PUT Teams/(prefix)/{universal}

Updates team properties such as assets, owners, and members.

Requirements

  • Permissions:  The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
  • Token scope:  Configuration:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

This method requires at least one property in the JSON body.

Input parameters

Name

Description

(prefix)

In the request URL, specify the word local. To get {prefix} and {universal} information, call POST Identity/Browse.

{universal}

In the request URL, specify the Universal Unique Identifier (UUID) of the team. The format of the UUID, including the absence or presence of curly braces, depends on the settings from the identity provider.
Assets

(Optional) An array of existing Policy folders that this team already owns and manages. The assets cannot be owned by another group. A Policy folder can only be managed by one group.

Description

(Optional) The purpose of the team.

Members

(Optional) An array of user or group identities to add to the team. At least one valid identity is required. To get this information, call POST Identity/Browseor use the UI.

The syntax varies based on the identity provider. For more information, see Identity Information:

  • AD: Specify a value for PrefixedName or PrefixedUniversal.
  • LDAP: Specify a value for PrefixedName or PrefixedUniversal.
  • Local: Specify values for both a PrefixedName and PrefixedUniversal.

Name

(Optional) Specify a PrefixedName for the local team. For example, PrefixedName:local:Apache Team3.

Owners

An array of users who automatically add as members. At least one valid identity is required.

The syntax varies based on the identity provider. For more information, see Identity Information:

  • AD: Specify a value for PrefixedName or PrefixedUniversal.
  • LDAP: Specify a value for PrefixedName or PrefixedUniversal.
  • Local: Specify values for both a PrefixedName and PrefixedUniversal.

Products

An array of Venafi product names: TLS, SSH, Code Signing.

Returns

Response description

Name

Description

ID

  • FullName:The Distinguished Name (DN) of the identity group.
  • IsGroup: The value is true if this instance is a group, otherwise false.
  • Name: The group name.
  • Prefix: The AD, LDAP or Identity provider. For more information, see Identity Information.
  • PrefixedName: The concatenated Prefix: and Group Name.
  • PrefixedUniversal: The concatenated Prefix: and Universal.
  • Type: The type of identity:
    • 1: User
    • 2: SecurityGroups
    • 8: DistributionGroups

      -OR-

    • [Combo value]. Any combination of identity types that are related to the Filter. For example: SecurityGroupsandDistributionGroups = 10.
  • Universal: The Universal Unique ID (UUID) that identifies a user or group identity. The formatting including curly braces depends on the settings from the identity provider. For example, Universal: {f32b5c37-c2d7-49aa-9ef4-2d38954a8b9b}.

InvalidMembers

Appears only if an individual or group member is missing from the identity tree.

  • Prefix: The identity provider prefix that manages the account or group Name. For more information, see Identity Information.
  • PrefixedName: The concatenated Prefix: and account Name. For more information, see Identity Information.
  • PrefixedUniversal: The concatenated Prefix: and Universal. For more information, see Identity Information.

Invalid Owners

Appears only if an individual or group is not currently a team owner: 

  • Prefix: The identity provider prefix that manages the account or group Name. For more information, see Identity Information.
  • PrefixedName: The concatenated Prefix: and account Name. For more information, see Identity Information.
  • PrefixedUniversal: The concatenated Prefix: and Universal. For more information, see Identity Information.

Message

If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.

  • Either the Owners list is empty or all of its identities are invalid.
  • Failed to add owners.
  • Failed to read the current members of the team: [Identity Error].
  • Failed to read the current owners of the team: [Identity Error].
  • Failed to start Work To Do for team management. Try later.
  • Failed to update team assets: [Identity Error].
  • Failed to update team description: [Identity Error].
  • Failed to update team owners: [Identity Error].
  • Failed to update team products: [Identity Error].
  • The prefix or principal for the team identity is missing.
  • The team identity is not valid or it doesn't exist.

Example: Add team assets

Request for Example

PUT https://tpp.venafi.example/vedsdk/Teams/local/{aecc642b-ded6-4928-a6aa-0143c21f41f1}
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Name":{
      "PrefixedName":"local:Apache Team"
   },
   "Assets":[
      "\\VED\\Policy\\20.1 Standard Workflow Testing"
   ],
   "Products":[
      "CodeSigning",
      "SSH"
   ],
   "Description":"Apache DevOps Teams"
}

Response for Example

HTTP/1.1 200 OK
{
   "ID":{
      "FullName":"\\VED\\Identity\\Apache Team",
      "IsGroup":true,
      "Name":"Apache Team",
      "Prefix":"local",
      "PrefixedName":"local:Apache Team",
      "PrefixedUniversal":"local:{7cfd6da3-8b53-40d0-8922-2eb21507bfbb}",
      "Type":2,
      "Universal":"{7cfd6da3-8b53-40d0-8922-2eb21507bfbb}"
   }
}