addGroup()

As with most software systems, LogScale has security features and a system for the management of user accounts. To simplify this, user accounts may by categorized into groups. You would first create a group with the addGroup() GraphQL mutation. Afterwards, you can assign users and permissions to the group.

To make changes to a group, use the updateGroup() mutation. However, since a group is merely a shell for a collection of other elements, it only changes the name of the group. You'll have to use other mutations to change its components (e.g., users and roles). To delete a group, use removeGroup().

To get a list of groups, you can use the groupsPage() query. To get details on a group, use group().

For more information on user groups, see the Manage Groups documentation page. To add a group with the user interface, see Create New Groups.

API Stability	`Long-Term`
Security Requirement & Control	`ManageUsers` API permission

Syntax

graphql

addGroup(
      displayName: string!,
      lookupName: string
    ): AddGroupMutation!

You'll have to give a display name for the group you're adding. You may also give a look-up name.

For the results, you can specify any parameters for the group. Since it's a new group, the only meaningful result will probably be the unique identifier assigned to the group. You'll need that for other mutations to build the substance of the group. See the Returned Datatype section a little farther down this page.

Example

Raw

graphql

mutation{
  addGroup(displayName: "chiefs") { 
    group {
      id
    }
  }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation{ ^
  addGroup(displayName: \"chiefs\") {  ^
    group { ^
      id ^
    } ^
  } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "addGroup": {
      "group": {
        "id": "abc123"
      }
    }
  }
}

Given Datatype

There are no special input datatypes used by this mutation. At a minimum, you'll have to provide a display name for the group. You may also give a look-up name. The table below lists and describes these parameters:

Table: Input Using Standard Datatypes

Parameter	Type	Required	Default	Description
displayName	string	yes		The display name of the group.
lookupName	string			A look-up name for the group.

Returned Datatype

For the return datatype, through the sub-datatype (see second table below), you can request information on users, such as how many, a list of them, and which assets they can access. You can also get a list of roles and what they entail. Since this is a new group, the results of most of the parameters will be blank or null. Mostly, you'll want to specify the group parameter, with the sub-parameter, id.

Table: AddGroupMutation

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Aug 19, 2025
group	Group	yes	`Long-Term`	The group to add. See Group.

The datatype above uses another datatype for getting group information. For your convenience, the table for that sub-datatype is included here:

Table: Group

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 11, 2025
allowedAssetActionsBySource(assetId: string, assetType: AssetPermissionsAssetType, searchDomainId: string): GroupAssetActionsBySource	multiple	yes	`Preview`	Get allowed asset actions for the group on a specific asset and explain how it has gotten this access. See AssetPermissionsAssetType GroupAssetActionsBySource.
defaultQueryPrefix	string		`Long-Term`	The default prefix for queries.
defaultRole	Role		`Long-Term`	The default role associated with the group. See Role.
defaultSearchDomainCount	integer	yes	`Long-Term`	The default search domain count.
displayName	string	yes	`Long-Term`	The display name of the group.
id	string	yes	`Long-Term`	The identifier of the group.
lookupName	string		`Long-Term`	The look-up name for the group.
organizationRoles	[GroupOrganizationRole]	yes	`Long-Term`	The roles of the organization associated with the group. See GroupOrganizationRole.
permissionType	PermissionType		`Long-Term`	Indicates which level of permissions the group contains. See PermissionType .
queryPrefixes(onlyIncludeRestrictiveQueryPrefixes: boolean, onlyForRoleWithId: string): [QueryPrefixes]	multiple		`Long-Term`	The query prefixes for the group. See QueryPrefixes.
roles	[SearchDomainRole]	yes	`Long-Term`	The roles for the group See SearchDomainRole.
searchAssetPermissions(searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction], includeUnassignedAssets: boolean): AssetPermissionSearchResultSet	multiple	yes	`Short-Term`	Search for asset permissions for the group. This is a preview and subject to change. See AssetPermissionsAssetType AssetAction, and AssetPermissionSearchResultSet.
searchDomainCount	integer	yes	`Long-Term`	The number of search domains for the group.
searchDomainRoles(searchDomainId: string): [SearchDomainRole]	multiple	yes	`Long-Term`	The search domain roles assigned to the group. See SearchDomainRole.
searchDomainRolesByName(searchDomainName: string): SearchDomainRole	multiple	yes	`Deprecated`	The search domain roles assigned to the group, by name. See SearchDomainRole. When multiple roles per view is enabled, this field will return only the first of possibly multiple roles matching the name for the view. Use roles, searchDomainRoles, or searchDomainRolesBySearchDomainName fields instead. This field will be removed at the earliest in version 1.195.
searchDomainRolesBySearchDomainName(searchDomainName: string): [SearchDomainRole]	multiple	yes	`Long-Term`	The domain roles by search domain name. See SearchDomainRole.
searchUsers(searchFilter: string, skip: integer, limit: integer, sortBy: OrderByUserField, orderBy: OrderBy): UserResultSetType	multiple		`Long-Term`	Used to search the list of users in the group. See OrderByUserField , OrderBy , UserResultSetType.
systemRoles	[GroupSystemRole]	yes	`Long-Term`	The system roles of the group. See GroupSystemRole.
userCount	integer	yes	`Long-Term`	The number of users that are part of the group.
users	[User]	yes	`Long-Term`	The list of users in the group. See User.

Versions of this Page

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes

addGroup()

Syntax

Example

Given Datatype

Returned Datatype

Enter search term