> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bronto.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Grant access to a user or group



## OpenAPI

````yaml https://s3.eu-west-1.amazonaws.com/docs.brontobytes.io/redocusaurus/brontobytes.yaml post /organizations/{orgId}/access/{entityType}/{entityId}
openapi: 3.0.2
info:
  title: Bronto API
  license:
    name: Commercial
  version: 1.0.0
servers:
  - url: https://api.eu.bronto.io
  - url: https://api.us.bronto.io
security:
  - ApiKeyAuth: []
  - BearerAuth: []
tags:
  - name: api-keys
    description: >
      An Application Programming Interface (API) key is a unique identifier. 

      The API Key must be provided as X-BRONTO-API-KEY in headers for the
      request to be authenticated 

      and authorized by the API server according to the API Key's role. For
      further information about 

      roles visit [our API Key docs] 
      https://docs.bronto.io/manage/manage-api-keys
  - name: context
    description: >
      Context is a REST API resource that allows the retrieval of a specified
      number of log events (default of 100) around 

      a log event of interest, e.g. when a number of log events were returned by
      a previous query and you then decide you 

      want to see the 50 log events before one of those returned log events. Log
      events can be retrieved either before, 

      after, or both before and after the specified log event.
  - name: exports
    description: >
      The Bronto Export API allows you to efficiently download large volumes of
      log data for further analysis.

      The data to be exported can be filtered by entering the search parameters
      \"from\", \"where\" and \"time_range\" as

      per a normal query in the \"search_details\" object.


      To export data the following steps are required:

      1. Create an export using a POST request, which will return an
      \"export_id\", \"status\" and \"progress\".

      2. Use the export id to get the status of the export task by sending a GET
      request,

      which will return \"status\" and \"progress\" with a value of percentage
      completed. When the export is

      completed, the \"status\" will be \"COMPLETE\"

      3. Once the export task has completed you can download your data using
      curl (or similar)

      from the \"location\" URL returned in the GET response.
  - name: collections
    description: >
      Collections group datasets together. Each collection contains one or more
      datasets.
  - name: datasets
    description: >
      Datasets are a sequence of timestamped log events. Datasets can be
      searched to view events matching a filter

      or to perform statistical functions on matching events.
  - name: logs
    description: >
      Logs are a sequence of timestamped log events. Logs can be searched to
      view events matching a filter

      or to perform statistical functions on matching events.
  - name: search
    description: >
      The REST API for searching data uses queries based on a subset of SQL,
      with

      the syntax as per https://docs.bronto.io/query-syntax/overview
  - name: top-keys
    description: >
      Top-Keys is a REST API resource that allows you to easily retrieve the top
      keys for a specific log.
  - name: usage
    description: >
      Usage is a REST API resource that allows you to easily track your Bronto
      usage by retrieving usage data relating 

      to data ingestion and amount of data searched, and allowing you to drill
      down for a specific dataset over a defined timeframe.
  - name: users
    description: >
      Users are given specific roles, where each role determines the user's
      permissions within the application. Those roles are as follows:

      - "Admin" role has permission for all actions on all entities in the
      application.

      - "Standard" role allows Read/Write and Delete actions on entities in
      non-sensitive areas of the application.

      - "ReadOnly" role allows only read actions and only on entities in
      non-sensitive areas of the application.
  - name: config_assistant
    description: >
      The Config Assistant APIs provide endpoints for creating or modifying
      observability agent configurations.
  - name: patterns
    description: >
      Patterns return the Pattern IDs, templates, and source log ID for all logs
      matching the

      given search criteria.
paths:
  /organizations/{orgId}/access/{entityType}/{entityId}:
    post:
      tags:
        - access
      summary: Grant access to a user or group
      operationId: grantAccess
      parameters:
        - name: orgId
          in: path
          required: true
          schema:
            type: string
        - name: entityType
          in: path
          required: true
          schema:
            type: string
            enum:
              - user
              - group
        - name: entityId
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              required:
                - roles
                - status
              type: object
              properties:
                roles:
                  type: array
                  description: >
                    List of role IDs to assign. Can be UUIDs (custom roles) or
                    system role IDs like "Admin", "Standard", "ReadOnly",
                    "SearchApi", "IngestionApi", "AdminApi".
                  items:
                    pattern: >-
                      ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}|Admin|Standard|ReadOnly|SearchApi|IngestionApi|AdminApi)$
                    type: string
                status:
                  type: string
                  description: Status of the access grant.
                  enum:
                    - active
                    - invited
        required: true
      responses:
        '204':
          description: Access granted
        '400':
          description: Invalid request
        '500':
          description: Internal server error
components:
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      name: X-BRONTO-API-KEY
      in: header
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

````