Search Query Reference
This page provides a list of attributes and keywords that are used in Hub query language.
For information about Hub search syntax, see Search Query Grammar.
Operators
Use the following operators to create logical combinations of attributes in a search query.
Operator | Description | |
|---|---|---|
not | Exclude a subset from a set of search query results. For example, to find users that do not have a Google login associated with their account and have any role granted directly to their account, enter: not authModule: Google and has: ownRole | |
and | Combine multiple search attributes to expand the search request. The AND-expression is always processed as group and has a higher priority than OR-expressions in the query. For example, to find all projects in which a user "Vader" has Developer role and also a user "Yoda" has any access, enter: accessible(for: {Vader}, with: Developer) and accessible(for: Yoda) | |
or | Combine multiple search attribute subsets to restrict the search request. For example, to find users that can administrate YouTrack service, enter: (login: admin or login: root) and hasLicense: YouTrack | |
( ) | Combine various search attributes to change the order in which attributes and operators are processed. The part of a search query inside the parentheses has priority and is always processed as a single unit. For example, to find all users that have "Low-level Admin Read" access permissions in the "Death Star" project, and are either members of the "star-team" group or have the login name "admin", on the Users page, enter: (login: admin or group: star-team) and access(project: {Death Star}, with: {Low-level Admin Read}) |
Symbols
The following symbols can be used to extend or refine a search query.
Symbol | Description |
|---|---|
, | List multiple values for a single attribute or a sub-query. For example, to find user accounts with the login name login: {darth.vader}, yoda access(project: DS,with: Developer) |
{ } | Encloses attribute values that contain spaces. For example, to find a project that has the specified resource (let's say a project in YouTrack), on the Projects page, enter: resource: {Death Star Backlog} |
Boolean Search
The has and is keywords function as Boolean search terms. When used in a search query, they return all entities that contain a value for the specified attribute. Use the not operator (-) before the specified attribute to find entities that have empty values.
For example, to find all trusted services that have any resources, open the Services page and enter:
The attributes that you can use in combination with the has and is keywords depend on the type of the entity that you search for. See a section related to a particular entity type for the list of available attributes.
Date and Period Values
Several search attributes reference values that are stored as a date. You can search for dates as single values or use a range of values to define a period.
Specify dates in the format: YYYY-MM-DD or YYYY-MM or MM-DD. You also can specify a time in 24h format: HH:MM:SS or HH:MM. To specify both date and time, use the format: YYYY-MM-DD}T{HH:MM:SS. For example, to find all accounts that were created after 12:00 of May 26, 2017, on the Users page, enter:
Search by ID
Every entity in Hub has its unique identifier. You can find the entity ID in logs, events, URLs and API requests and responses.
You can use the entity ID in a search query only on the page that lists entities of the same type. That is: searching by an ID of a user account on the Services page returns no results. However, if you use the same ID to filter the list of Users, you can navigate directly to the profile for the user with this ID.
Text Search
Hub offers limited support for text-based search. With text-based search, you don't specify the attribute that you want to search for. Instead, you enter the value or partial value directly.
On most pages, Hub returns a list of entities whose name starts with the specified string.
For pages that list users, Hub supports the following behavior:
When you enter a string of text, the query returns all users whose full name, username, or email starts with the specified string.
When you specify all or part of an email domain, the query returns all users whose email starts with the specified string.
You can use text-based search strings in combination with any other search terms that use attribute and value pairs.
