Joebeurg•15h ago

Role Filtering Administrators [GO SDK]

Hi, I am trying to retrieve list of Managers in an Org using the InternalPermissionServiceV2Beta, when using the filters with RoleKey, I get the following error: rpc error: code = InvalidArgument desc = List.Query.Invalid (ORG-vR9nC) Here is my code:

// Imports

filter "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/filter/v2beta"
internalPermission "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/internal_permission/v2beta"

// Logic
zOrgOwner, zOrgOwnerErr := z.InternalPermissionServiceV2Beta().ListAdministrators(request.Context(), &internalPermission.ListAdministratorsRequest{
    Pagination: &filter.PaginationRequest{
        Limit: 1,
    },
    Filters: []*internalPermission.AdministratorSearchFilter{
        {
            Filter: &internalPermission.AdministratorSearchFilter_And{
                And: &internalPermission.AndFilter{
                    Queries: []*internalPermission.AdministratorSearchFilter{
                        {
                            Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                                UserOrganizationId: &filter.IDFilter{
                                    Id: orgId,
                                },
                            },
                        },
                        {
                            Filter: &internalPermission.AdministratorSearchFilter_Role{
                                Role: &internalPermission.RoleFilter{
                                    RoleKey: "ORG_OWNER",
                                },
                            },
                        },
                    },
                },
            },
        },
    },
})

// Imports

filter "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/filter/v2beta"
internalPermission "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/internal_permission/v2beta"

// Logic
zOrgOwner, zOrgOwnerErr := z.InternalPermissionServiceV2Beta().ListAdministrators(request.Context(), &internalPermission.ListAdministratorsRequest{
    Pagination: &filter.PaginationRequest{
        Limit: 1,
    },
    Filters: []*internalPermission.AdministratorSearchFilter{
        {
            Filter: &internalPermission.AdministratorSearchFilter_And{
                And: &internalPermission.AndFilter{
                    Queries: []*internalPermission.AdministratorSearchFilter{
                        {
                            Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                                UserOrganizationId: &filter.IDFilter{
                                    Id: orgId,
                                },
                            },
                        },
                        {
                            Filter: &internalPermission.AdministratorSearchFilter_Role{
                                Role: &internalPermission.RoleFilter{
                                    RoleKey: "ORG_OWNER",
                                },
                            },
                        },
                    },
                },
            },
        },
    },
})

When I omit the AdministratorSearchFilter_Role I get the result and I can print the returned user's roles which I get: [ORG_OWNER] When I use the rolekey filter struct, I get the reported error above.

3 Replies

Ask Inkeep•15h ago

Hi @Joebeurg, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer The documentation for the InternalPermissionService ListAdministrators endpoint shows that filtering by role is supported via a filter object using a "role" key with a "roleKey" string value (1) . Example JSON for a filter:

{
  "role": {
    "roleKey": "string"
  }
}

{
  "role": {
    "roleKey": "string"
  }
}

However, the documentation does not provide a Go SDK example or details on how the Go struct for RoleFilter should be constructed, nor does it clarify accepted values for "roleKey" or the exact error scenario you describe . If omitting the RoleKey filter works but adding it produces an "InvalidArgument" error, possible issues may include: - The "roleKey" value must match exactly as defined in your ZITADEL instance. - The filter construction in Go must match the expected protobuf structure; any deviation (e.g., unset or nil fields) could cause an invalid request. The official documentation does not provide a direct Go code example for this scenario, so I cannot confirm the correct struct usage or value format from the sources . To learn more, see the sources I considered: [1] ListAdministrators Feel free to tag @Ask Inkeep with additional questions. Got it. Tagging @Rajat for additional help.

JoebeurgOP•15h ago

@Rajat the rolekey value for Org Owner found here: https://zitadel.com/docs/guides/manage/console/managers#:~:text=own%20Login%20UI.-,Org%20Owner,-ORG_OWNER

ZITADEL Docs

To configure managers in ZITADEL go to the resource where you like to add it (e.g Instance, Organization, Project, GrantedProject).

JoebeurgOP•15h ago

Also same error without using the AND query:

zOrgOwner, zOrgOwnerErr := z.InternalPermissionServiceV2Beta().ListAdministrators(request.Context(), &internalPermission.ListAdministratorsRequest{
    Pagination: &filter.PaginationRequest{
        Limit: 1,
    },
    Filters: []*internalPermission.AdministratorSearchFilter{
        {
            Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                UserOrganizationId: &filter.IDFilter{
                    Id: orgId,
                },
            },
        },
        {
            Filter: &internalPermission.AdministratorSearchFilter_Role{
                Role: &internalPermission.RoleFilter{
                    RoleKey: "ORG_OWNER",
                },
            },
        },
    },
})

zOrgOwner, zOrgOwnerErr := z.InternalPermissionServiceV2Beta().ListAdministrators(request.Context(), &internalPermission.ListAdministratorsRequest{
    Pagination: &filter.PaginationRequest{
        Limit: 1,
    },
    Filters: []*internalPermission.AdministratorSearchFilter{
        {
            Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                UserOrganizationId: &filter.IDFilter{
                    Id: orgId,
                },
            },
        },
        {
            Filter: &internalPermission.AdministratorSearchFilter_Role{
                Role: &internalPermission.RoleFilter{
                    RoleKey: "ORG_OWNER",
                },
            },
        },
    },
})

Role Filtering Administrators [GO SDK]

Did you find this page helpful?