference/access-control/users-with-access)