Joebeurg
Joebeurgā€¢2mo ago

Role Filtering Administrators [GO SDK]

Hi, I am trying to retrieve list of Managers in an Org using the InternalPermissionServiceV2Beta, when using the filters with RoleKey, I get the following error: rpc error: code = InvalidArgument desc = List.Query.Invalid (ORG-vR9nC) Here is my code: 
// Imports

filter "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/filter/v2beta"
internalPermission "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/internal_permission/v2beta"

// Logic
zOrgOwner, zOrgOwnerErr := z.InternalPermissionServiceV2Beta().ListAdministrators(request.Context(), &internalPermission.ListAdministratorsRequest{
    Pagination: &filter.PaginationRequest{
        Limit: 1,
    },
    Filters: []*internalPermission.AdministratorSearchFilter{
        {
            Filter: &internalPermission.AdministratorSearchFilter_And{
                And: &internalPermission.AndFilter{
                    Queries: []*internalPermission.AdministratorSearchFilter{
                        {
                            Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                                UserOrganizationId: &filter.IDFilter{
                                    Id: orgId,
                                },
                            },
                        },
                        {
                            Filter: &internalPermission.AdministratorSearchFilter_Role{
                                Role: &internalPermission.RoleFilter{
                                    RoleKey: "ORG_OWNER",
                                },
                            },
                        },
                    },
                },
            },
        },
    },
})
// Imports

filter "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/filter/v2beta"
internalPermission "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/internal_permission/v2beta"