Projects
Hub supports the following attributes in search queries that are applied as a filter on the Projects page:
Attribute | Value | Description |
|---|---|---|
key | <project key> | Returns a project with the specified key. For example: |
name | <project name> | Returns a project with the specified name. For example: |
resource | <resource name> | Returns projects with the specified resource. For example: |
has | resource | Returns projects that have any associated resources. |
is | archived | Returns archived projects. |
Supported sub-queries
Sub-query | Description |
|---|---|
accessible(for: user, with: role) | Returns projects where the user is granted access with the specified role. For example: accessible(for: Vader, with: {Project Admin}) |
accessible(for: group, with: role) | Returns projects that the specified group can access with the specified role. For example: accessible(for: {Storm Troopers}, with: Developer) |
accessible(for: service, with: role) | Returns projects that the specified service can access with the specified role. For example: accessible(for:YouTrack, with: {Public Observer}) |
accessible(for: user, with: permission) | Returns projects that the specified user can access with the specified permission. For example: accessible(for:Vader, with: {Read Issue}) |
accessible(for: group, with: permission) | Returns projects that the group can access with the specified permission. For example: accessible(for: Ewoks, with: {Update Project}) |
accessible(for: service, with: permission) | Returns projects that the service can access with the specified permission. For example: accessible(for:YouTrack, with: {Read Project}) |
accessible(for: user) | Returns projects that the specified user can access. For example: accessible(for: Yoda}) |
accessible(for: group) | Returns projects that the specified group can access. For example: accessible(for: {Jedi Order}) |
accessible(for: service) | Returns projects that the specified service can access. For example: accessible(for: {Jedi Mobile}) |
accessible(with: role) | Returns projects for which a user or a group is granted the specified role. For example: accessible(with: Developer) |
accessible(with: permission) | Returns projects for which a user or a group is granted the specified permission. For example: accessible(with: {Read Project}) |
favorite(for: username) | Returns projects that the specified user has marked as a favorite. For example: favorite(for: Leia_Organa) |
resource(key: resourceKey, service: service) | Returns projects with the specified resource of the specified service. For example: resource(key:DSB, service:{Death Star Tracker) |
resource(service: service) | Returns projects with resources of the specified service. For example: resource(service: {Death Star Tracker) |
Users
Hub supports the following attributes in search queries that are applied as a filter on the Users page. You can also use these search attributes to filter users in the Members tab on group profile pages:
Attribute | Value | Description |
|---|---|---|
login | <user login> | Returns a user with the specified Hub login name. For example: |
loginStartsWith | <string> | Returns users with login names that start with the specified prefix. |
name | <user full name> | Returns a user with the specified full name in Hub. For example: |
nameStartsWith | string | Returns users with the full name that start with the specified prefix. |
Returns users with the specified email. | ||
vcsUserName | <VCS User Name> | Returns users with the specified VCS username. |
ownRole | <role> | Returns users with the specified role that is granted directly in any project. |
in | <group> | Returns users that are members of the specified group or any of its subgroups. |
group | group | Returns users that are members of the specified group. |
authMethod authModule | authModule | Returns users with user details associated with the specified auth provider. |
authName | userName | Returns users with the specified full name in any auth provide service enabled in Hub (including Hub auth module) |
authLogin | userLogin | Returns users with the specified login name registered in any auth provider service enabled in Hub (including Hub auth module) |
originService | service | Returns user accounts with credentials that were imported from the specified service. |
googleID | value | Returns all user accounts with the specified googleID identifier |
openID | value | Returns user accounts with the specified openID identifier |
sshPublicKey | value | Returns a user account that has SSH public key with the specified fingerprint. |
hasLicense | service | Returns users who are licensed to use the specified service. |
after | Returns user accounts that were created after the specified date. For example: To find all accounts that were created after 12:00 of May 26, 2017, enter | |
before | Returns user accounts that were created before the specified date. For example: To find all accounts that have a license for the YouTrack service and that were created before May 26, 2017, enter: | |
has | ownRole | Users with own roles |
group | Returns users that are members of any group apart from the All Users group. | |
2FA | Returns users who have enabled two-factor authentication for their Hub accounts. | |
authMethod | Returns users that have at least one set of credentials. | |
Returns user accounts that have at least one email defined. | ||
originService | Returns user accounts with a set of credentials that was imported from a service. | |
login | Returns user accounts that have credentials created in Hub service, and not imported from a service or another auth provider. | |
sshPublicKey | Returns users that have SSH public key. | |
license | Returns user accounts that are granted with any license. | |
refresh token | User who has emitted refresh tokens | |
permanent token | Returns user accounts that have generated a permanent token. | |
approved resource | Users with approved resources | |
is | guest | The guest user |
banned | Banned users | |
supporting2FA | Returns users who have at least one set of credentials that is capable of supporting two-factor authentication in Hub. This includes credentials that are provided by the Hub, Atlassian Jira, and LDAP-based authentication modules. |
Supported sub-queries
Sub-query | Description |
|---|---|
access(project: project, with: role) | Returns users who have the specified role in the specified project |
access(project: project, with: permission) | Returns users who have the specified permission in the specified project |
access(project: project) | Returns users who have any role granted in the specified project |
access(with: role) | Returns users who have the specified role granted in any project |
access(with: permission) | Returns users who have the specified permission in any project |
lastAccess(after: instant) | Returns users that accessed Hub after the specified date |
lastAccess(before: instant) | Returns users that accessed Hub before the specified date |
lastAccess(after: instant, before: instant) | Returns users that accessed Hub between the specified dates |
