Group Assignments

Adding a user to a group

post

Assigns a user to a specified group. The user gains all access controls (scopes) specified for this group.

Groups assigned to employee users must share the same vendor identifier.

The iam.assignment_create_own scope allows a customer to assign a user to a specified group only if the user is assigned to the same company.

Required scopes

This endpoint requires the following scopes:

Authorizations

OAuth2clientCredentialsRequired

Token URL:

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

Body

userIdstringRequired

User unique identifier generated when the user is created. Might be customer ID or Management Dashboard user ID.

userTypestring · enumOptional

Assignment type, possible values: CUSTOMER, EMPLOYEE

Default: EMPLOYEEExample: CUSTOMERPossible values:

Responses

201

The request was successful. The user has been added to the group.

application/json

400

Request was syntactically incorrect.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

404

Given resources cannot be found.

application/json

post

/iam/{tenant}/groups/{groupId}/users

POST /iam/{tenant}/groups/{groupId}/users HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 71

{
  "userId": "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
  "userType": "CUSTOMER"
}

{
  "id": "e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}

Removing all users from a group

delete

Removes all users from a specified group.

Required scopes

This endpoint requires the following scopes:

Authorizations

OAuth2clientCredentialsRequired

Token URL:

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

Responses

204

The request was successful. All users have been deleted from the group.

No content

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

delete

/iam/{tenant}/groups/{groupId}/users

DELETE /iam/{tenant}/groups/{groupId}/users HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

Upserting user assignment to a group

put

Creates user's assignment to a specified group. The user gains all access controls (scopes) specified for this group. In case the assignment already exists, nothing happens as the type of assignment cannot be changed.

Groups assigned to employee users must share the same vendor identifier

Required scopes

This endpoint requires the following scopes:

Authorizations

OAuth2clientCredentialsRequired

Token URL:

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

userTypestringRequired

User type that may be one of: 'CUSTOMER', 'EMPLOYEE'

userIdstringRequired

User unique identifier, generated when the user is created.

Responses

201

The request was successful. The user has been added to the group.

application/json

204

The request was successful. The user assignment already exists and has not been changed.

No content

400

Request was syntactically incorrect.

application/json

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

404

Given resources cannot be found.

application/json

put

/iam/{tenant}/groups/{groupId}/users/{userType}/{userId}

PUT /iam/{tenant}/groups/{groupId}/users/{userType}/{userId} HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

{
  "id": "text"
}

Removing a user from a group

delete

Removes a specified user from a specified group.

The iam.assignment_delete_own scope allows a customer to remove user from a specified group only if the user is assigned to the same company.

Required scopes

This endpoint requires the following scopes:

Authorizations

OAuth2clientCredentialsRequired

Token URL:

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

groupIdstringRequired

Unique identifier of a group, generated when the group is created.

userIdstringRequired

User unique identifier, generated when the user is created.

Responses

204

The request was successful. The user has been removed from the group.

No content

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Scope validation failed, details will be provided in response message

application/json

delete

/iam/{tenant}/groups/{groupId}/users/{userId}

DELETE /iam/{tenant}/groups/{groupId}/users/{userId} HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

Removing a user from all groups

delete

Removes a specified user from all groups.

Required scopes

This endpoint requires the following scopes:

Authorizations

OAuth2clientCredentialsRequired

Token URL:

Path parameters

tenantstring · min: 3 · max: 16Required

Your Emporix tenant name.

Note: The tenant name should always be written in lowercase.

Pattern: ^[a-z][a-z0-9]+$

userIdstringRequired

User unique identifier, generated when the user is created.

Responses

204

The request was successful. The user has been removed from all groups.

No content

401

Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.

application/json

403

Permission denied due to insufficient rights. This may happen when request does not contain sufficient scopes for given query values.

application/json

delete

/iam/{tenant}/users/{userId}/groups

DELETE /iam/{tenant}/users/{userId}/groups HTTP/1.1
Host: api.emporix.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

PreviousAccess Controls NextGroups

Last updated 1 day ago

Was this helpful?

Good evening

hashtagAdding a user to a group

hashtagRemoving all users from a group

hashtagUpserting user assignment to a group

hashtagRemoving a user from a group

hashtagRemoving a user from all groups

Adding a user to a group

Removing all users from a group

Upserting user assignment to a group

Removing a user from a group

Removing a user from all groups