// Logic
zOrgOwner, zOrgOwnerErr := z.InternalPermissionServiceV2Beta().ListAdministrators(request.Context(), &internalPermission.ListAdministratorsRequest{
    Pagination: &filter.PaginationRequest{
        Limit: 1,
    },
    Filters: []*internalPermission.AdministratorSearchFilter{
        {
            Filter: &internalPermission.AdministratorSearchFilter_And{
                And: &internalPermission.AndFilter{
                    Queries: []*internalPermission.AdministratorSearchFilter{
                        {
                            Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                                UserOrganizationId: &filter.IDFilter{
                                    Id: orgId,
                                },
                            },
                        },
                        {
                            Filter: &internalPermission.AdministratorSearchFilter_Role{
                                Role: &internalPermission.RoleFilter{
                                    RoleKey: "ORG_OWNER",
                                },
                            },
                        },
                    },
                },
            },
        },
    },
})
When I omit the AdministratorSearchFilter_Role I get the result and I can print the returned user's roles which I get: [ORG_OWNER] When I use the rolekey filter struct, I get the reported error above.
8 Replies
Ask Inkeep
Ask Inkeepā€¢2mo ago
Hi @Joebeurg, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer The documentation for the InternalPermissionService ListAdministrators endpoint shows that filtering by role is supported via a filter object using a "role" key with a "roleKey" string value (1) . Example JSON for a filter: 
{
  "role": {
    "roleKey": "string"
  }
}
{
  "role": {
    "roleKey": "string"
  }
}
However, the documentation does not provide a Go SDK example or details on how the Go struct for RoleFilter should be constructed, nor does it clarify accepted values for "roleKey" or the exact error scenario you describe . If omitting the RoleKey filter works but adding it produces an "InvalidArgument" error, possible issues may include: - The "roleKey" value must match exactly as defined in your ZITADEL instance. - The filter construction in Go must match the expected protobuf structure; any deviation (e.g., unset or nil fields) could cause an invalid request. The official documentation does not provide a direct Go code example for this scenario, so I cannot confirm the correct struct usage or value format from the sources . ā€‹ To learn more, see the sources I considered: [1] ListAdministrators ā€‹ Feel free to tag @Ask Inkeep with additional questions. Got it. Tagging @Rajat for additional help.
Joebeurg
JoebeurgOPā€¢2mo ago
@Rajat the rolekey value for Org Owner found here: https://zitadel.com/docs/guides/manage/console/managers#:~:text=own%20Login%20UI.-,Org%20Owner,-ORG_OWNER
ZITADEL Docs
To configure managers in ZITADEL go to the resource where you like to add it (e.g Instance, Organization, Project, GrantedProject).
Joebeurg
JoebeurgOPā€¢2mo ago
Also same error without using the AND query: 
zOrgOwner, zOrgOwnerErr := z.InternalPermissionServiceV2Beta().ListAdministrators(request.Context(), &internalPermission.ListAdministratorsRequest{
    Pagination: &filter.PaginationRequest{
        Limit: 1,
    },
    Filters: []*internalPermission.AdministratorSearchFilter{
        {
            Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                UserOrganizationId: &filter.IDFilter{
                    Id: orgId,
                },
            },
        },
        {
            Filter: &internalPermission.AdministratorSearchFilter_Role{
                Role: &internalPermission.RoleFilter{
                    RoleKey: "ORG_OWNER",
                },
            },
        },
    },
})
zOrgOwner, zOrgOwnerErr := z.InternalPermissionServiceV2Beta().ListAdministrators(request.Context(), &internalPermission.ListAdministratorsRequest{
    Pagination: &filter.PaginationRequest{
        Limit: 1,
    },
    Filters: []*internalPermission.AdministratorSearchFilter{
        {
            Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                UserOrganizationId: &filter.IDFilter{
                    Id: orgId,
                },
            },
        },
        {
            Filter: &internalPermission.AdministratorSearchFilter_Role{
                Role: &internalPermission.RoleFilter{
                    RoleKey: "ORG_OWNER",
                },
            },
        },
    },
})
Rajat
Rajatā€¢2mo ago
hey @Joebeurg good morning šŸ™‚ you did nothing wrong but based on the error List.Query.Invalid that means that the uesry you are sending is being rejected due to various reasons, maybe the parser is buggy, I will check it with my team internally.
Joebeurg
JoebeurgOPā€¢2mo ago
Thanks āœ‹šŸ» Hi @Rajat do you have any update on this one?
Rajat
Rajatā€¢2mo ago
hey @Joebeurg what version are you on?. Are you self hosted?. I can get back to you in few hours later afternoon today hey @Joebeurg can you pls provide the full code, I think I am having a bit of trouble reproducing it.
Joebeurg
JoebeurgOPā€¢2mo ago
Go SDK version: github.com/zitadel/zitadel-go/v3 v3.13.0 Self hosted It's basically just the logic inside a function that returns the org owner as I provided in the post description. It only works if not using the RoleKey filter otherwise it throws the error
Rajat
Rajatā€¢4w ago
hey @Joebeurg can you pls try this query 
zOrgOwner, zOrgOwnerErr := client.InternalPermissionServiceV2Beta().ListAdministrators(
    request.Context(),
    &internalPermission.ListAdministratorsRequest{
        Pagination: &filter.PaginationRequest{
            Limit: 100,
            Asc:   true,
        },
        Filters: []*internalPermission.AdministratorSearchFilter{
            {
                Filter: &internalPermission.AdministratorSearchFilter_And{
                    And: &internalPermission.AndFilter{
                        Queries: []*internalPermission.AdministratorSearchFilter{
                            {
                                Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                                    UserOrganizationId: &filter.IDFilter{
                                        Id: orgId,
                                    },
                                },
                            },
                            {
                                Filter: &internalPermission.AdministratorSearchFilter_Role{
                                    Role: &internalPermission.RoleFilter{
                                        RoleKey: "ORG_OWNER",
                                    },
                                },
                            },
                        },
                    },
                },
            },
        },
    },
)
zOrgOwner, zOrgOwnerErr := client.InternalPermissionServiceV2Beta().ListAdministrators(
    request.Context(),
    &internalPermission.ListAdministratorsRequest{
        Pagination: &filter.PaginationRequest{
            Limit: 100,
            Asc:   true,
        },
        Filters: []*internalPermission.AdministratorSearchFilter{
            {
                Filter: &internalPermission.AdministratorSearchFilter_And{
                    And: &internalPermission.AndFilter{
                        Queries: []*internalPermission.AdministratorSearchFilter{
                            {
                                Filter: &internalPermission.AdministratorSearchFilter_UserOrganizationId{
                                    UserOrganizationId: &filter.IDFilter{
                                        Id: orgId,
                                    },
                                },
                            },
                            {
                                Filter: &internalPermission.AdministratorSearchFilter_Role{
                                    Role: &internalPermission.RoleFilter{
                                        RoleKey: "ORG_OWNER",
                                    },
                                },
                            },
                        },
                    },
                },
            },
        },
    },
)

Did you find this page helpful?