> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bronto.io/llms.txt
> Use this file to discover all available pages before exploring further.

# List policies by resource



## OpenAPI

````yaml https://s3.eu-west-1.amazonaws.com/docs.brontobytes.io/redocusaurus/brontobytes.yaml get /policies/resources/{resource_type}/{resource_id}
openapi: 3.0.2
info:
  title: Bronto API
  license:
    name: Commercial
  version: 1.0.0
servers:
  - url: https://api.eu.bronto.io
  - url: https://api.us.bronto.io
security:
  - ApiKeyAuth: []
  - BearerAuth: []
tags:
  - name: api-keys
    description: >
      An Application Programming Interface (API) key is a unique identifier. 

      The API Key must be provided as X-BRONTO-API-KEY in headers for the
      request to be authenticated 

      and authorized by the API server according to the API Key's role. For
      further information about 

      roles visit [our API Key docs] 
      https://docs.bronto.io/manage/manage-api-keys
  - name: context
    description: >
      Context is a REST API resource that allows the retrieval of a specified
      number of log events (default of 100) around 

      a log event of interest, e.g. when a number of log events were returned by
      a previous query and you then decide you 

      want to see the 50 log events before one of those returned log events. Log
      events can be retrieved either before, 

      after, or both before and after the specified log event.
  - name: exports
    description: >
      The Bronto Export API allows you to efficiently download large volumes of
      log data for further analysis.

      The data to be exported can be filtered by entering the search parameters
      \"from\", \"where\" and \"time_range\" as

      per a normal query in the \"search_details\" object.


      To export data the following steps are required:

      1. Create an export using a POST request, which will return an
      \"export_id\", \"status\" and \"progress\".

      2. Use the export id to get the status of the export task by sending a GET
      request,

      which will return \"status\" and \"progress\" with a value of percentage
      completed. When the export is

      completed, the \"status\" will be \"COMPLETE\"

      3. Once the export task has completed you can download your data using
      curl (or similar)

      from the \"location\" URL returned in the GET response.
  - name: collections
    description: >
      Collections group datasets together. Each collection contains one or more
      datasets.
  - name: datasets
    description: >
      Datasets are a sequence of timestamped log events. Datasets can be
      searched to view events matching a filter

      or to perform statistical functions on matching events.
  - name: logs
    description: >
      Logs are a sequence of timestamped log events. Logs can be searched to
      view events matching a filter

      or to perform statistical functions on matching events.
  - name: search
    description: >
      The REST API for searching data uses queries based on a subset of SQL,
      with

      the syntax as per https://docs.bronto.io/query-syntax/overview
  - name: top-keys
    description: >
      Top-Keys is a REST API resource that allows you to easily retrieve the top
      keys for a specific log.
  - name: usage
    description: >
      Usage is a REST API resource that allows you to easily track your Bronto
      usage by retrieving usage data relating 

      to data ingestion and amount of data searched, and allowing you to drill
      down for a specific dataset over a defined timeframe.
  - name: users
    description: >
      Users are given specific roles, where each role determines the user's
      permissions within the application. Those roles are as follows:

      - "Admin" role has permission for all actions on all entities in the
      application.

      - "Standard" role allows Read/Write and Delete actions on entities in
      non-sensitive areas of the application.

      - "ReadOnly" role allows only read actions and only on entities in
      non-sensitive areas of the application.
  - name: config_assistant
    description: >
      The Config Assistant APIs provide endpoints for creating or modifying
      observability agent configurations.
  - name: patterns
    description: >
      Patterns return the Pattern IDs, templates, and source log ID for all logs
      matching the

      given search criteria.
paths:
  /policies/resources/{resource_type}/{resource_id}:
    get:
      tags:
        - policies
      summary: List policies by resource
      operationId: listPoliciesByResource
      parameters:
        - name: resource_type
          in: path
          description: The type of resource (e.g., "logset", "dataset").
          required: true
          schema:
            type: string
        - name: resource_id
          in: path
          description: The unique identifier of the resource.
          required: true
          schema:
            type: string
      responses:
        '200':
          description: A list of policies associated with the given resource.
          content:
            application/json:
              schema:
                type: object
                properties:
                  policies:
                    type: array
                    items:
                      $ref: '#/components/schemas/Policy'
        '400':
          description: Invalid request parameters.
        '500':
          description: Internal server error.
components:
  schemas:
    Policy:
      type: object
      properties:
        id:
          type: string
          description: The unique identifier for the policy.
          format: uuid
        description:
          type: string
          description: Description of the policy.
        policy_type:
          type: string
          description: The type of policy.
          enum:
            - ROLE_BASED
            - LOG_FORBID
            - LOG_PERMIT
            - CUSTOM
        resource:
          type: object
          description: The resource associated with this policy.
        actions:
          maxItems: 4
          type: array
          description: The actions allowed by this policy.
          items:
            type: string
        restricted:
          type: boolean
          description: Whether this policy is restricted.
        principal:
          type: object
          properties:
            principal_type:
              type: string
              description: The type of principal.
              enum:
                - ROLE
                - USER
                - APIKEY
            principal_id:
              type: string
              description: The unique identifier of the principal.
              format: uuid
          description: The principal this policy applies to.
        when:
          $ref: '#/components/schemas/ConditionSet'
        unless:
          $ref: '#/components/schemas/ConditionSet'
        created_at:
          type: integer
          description: Timestamp of when the policy was created.
          format: int64
        modified_at:
          type: integer
          description: Timestamp of when the policy was last modified.
          format: int64
    ConditionSet:
      type: object
      properties:
        resources:
          maxItems: 100
          type: array
          description: List of resource conditions.
          items:
            $ref: '#/components/schemas/Resource'
        principals:
          maxItems: 5
          type: array
          description: List of principal conditions.
          items:
            $ref: '#/components/schemas/Principal'
        context:
          maxItems: 5
          type: array
          description: List of context conditions.
          items:
            $ref: '#/components/schemas/ContextCondition'
      description: >-
        Defines a set of conditions under which a policy applies or does not
        apply.
    Resource:
      type: object
      properties:
        resource_type:
          type: string
          description: The type of the resource.
          enum:
            - ROLE
            - USER
            - APIKEY
            - LOG
            - LOG_SET
            - DASHBOARD
        resource_id:
          type: string
          description: The unique identifier of the resource.
    Principal:
      type: object
      properties:
        principal_type:
          type: string
          description: Type of the principal (Role, User, API Key)
          example: ROLE
          enum:
            - ROLE
            - USER
            - APIKEY
        principal_id:
          type: string
          description: Unique ID of the principal
          format: uuid
          example: 958fe2d8-532d-4d4c-803a-db69a14a7c37
    ContextCondition:
      type: object
      properties:
        key:
          type: string
          description: The context key being checked (e.g., "row_level").
        operator:
          type: string
          description: The comparison operator.
          enum:
            - '=='
            - '!='
            - <
            - <=
            - '>'
            - '>='
            - in
            - not in
            - like
        value:
          description: The expected value for the condition.
          oneOf:
            - type: string
            - type: boolean
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      name: X-BRONTO-API-KEY
      in: header
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

````