Has External Permissions (REST API Only)
Learn how to use the Has External Permissions transform entity type using the DryvIQ REST API.
Written by Andrea Harvey
Updated at May 7th, 2025
Table of Contents
Overview
The DryvIQ Platform supports creating custom entity types that detect external email domains in file permissions. These entity types must be created manually using the DryvIQ REST API (via Postman or a command line tool such as PowerShell).
Creating the Entity Type
Endpoint
The REST endpoint for the call is {{url}}v1/entity_types?fields=all, where {{url}} should be replaced with the base URL of your DryvIQ Platform installation (for example, https://192.168.6.14:32700/).
Request Format
Format the body of the request like the sample below.
{
"kind": "transform",
"property": "has_external_permissions",
"name": "External Account (via REST)",
"description": "Sample adhoc 'transformer' entity type that detects extern domains in user accounts.",
"category": {
"id": "3e7f1c1c941243919091bf9ee5d0f892"
},
"expression": "HasExternalPermissions([file_permissions],\"{{domain_whitelist}}\")"
}| Property | Value |
|---|---|
| kind | This value must be “transform”. |
| property | This must be a unique value. DryvIQ recommends using “has_external_permissions.” |
| name | Enter a name for the entity type you are creating. This name is displayed in the user interface, so ensure it readily identifies the entity type function. The sample above uses “External Account (via REST)” to indicate that this entity type identifies external accounts and was created using the REST API. |
| description | The description is available only when viewing the entity type details. It is limited to 256 characters and helps users understand what the entity type is attempting to accomplish. |
| category: id | You must use 3e7f1c1c941243919091bf9ee5d0f892 as the ID. This ensures DryvIQ adds the entity type to the correct category. |
| expression | You must use HasExternalPermissions([file_permissions],\"{{domain_whitelist}}\), where {{domain_whitelist}} should be replaced by a list of internal domains for this installation. If there is more than one internal domain, separate them by commas (for example, domain1.com,domain2.com,domain3.com etc.). |
Once created, you can view the entity type in the Entity Types section (under Manage in the left menu).
Using the Entity Type
- Create the entity type: Create the has_external_permissions entity type via the REST API. (See above for the REST API information.)
-
Add the entity type to a scan: When adding the scan categories to a content scan, you must add them in the following order:
- You must add the Access and Sharing category first. This step is important. The Access and Sharing category must be added to the scan BEFORE selecting the new entity type.
- Add the Miscellaneous category and select the has_external_permissions entity type you created.