PUT Teams/DemoteTeamOwners

Removes an identity's ownership from a team. Regarding team owners:

  • The owner identity can be a user or group.
  • Even if you demote an owner, the person or group remains a member of the team.
  • If you want to remove an identity's ownership and membership, call PUT Team/RemoveTeamMembers.
  • Even though you change ownership, Trust Protection Platform retains the identities.

Requirements

  • Permissions:  The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
  • Token scope:  Configuration:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Teams

A PrefixedName for the new local team. For example, PrefixedName:local:Apache Team3.

Owners

(Optional) An array of at least one owner identity is required.

The syntax varies based on the identity provider. For more information, see Identity Information:

  • AD: Specify a value for PrefixedName or PrefixedUniversal.
  • LDAP: Specify a value for PrefixedName or PrefixedUniversal.
  • Local: Specify values for both a PrefixedName and PrefixedUniversal.

ShowMembers

(Optional) List or omit owners and members from the response:

  • true: List the remaining members.
  • false: Default. Omit the members.

Returns

The response depends on the ShowMembers setting. If ShowMembers is false, this method returns only a HTTP 200 message. Otherwise, Teams/RemoveTeamsMembers returns a HTTP 200 message and the following data.

Response description

Name

Description

InvalidOwners

Appears only if the identity is invalid or not presently an owner. An array of Identity Entry objects. If a local member is invalid, the FullName value is omitted.

Owners

An array of remaining team owners. Each owner has Identity Entry object. If no owners remain this parameter is omitted.

Members

An array of all team members. Each member has Identity Entry object.

Message

If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.

  • [Identity Error] All team owners cannot be demoted the team has to have at least one owner.
  • [Identity Error] The Owners list is empty.
  • [Identity Error] The team identity is missing.
  • [Identity Error] The team identity is not valid or it doesn't exist.
  • Either the team identity is not valid or none of the owners were demoted at the team.
  • Failed to read the current owners of the team: [Identity Error]
  • Failed to update owners of the team: [Identity Error]

Example: Remove a team owner

Prior to this request, Approver1 and Master1 (not listed) were team owners. The response shows that Master1 is now the only owner. Approver1 is now just a team member.

Request for Example

PUT https://tpp.venafi.example/vedsdk/Teams/DemoteTeamOwners
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Team":{
      "PrefixedName":"local:Apache Team"
   },
   "Owners":[
      {
         "PrefixedName":"local:Approver1",
         "PrefixedUniversal":"local:{cfea3b51-9c3e-4f89-93b3-1d4792420562}"
      }
   ],
   "ShowMembers":true
}

Response for Example

{
   "Members":[
      {
         "FullName":"\\VED\\Identity\\Approver1",
         "Name":"Approver1",
         "Prefix":"local",
         "PrefixedName":"local:Approver1",
         "PrefixedUniversal":"local:{cfea3b51-9c3e-4f89-93b3-1d4792420562}",
         "Type":1,
         "Universal":"{cfea3b51-9c3e-4f89-93b3-1d4792420562}"
      }
   ],
   "Owners":[
      {
         "FullName":"\\VED\\Identity\\Master1",
         "Name":"Master1",
         "Prefix":"local",
         "PrefixedName":"local:Master1",
         "PrefixedUniversal":"local:{dacb0fad-8014-4b7d-960c-da579e221f5b}",
         "Type":1,
         "Universal":"{dacb0fad-8014-4b7d-960c-da579e221f5b}"
      }
   ]
}