Group Assignments | Documentation Portal

Adding a user to a group

post

Assigns a user to a specified group. The user will gain all access controls (scopes) specified for this group.

Groups assigned to employee users must share the same vendor identifier.

iam.assignment_create_own scope allows customer to assign a user to a specified group only if the user is assigned to the same company.

Required scopes

iam.assignment_manage
iam.assignment_create_own

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

Body

userIdstringRequired

User unique identifier generated when the user is created. Might be customer ID or Management Dashboard user ID.

userTypestring · enumOptional

Assignment type, possible values: CUSTOMER, EMPLOYEE

Default: EMPLOYEEExample: CUSTOMERPossible values:

Responses

201

The request was successful. The user has been added to the group.

application/json

400

Request was syntactically incorrect.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

404

Given resources cannot be found.

application/json

post

POST /iam/{tenant}/groups/{groupId}/users HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 71

{
  "userId": "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
  "userType": "CUSTOMER"
}

{
  "id": "e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}

Removing all users from a group

delete

Removes all users from a specified group.

Required scopes

iam.assignment_manage

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

Responses

204

The request was successful. All users have been deleted from the group.

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

delete

DELETE /iam/{tenant}/groups/{groupId}/users HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

Upserting user assignment to a group

put

Creates user's assignment to a specified group. The user gains all access controls (scopes) specified for this group. In case the assignment already exists, nothing happens as the type of assignment cannot be changed.

Groups assigned to employee users must share the same vendor identifier

Required scopes

iam.assignment_manage

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

userTypestringRequired

User type that may be one of: 'CUSTOMER', 'EMPLOYEE'

userIdstringRequired

User's unique identifier, generated when the user is created.

Responses

201

The request was successful. The user has been added to the group.

application/json

204

The request was successful. The user assignment already exists and has not been changed.

400

Request was syntactically incorrect.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

404

Given resources cannot be found.

application/json

put

PUT /iam/{tenant}/groups/{groupId}/users/{userType}/{userId} HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

{
  "id": "text"
}

Removing a user from a group

delete

Removes a specified user from a specified group.

iam.assignment_delete_own scope allows customer to remove user from a specified group only if the user is assigned to the same company.

Required scopes

iam.assignment_manage
iam.assignment_delete_own

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

userIdstringRequired

User's unique identifier, generated when the user is created.

Responses

204

The request was successful. The user has been removed from the group.

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

delete

DELETE /iam/{tenant}/groups/{groupId}/users/{userId} HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

Removing a user from all groups

delete

Removes a specified user from all groups.

Required scopes

iam.assignment_manage

Authorizations

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant's name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

userIdstringRequired

User's unique identifier, generated when the user is created.

Responses

204

The request was successful. The user has been removed from all groups.

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Permission denied due to insufficient rights. This may happen when request does not contain sufficient scopes for given query values.

application/json

delete

DELETE /iam/{tenant}/users/{userId}/groups HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content