PUT Teams/DemoteTeamOwners
Removes an identity's ownership from a team. Regarding team owners:
- The owner identity can be a user or group.
- Even if you demote an owner, the person or group remains a member of the team.
- If you want to remove an identity's ownership and membership, call PUT Team/RemoveTeamMembers.
- Even though you change ownership, Trust Protection Platform retains the identities.
Requirements
- Permissions: The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
- Token scope: Configuration:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Teams |
A PrefixedName for the new local team. For example, PrefixedName:local:Apache Team3. |
Owners |
(Optional) An array of at least one owner identity is required. The syntax varies based on the identity provider. For more information, see Identity Information:
|
ShowMembers |
(Optional) List or omit owners and members from the response:
|
Returns
The response depends on the ShowMembers setting. If ShowMembers is false, this method returns only a HTTP 200 message. Otherwise, Teams/RemoveTeamsMembers returns a HTTP 200 message and the following data.
Name |
Description |
---|---|
InvalidOwners |
Appears only if the identity is invalid or not presently an owner. An array of Identity Entry objects. If a local member is invalid, the FullName value is omitted. |
Owners |
An array of remaining team owners. Each owner has Identity Entry object. If no owners remain this parameter is omitted. |
Members |
An array of all team members. Each member has Identity Entry object. |
Message |
If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.
|
Example: Remove a team owner
Prior to this request, Approver1 and Master1 (not listed) were team owners. The response shows that Master1 is now the only owner. Approver1 is now just a team member.
Request for Example
PUT https://tpp.venafi.example/vedsdk/Teams/DemoteTeamOwners Authorization:Bearer 4MyGeneratedBearerTknz== { "Team":{ "PrefixedName":"local:Apache Team" }, "Owners":[ { "PrefixedName":"local:Approver1", "PrefixedUniversal":"local:{cfea3b51-9c3e-4f89-93b3-1d4792420562}" } ], "ShowMembers":true }
Response for Example
{ "Members":[ { "FullName":"\\VED\\Identity\\Approver1", "Name":"Approver1", "Prefix":"local", "PrefixedName":"local:Approver1", "PrefixedUniversal":"local:{cfea3b51-9c3e-4f89-93b3-1d4792420562}", "Type":1, "Universal":"{cfea3b51-9c3e-4f89-93b3-1d4792420562}" } ], "Owners":[ { "FullName":"\\VED\\Identity\\Master1", "Name":"Master1", "Prefix":"local", "PrefixedName":"local:Master1", "PrefixedUniversal":"local:{dacb0fad-8014-4b7d-960c-da579e221f5b}", "Type":1, "Universal":"{dacb0fad-8014-4b7d-960c-da579e221f5b}" } ] }