PUT Identity/RemoveGroupMembers
Removes a member from a group in an identity provider. Even though the user or group is removed from the local group, Trust Protection Platform retains the identities.
Requirements
- Permissions: The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
- Token scope: Configuration:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Group |
The Identity Entry object of the local, AD, or LDAP group. Specify PrefixedName or PrefixedUniversal values. |
Members |
An array of user or group identities that are currently in the Group. At least one valid identity is required. To get this information, call POST Identity/GetMembers or use the UI. If the member identity is an owner, it is removed from both owners and members. The syntax varies based on the identity provider. For more information, see Identity Information:
|
ShowMembers |
(Optional) List or omit owners and members from the response:
|
Returns
The response depends on the ShowMembers setting. If ShowMembers is false, this method returns only a HTTP 200 message. Otherwise, Identity/RemoveGroupMembers returns a HTTP 200 message and the following data.
Name |
Description |
---|---|
InvalidMembers |
Appears only if there are invalid members. An array of Identity Entry objects. If a local member is invalid, the FullName value is omitted. |
Members |
An array of all group members. Each member has Identity Entry object. |
Message |
If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.
|
Example: Remove members of a local identity group
In this example, Apache Group4 has identities for people and group1.
Request
PUT https://tpp.venafi.example/vedsdk/Identity/RemoveGroupMembers Authorization:Bearer 4MyGeneratedBearerTknz== { "Group":{ "PrefixedName":"local:Apache Group4" }, "Members":[ { "PrefixedName":"local:testuser3", "PrefixedUniversal":"local:02c6515f-69f0-4ccd-870b-9db436798221" }, { "PrefixedUniversal":"AD+venqa:c0737e55e7bcc340aa426bfe2e639362" }, { "PrefixedName":"AD:NonExistent-AD-User" } ], "ShowMembers":true }
Response
HTTP/1.1 200 OK { "InvalidMembers": [ { "Name": "NonExistent-AD-User", "Prefix": "AD", "PrefixedName": "AD:NonExistent-AD-User", "PrefixedUniversal": "AD:" } ], "Members": [ { "FullName": "CN=bob,CN=Users,DC=venqa,DC=venafi,DC=com", "Name": "bob", "Prefix": "AD+venqa", "PrefixedName": "AD+venqa:bob", "PrefixedUniversal": "AD+venqa:77338c27877bd0418c62176f256abd4d", "Type": 1, "Universal": "77338c27877bd0418c62176f256abd4d" }, { "FullName": "CN=group1,OU=Groups,DC=venqa,DC=venafi,DC=com", "IsGroup": true, "Name": "group1", "Prefix": "AD+venqa", "PrefixedName": "AD+venqa:group1", "PrefixedUniversal": "AD+venqa:30ea418420122f4c84d2490b991e1294", "Type": 2, "Universal": "30ea418420122f4c84d2490b991e1294" } ] }