Optional
delete?: undefinedOptional
get?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedMVP limitations:
- For users with more than one linked identity, ability to specify
which identity becomes the admin will be added later.
- Non-default policies can not be specified. They can be adjusted using the
Globus web app.
Create a new group with the given name. The effective identity (typically
the user's primary identity) of the Auth token used for the call will be
added to the group as an administrator. The group will be created with
default polices that:
* Allow membership requests only to be approved by admins and managers
* Allow subgroups to be created only by admins
* Allow the group to be visible only to members
* Allow member names to be visible only to managers and admins
* Allow invititations to be sent by managers and admins
* Disallow requests to join
Groups can only be created by users with 1000 or fewer active memberships.
Optional
put?: undefinedOptional
trace?: undefinedDelete a group
Optional
requestBody?: undefinedGet Group
Get details and members of a group by group id.
If `memberships` or `my_memberships` are in the `include` parameter and the
scopes in the provided authorization token allow memberships to be viewed,
the memberships will be returned in the response.
If `allowed_actions` are in the `include` parameter, and the scopes in the
tokens allow managing memberships, an object will be returned detailing which
membership actions each identity in the user's set is allowed to perform.
A group can be viewed if:
- The group policy is that any authenticated user can view it.
- The group is private, and the user has an active/invited/pending membership.
Group memberships can only be viewed by active members. Depending on group policy,
this may be further restricted to only admins and managers. Note that future
versions may relax this restriction for specific cases, such as allowing invited
or pending members to view the membership of the user that invited them.
Optional
cookie?: undefinedOptional
header?: undefinedOptional
query?: { include?: null | string[] }Optional
include?: null | string[]Optional
requestBody?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedPerform actions on members of the group.
This endpoint supports bulk actions on collections of members of the group. Currently the following actions are supported:
- **accept**: Identities in the `accept` list which are in the users identity set
will be accepted into the group. Only `invited` memberships can `accept`.
- **add**: Identities in the `add` list will be added to the group as long
as the identity exists and they have not previously left the group, or indicated
via settings that they can not be added to any group. Adding an identity which
already have an active membership in the group will not modify the membership,
and is an error for informational purposes. All active admins and managers are
permitted to add members to a group. Active admins are also permitted to add
admins and managers to a group. Role is an optional parameter to set the
membership role on addition.
- **approve**: Identities in the `approve` list will be
accepted into the group. Only `pending` memberships can be included in
the `approve` list. All active admins and managers are permitted to approve
pending members to a group.
- **change_role**: Identities in the `change_role` list whose roles in the group are
to be updated. Only admins can change member roles. Only `active` memberships
are eligible for role changes.
- **decline**: Identities in the `decline` list which are in the users identity set
will be rejected from the group. Only `invited` memberships can `decline`.
- **invite**: Identities in the `invite` list will be invited to join the group.
All active admins and managers are permitted to invite members to a group. Members
may also invite other members if the policy allows it. Role is an optional
parameter to set the membership role on invitation.
- **join**: Identities in the `join` list which are in the users identity set
will join the group, if the group policy is to allow users to join. High Assurance
groups cannot use this action.
- **leave**: Identities in the `leave` list which are in the users identity set
will be removed from the group. Only `active` memberships can `leave`. If the
identity is the last remaining `admin` of the group leaving is not allowed,
since this would leave the group in an orphaned state.
- **reject**: Identities in the `reject` list will be
rejected from the group. Only `pending` memberships can be included in
the `reject` list. All active admins and managers are permitted to reject pending
members from a group.
- **remove**: Identities in the `remove` list will be removed from the group.
Admins can remove admins, managers, and members. Managers can remove managers and
members. Regular members cannot remove any members. Only `active` and `invited`
memberships can be removed, and users cannot remove their own memberships.
- **request_join**: Identities in the `request_join` list which are in the users
identity set will be set as pending memberships for the group if the group policy
requires membership approval. Pending memberships must be approved or rejected by
administrators or managers.
The response will include the current state of any membership that was
successfully processed. The response will also include a list of errors
indicating the identity of any requested membership action that failed to
be processed.
Identity IDs must be unique across all actions in the same call. For example,
trying to add and remove the same identity in the same request will cause the
entire request to fail.
Update an existing group
Update the details of a group by group id.
If `allowed_actions` are in the `include` parameter, and the scopes in the
tokens allow managing memberships, an object will be returned detailing which
membership actions each identity in the user's set is allowed to perform.
A group can be updated if:
- The user is an admin.
Group memberships should be updated using the membership endpoint.
Optional
trace?: undefinedOptional
delete?: undefinedGet Children
Optional
cookie?: undefinedOptional
header?: undefinedOptional
query?: { include?: null | string[] }Optional
include?: null | string[]Optional
requestBody?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedOptional
post?: undefinedOptional
put?: undefinedOptional
trace?: undefinedOptional
delete?: undefinedGet the membership fields for your identity set.
Optional
requestBody?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedOptional
post?: undefinedSet the membership fields for your identity set.
Optional
trace?: undefinedOptional
delete?: undefinedGet the policies for the group.
Optional
requestBody?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedOptional
post?: undefinedSet the policies for the group.
Optional
trace?: undefinedOptional
delete?: undefinedOptional
get?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedOptional
post?: undefinedUpdate the subscription_admin_verified_id
Update the subscription_admin_verified_id on a group.
If the group already has a subscription_admin_verified_id associated with it, then
the user must be an admin of the subscription group whose subscription_id
corresponds to the old value.
If the user is setting the subscription_admin_verified_id to a non-null value,
then they must be an admin of the subscription group whose subscription_id
corresponds to the new value.
Group admins can clear the value by using the regular groups update endpoint.
Optional
trace?: undefinedOptional
delete?: undefinedRetrieve your groups and memberships
This endpoint returns, as an array, all groups in which the user and its linked identities is an active member, manager, or admin, by default.
The my_memberships field is included by default.
The optional query parameter, `statuses`, results in the array containing
those memberships with one of the specified status(es). The default value
is `active`.
Optional
cookie?: undefinedOptional
header?: undefinedOptional
path?: undefinedOptional
query?: { statuses?: string[] }Optional
statuses?: string[]Optional
requestBody?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedOptional
post?: undefinedOptional
put?: undefinedOptional
trace?: undefinedOptional
delete?: undefinedGet the status counts of memberships for each group you are an admin or manager of.
Optional
requestBody?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedOptional
post?: undefinedOptional
put?: undefinedOptional
trace?: undefinedOptional
delete?: undefinedGet the preferences for your identity set.
Optional
requestBody?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedOptional
post?: undefinedSet the preferences for your identity set.
Optional
trace?: undefinedOptional
delete?: undefinedGet groups by subscription_id
This endpoint allows users to retrieve limited information about all groups that have the given subscription_id. Currently, the fields returned for each group are:
- **group_id**: The unique UUID for the group
- **subscription_id**: The unique UUID for the subscription; identical to the id
provided in the request
- **subscription_info**: Basic information about the subscription; excludes the
subscription name for privacy purposes
Optional
requestBody?: undefinedOptional
head?: undefinedOptional
options?: undefinedOptional
patch?: undefinedOptional
post?: undefinedOptional
put?: undefinedOptional
trace?: undefined
Create a new group