Hub 2024.3 Help

Search Query Reference

This page provides a list of attributes and keywords that are used in Hub query language.

For information about Hub search syntax, see Search Query Grammar.

Operators

Use the following operators to create logical combinations of attributes in a search query.

Operator

Description

not

Exclude a subset from a set of search query results.

For example, to find users that do not have a Google login associated with their account and have any role granted directly to their account, enter:

not authModule: Google and has: ownRole

and

Combine multiple search attributes to expand the search request.

The AND-expression is always processed as group and has a higher priority than OR-expressions in the query.

For example, to find all projects in which a user "Vader" has Developer role and also a user "Yoda" has any access, enter:

accessible(for: {Vader}, with: Developer) and accessible(for: Yoda)

or

Combine multiple search attribute subsets to restrict the search request.

For example, to find users that can administrate YouTrack service, enter:

(login: admin or login: root) and hasLicense: YouTrack

( )

Combine various search attributes to change the order in which attributes and operators are processed. The part of a search query inside the parentheses has priority and is always processed as a single unit.

For example, to find all users that have "Low-level Admin Read" access permissions in the "Death Star" project, and are either members of the "star-team" group or have the login name "admin", on the Users page, enter:

(login: admin or group: star-team) and access(project: {Death Star}, with: {Low-level Admin Read})

Symbols

The following symbols can be used to extend or refine a search query.

Symbol

Description

,

List multiple values for a single attribute or a sub-query.

For example, to find user accounts with the login name darth.vader or yoda that have access with the Developer role to the project with the key "DS", enter:

login: {darth.vader}, yoda access(project: DS,with: Developer)

{ }

Encloses attribute values that contain spaces.

For example, to find a project that has the specified resource (let's say a project in YouTrack), on the Projects page, enter:

resource: {Death Star Backlog}

The has and is keywords function as Boolean search terms. When used in a search query, they return all entities that contain a value for the specified attribute. Use the not operator (-) before the specified attribute to find entities that have empty values.

For example, to find all trusted services that have any resources, open the Services page and enter:

has: resource is: trusted

The attributes that you can use in combination with the has and is keywords depend on the type of the entity that you search for. See a section related to a particular entity type for the list of available attributes.

Date and Period Values

Several search attributes reference values that are stored as a date. You can search for dates as single values or use a range of values to define a period.

Specify dates in the format: YYYY-MM-DD or YYYY-MM or MM-DD. You also can specify a time in 24h format: HH:MM:SS or HH:MM. To specify both date and time, use the format: YYYY-MM-DD}T{HH:MM:SS. For example, to find all accounts that were created after 12:00 of May 26, 2017, on the Users page, enter:

after: {2017-05-26T12:00}

Search by ID

Every entity in Hub has its unique identifier. You can find the entity ID in logs, events, URLs and API requests and responses.

You can use the entity ID in a search query only on the page that lists entities of the same type. That is: searching by an ID of a user account on the Services page returns no results. However, if you use the same ID to filter the list of Users, you can navigate directly to the profile for the user with this ID.

Hub offers limited support for text-based search. With text-based search, you don't specify the attribute that you want to search for. Instead, you enter the value or partial value directly.

On most pages, Hub returns a list of entities whose name starts with the specified string.

Hub text search

For pages that list users, Hub supports the following behavior:

  • When you enter a string of text, the query returns all users whose full name, username, or email starts with the specified string.

  • When you specify all or part of an email domain, the query returns all users whose email starts with the specified string.

You can use text-based search strings in combination with any other search terms that use attribute and value pairs.

Projects

Hub supports the following attributes in search queries that are applied as a filter on the Projects page:

Attribute

Value

Description

key

<project key>

Returns a project with the specified key. For example: key: DSB

name

<project name>

Returns a project with the specified name. For example: name: {Death Star Development}

resource

<resource name>

Returns projects with the specified resource. For example: resource: {Death Star Backlog}

has

resource

Returns projects that have any associated resources.

is

archived

Returns archived projects.

Supported sub-queries

Sub-query

Description

accessible(for: user, with: role)

Returns projects where the user is granted access with the specified role. For example:

accessible(for: Vader, with: {Project Admin})

accessible(for: group, with: role)

Returns projects that the specified group can access with the specified role. For example:

accessible(for: {Storm Troopers}, with: Developer)

accessible(for: service, with: role)

Returns projects that the specified service can access with the specified role. For example:

accessible(for:YouTrack, with: {Public Observer})

accessible(for: user, with: permission)

Returns projects that the specified user can access with the specified permission. For example:

accessible(for:Vader, with: {Read Issue})

accessible(for: group, with: permission)

Returns projects that the group can access with the specified permission. For example:

accessible(for: Ewoks, with: {Update Project})

accessible(for: service, with: permission)