Groups
Hub supports the following attributes in search queries that are applied as a filter on the Groups page:
Attribute | Value | Description |
|---|---|---|
id | <group id> | Returns a group with the specified id and opens its page. |
name | <group name> | Returns a group by its name. |
user | <user name> <user login> | Returns groups that contain the specified user. |
parent | <group> | Returns sub-groups of the specified parent group. |
subgroup | <group> | Returns a parent group that contains the specified sub-group. |
project | <project name> <project key> | Returns all groups from the specified project. |
has | user | Returns groups that have members. |
subgroup | Returns groups that have at least one sub-group. | |
ownRole | Returns groups that are granted at least one role in a project directly. | |
icon | Returns groups with an icon. | |
is | allUsers | Returns the All Users group. |
autoJoin | Returns groups with enabled auto-join option. | |
required2FA | Returns groups for which the option to require two-factor authentication (2FA) is enabled. |
Supported sub-queries
Sub-query | Description |
|---|---|
access(project: project, with: role) | Returns groups that have the specified role granted in the specified project. |
access(project: project, with: permission) | Returns groups that have the specified permission granted in the specified project. |
access(project: project) | Returns groups that have any permission granted in the specified project |
access(with: role) | Returns groups that have the specified role granted in any project. |
access(with: permission) | Returns groups that have the specified permission granted in any project. |
Roles
Hub supports the following attributes in search queries that return roles:
Attribute | Value | Description |
|---|---|---|
id | value | Returns a role with the specified id and opens its page. |
key | <role key> | Returns a role with the specified key. |
name | <role name> | Returns a role with the specified name. |
permission | <permission> | Returns roles that include the specified permission. |
has | permission | Returns roles with at least one permission. |
Supported sub-queries
Sub-query | Description |
|---|---|
permission(key: permissionKey, service: service) | Returns roles that include the specified permission from the specified service. For example, to find roles that contain permission to create groups in the service "YouTrack Administration", enter permission(key: {jetbrains.jetpass.group-create}, service: {YouTrack Administration}) Note that each part of the permission key is indexed separately, so you can see relevant suggestions just by typing the name of the entity that the permission relates to. |
permission(service: service) | Returns roles that include any permission from the specified service. For example, to find roles that contain permission from the service "Dark Forth", enter permission(service: {Dark Side}) |
Auth Modules
Hub supports the following attributes in search queries that return auth modules:
Attribute | Value | Description |
|---|---|---|
serverUrl | authModuleServerUrl | Returns auth modules that have the specified server Url. |
name | authModuleName | Returns an auth provider with the specified name |
type | authModuleType | Returns auth providers of the specified type. |
user | <user> | Returns all auth modules that provide login credentials for the specified user. |
has | user | Returns auth modules that have associated users. |
is | disabled | Returns the list of all disabled auth modules. |
Trusted SSL Certificates
Hub supports the following attributes in search queries that return trusted SSL certificates:
Attribute | Value | Description |
|---|---|---|
id | <cert id> | Returns a certificate with the specified ID. |
name | <certificate name> | Returns an SSL certificate with the specified name. |
is | enabled | Returns the list of all enabled trusted certificates. |
SSL Keystores
Hub supports the following attributes in search queries that return SSL keystores:
Attribute | Value | Description |
|---|---|---|
id | <keystore id> | Returns a keystore with the specified ID. |
name | <keystore name> | Returns a keystore with the specified name. |
Services
Hub supports the following attributes in search queries that return services:
Attribute | Value | Description |
|---|---|---|
id | <service id> | Returns a service with the specified id |
key | <service key> | Returns a service with the specified key |
name | <service name> | Returns a service with the specified name |
applicationName | <service application name> | Returns services with the specified application name |
vendor | <vendor name> | Returns services from the specified vendor |
version | <version number> | Returns services of the specified version |
homeUrl | <URL> | Returns services with the specified homeURL |
userUriPattern | <URI> | Returns services with the specified user uri |
groupUriPattern | <URI> | Returns services with the specified group uri |
redirectUri | <URI> | Returns services with the specified redirectUri |
permission | <permission> | Returns a service that provide the specified permission |
defaultRole | <role name> | Returns a service that provide the specified default role |
resource | <resource name> | Returns a service that holds the specified resource |
has | applicationName | Returns services with defined applicationName |
vendor | Returns services with vendor name provided. | |
version | Returns services with the version provided. | |
homeUrl | Returns services with the homeUrl provided. | |
userUriPattern | Returns services with the user URI provided. | |
groupUriPattern | Returns services with the group URI provided. | |
redirectUri | Returns services with Redirect URI provided. | |
permission | Returns services that provide any permissions. | |
defaultRole | Returns services that provide any permissions. | |
resource | Returns services that provide any resources. | |
license | Returns services that require license. | |
is | trusted | Returns trusted services. |
Audit Events
Hub supports the following attributes when searching the list of audit events:
Attribute | Value | Description |
|---|---|---|
author | <user> <group> <service> | Returns events triggered by the specified user, group or service. |
event | Created Updated Deleted | Returns events of the specified type. For example, |
entityType | <type> | Returns events related to the entities of the specified type. For example, |
target | string | Returns events related to the specified target. |
authModule | Returns events related to the specified auth module. | |
role | Returns events related to the specified role. | |
service | Returns events related to the specified service. | |
user | Returns events related to the specified user. | |
group | Returns events related to the specified group. | |
before | Returns events registered before the specified moment. | |
beforeId | string | Events before the specified id (including) |
after | Returns events registered after the specified moment. | |
afterId | string | Events after the specified id (excluding) |