Returns projects that the service can access with the specified permission. For example:

accessible(for:YouTrack, with: {Read Project})

accessible(for: user)

Returns projects that the specified user can access. For example:

accessible(for: Yoda})

accessible(for: group)

Returns projects that the specified group can access. For example:

accessible(for: {Jedi Order})

accessible(for: service)

Returns projects that the specified service can access. For example:

accessible(for: {Jedi Mobile})

accessible(with: role)

Returns projects for which a user or a group is granted the specified role. For example:

accessible(with: Developer)

accessible(with: permission)

Returns projects for which a user or a group is granted the specified permission. For example:

accessible(with: {Read Project})

favorite(for: username)

Returns projects that the specified user has marked as a favorite. For example:

favorite(for: Leia_Organa)

resource(key: resourceKey, service: service)

Returns projects with the specified resource of the specified service. For example:

resource(key:DSB, service:{Death Star Tracker)

resource(service: service)

Returns projects with resources of the specified service. For example:

resource(service: {Death Star Tracker)

Users

Hub supports the following attributes in search queries that are applied as a filter on the Users page. You can also use these search attributes to filter users in the Members tab on group profile pages:

Attribute

Value

Description

login

<user login>

Returns a user with the specified Hub login name. For example: login: darth.vader

loginStartsWith

<string>

Returns users with login names that start with the specified prefix.

name

<user full name>

Returns a user with the specified full name in Hub. For example: name: {Darth Vader}

nameStartsWith

string

Returns users with the full name that start with the specified prefix.

email

email

Returns users with the specified email.

vcsUserName

<VCS User Name>

Returns users with the specified VCS username.

ownRole

<role>

Returns users with the specified role that is granted directly in any project.

in

<group>

Returns users that are members of the specified group or any of its subgroups.

group

group

Returns users that are members of the specified group.

authMethod

authModule

authModule

Returns users with user details associated with the specified auth provider.

authName

userName

Returns users with the specified full name in any auth provide service enabled in Hub (including Hub auth module)

authLogin

userLogin

Returns users with the specified login name registered in any auth provider service enabled in Hub (including Hub auth module)

originService

service

Returns user accounts with credentials that were imported from the specified service.

googleID

value

Returns all user accounts with the specified googleID identifier

openID

value

Returns user accounts with the specified openID identifier

sshPublicKey

value

Returns a user account that has SSH public key with the specified fingerprint.

hasLicense

service

Returns users who are licensed to use the specified service.

after

date

Returns user accounts that were created after the specified date. For example: To find all accounts that were created after 12:00 of May 26, 2017, enter after: {2017-05-26T12:00}

before

date

Returns user accounts that were created before the specified date. For example: To find all accounts that have a license for the YouTrack service and that were created before May 26, 2017, enter: before: {2017-05-26} hasLicense: YouTrack

has

ownRole

Users with own roles

group

Returns users that are members of any group apart from the All Users group.

2FA

Returns users who have enabled two-factor authentication for their Hub accounts.

authMethod

Returns users that have at least one set of credentials.

email

Returns user accounts that have at least one email defined.

originService

Returns user accounts with a set of credentials that was imported from a service.

login

Returns user accounts that have credentials created in Hub service, and not imported from a service or another auth provider.

sshPublicKey

Returns users that have SSH public key.

license

Returns user accounts that are granted with any license.

refresh token

User who has emitted refresh tokens

permanent token

Returns user accounts that have generated a permanent token.

approved resource

Users with approved resources

is

guest

The guest user

banned

Banned users

supporting2FA

Returns users who have at least one set of credentials that is capable of supporting two-factor authentication in Hub. This includes credentials that are provided by the Hub, Atlassian Jira, and LDAP-based authentication modules.

Supported sub-queries

Sub-query

Description

access(project: project, with: role)

Returns users who have the specified role in the specified project

access(project: project, with: permission)

Returns users who have the specified permission in the specified project

access(project: project)

Returns users who have any role granted in the specified project

access(with: role)

Returns users who have the specified role granted in any project

access(with: permission)

Returns users who have the specified permission in any project

lastAccess(after: instant)

Returns users that accessed Hub after the specified date

lastAccess(before: instant)

Returns users that accessed Hub before the specified date

lastAccess(after: instant, before: instant)

Returns users that accessed Hub between the specified dates

Groups

Hub supports the following attributes in search queries that are applied as a filter on the Groups page:

Attribute

Value

Description

id

<group id>

Returns a group with the specified id and opens its page.

name

<group name>

Returns a group by its name.

user

<user name>

<user login>

Returns groups that contain the specified user.

parent

<group>

Returns sub-groups of the specified parent group.

subgroup

<group>

Returns a parent group that contains the specified sub-group.

project

<project name>

<project key>

Returns all groups from the specified project.

has

user

Returns groups that have members.

subgroup

Returns groups that have at least one sub-group.

ownRole

Returns groups that are granted at least one role in a project directly.

icon

Returns groups with an icon.

is

allUsers

Returns the All Users group.

autoJoin

Returns groups with enabled auto-join option.

required2FA

Returns groups for which the option to require two-factor authentication (2FA) is enabled.

Supported sub-queries

Sub-query

Description

access(project: project, with: role)

Returns groups that have the specified role granted in the specified project.

access(project: project, with: permission)

Returns groups that have the specified permission granted in the specified project.

access(project: project)

Returns groups that have any permission granted in the specified project

access(with: role)

Returns groups that have the specified role granted in any project.

access(with: permission)

Returns groups that have the specified permission granted in any project.

Roles

Hub supports the following attributes in search queries that return roles:

Attribute

Value

Description

id

value

Returns a role with the specified id and opens its page.

key

<role key>

Returns a role with the specified key.

name

<role name>

Returns a role with the specified name.

permission

<permission>

Returns roles that include the specified permission.

has

permission

Returns roles with at least one permission.

Supported sub-queries

Sub-query

Description

permission(key: permissionKey, service: service)

Returns roles that include the specified permission from the specified service. For example, to find roles that contain permission to create groups in the service "YouTrack Administration", enter

permission(key: {jetbrains.jetpass.group-create}, service: {YouTrack Administration})

Note that each part of the permission key is indexed separately, so you can see relevant suggestions just by typing the name of the entity that the permission relates to.

permission(service: service)

Returns roles that include any permission from the specified service. For example, to find roles that contain permission from the service "Dark Forth", enter

permission(service: {Dark Side})

Auth Modules

Hub supports the following attributes in search queries that return auth modules:

Attribute

Value

Description

serverUrl

authModuleServerUrl

Returns auth modules that have the specified server Url.

name

authModuleName

Returns an auth provider with the specified name

type

authModuleType

Returns auth providers of the specified type.

user

<user>

Returns all auth modules that provide login credentials for the specified user.

has

user

Returns auth modules that have associated users.

is

disabled

Returns the list of all disabled auth modules.

Hub supports the following attributes in search queries that return trusted SSL certificates:

Attribute

Value

Description

id

<cert id>

Returns a certificate with the specified ID.

name

<certificate name>

Returns an SSL certificate with the specified name.

is

enabled

Returns the list of all enabled trusted certificates.

Hub supports the following attributes in search queries that return SSL keystores:

Attribute

Value

Description

id

<keystore id>

Returns a keystore with the specified ID.

name

<keystore name>

Returns a keystore with the specified name.

Hub supports the following attributes in search queries that return services:

Attribute

Value

Description

id

<service id>

Returns a service with the specified id

key

<service key>

Returns a service with the specified key

name

<service name>

Returns a service with the specified name

applicationName

<service application name>

Returns services with the specified application name

vendor

<vendor name>

Returns services from the specified vendor

version

<version number>

Returns services of the specified version

homeUrl

<URL>

Returns services with the specified homeURL

userUriPattern

<URI>

Returns services with the specified user uri

groupUriPattern

<URI>

Returns services with the specified group uri

redirectUri

<URI>

Returns services with the specified redirectUri

permission

<permission>

Returns a service that provide the specified permission

defaultRole

<role name>

Returns a service that provide the specified default role

resource

<resource name>

Returns a service that holds the specified resource

has

applicationName

Returns services with defined applicationName

vendor

Returns services with vendor name provided.

version

Returns services with the version provided.

homeUrl

Returns services with the homeUrl provided.

userUriPattern

Returns services with the user URI provided.

groupUriPattern

Returns services with the group URI provided.

redirectUri

Returns services with Redirect URI provided.

permission

Returns services that provide any permissions.

defaultRole

Returns services that provide any permissions.

resource

Returns services that provide any resources.

license

Returns services that require license.

is

trusted

Returns trusted services.

Hub supports the following attributes when searching the list of audit events:

Attribute

Value

Description

author

<user>

<group>

<service>

Returns events triggered by the specified user, group or service.

event

Created

Updated

Deleted

Returns events of the specified type. For example, event: Deleted author: admin

entityType

<type>

Returns events related to the entities of the specified type. For example, entityType:service event:Created

target

string

Returns events related to the specified target.

authModule

Returns events related to the specified auth module.

role

Returns events related to the specified role.

service

Returns events related to the specified service.

user

Returns events related to the specified user.

group

Returns events related to the specified group.

before

<date>

Returns events registered before the specified moment.

beforeId

string

Events before the specified id (including)

after

<date>

Returns events registered after the specified moment.

afterId

string

Events after the specified id (excluding)

Last modified: 09 November 2023