Summary

As with most software systems, LogScale has security features and a system for the management of user accounts. To simplify this, user accounts may by categorized into groups. You would first create a group with the addGroup() GraphQL mutation. Afterwards, you can assign users and permissions to the group.

API Stability Long-Term
Security Requirement & Control ManageUsers API permission

Syntax

graphql
addGroup(
      displayName: string!,
      lookupName: string
    ): AddGroupMutation!

You'll have to give a display name for the group you're adding. You may also give a look-up name. That's all that's required. It's a pretty straightforward mutation. To add users, permissions, and roles, you'll have to use other mutations, afterwards.

For the results, although there will be many values for the group, since it will be a new group, the only meaningful result will probably be the unique identifier assigned to the group. You'll need that for other mutations to build the substance of the group. See the Returned Values section a little farther down this page.

Example

Raw
graphql
mutation{
  addGroup(displayName: "chiefs") { 
    group {
      id
    }
  }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation{ ^
  addGroup(displayName: \"chiefs\") {  ^
    group { ^
      id ^
    } ^
  } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation{
  addGroup(displayName: \"chiefs\") { 
    group {
      id
    }
  }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "addGroup": {
      "group": {
        "id": "abc123"
      }
    }
  }
}

Input Parameters

At a minimum, you'll have to provide a display name for the group you want to add. You may also give a look-up name. The table below lists and describes these parameters:

Table: Input Parameters & Datatypes

Parameter Type Required Default Description
This table contains all input parameters for this mutation.
displayName string yes   The display name of the group.
lookupName string     A look-up name for the group.

Returned Values

For the returned values, you can request information on users (see second table below), such as how many, a list of them, and which assets they can access. You can also get a list of roles and what they entail. Since this is a new group, you'll probably want to specify group, with the sub-choice (see second table below), id so you can get the group's identifier to use with other mutations and queries.

Table: AddGroupMutation Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Aug 19, 2025
groupGroupyes Long-TermThe group to add. See Group.

The datatype above uses another datatype for getting group information. For your convenience, the table for that sub-datatype is included here. You'll notice that some values are derived from more complex methods. There's plenty that may be returned with this datatype.

Table: Group Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 11, 2025
allowedAssetActionsBySource(assetId: string, assetType: AssetPermissionsAssetType, searchDomainId: string): GroupAssetActionsBySourcemultipleyes PreviewGet allowed asset actions for the group on a specific asset and explain how it has gotten this access. See AssetPermissionsAssetType GroupAssetActionsBySource.
defaultQueryPrefixstring  Long-TermThe default prefix for queries.
defaultRoleRole  Long-TermThe default role associated with the group. See Role.
defaultSearchDomainCountintegeryes Long-TermThe default search domain count.
displayNamestringyes Long-TermThe display name of the group.
idstringyes Long-TermThe identifier of the group.
lookupNamestring  Long-TermThe look-up name for the group.
organizationRoles[GroupOrganizationRole]yes Long-TermThe roles of the organization associated with the group. See GroupOrganizationRole.
permissionTypePermissionType  Long-TermIndicates which level of permissions the group contains. See PermissionType .
queryPrefixes(onlyIncludeRestrictiveQueryPrefixes: boolean, onlyForRoleWithId: string): [QueryPrefixes]multiple  Long-TermThe query prefixes for the group. See QueryPrefixes.
roles[SearchDomainRole]yes Long-TermThe roles for the group See SearchDomainRole.
searchAssetPermissions(searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction], includeUnassignedAssets: boolean): AssetPermissionSearchResultSetmultipleyes Short-TermSearch for asset permissions for the group. This is a preview and subject to change. See AssetPermissionsAssetType AssetAction, and AssetPermissionSearchResultSet.
searchDomainCountintegeryes Long-TermThe number of search domains for the group.
searchDomainRoles(searchDomainId: string): [SearchDomainRole]multipleyes Long-TermThe search domain roles assigned to the group. See SearchDomainRole.
searchDomainRolesByName(searchDomainName: string): SearchDomainRolemultipleyes Deprecated

The search domain roles assigned to the group, by name. See SearchDomainRole. When multiple roles per view is enabled, this field will return only the first of possibly multiple roles matching the name for the view.

Use roles, searchDomainRoles, or searchDomainRolesBySearchDomainName fields instead. This field will be removed at the earliest in version 1.195.

searchDomainRolesBySearchDomainName(searchDomainName: string): [SearchDomainRole]multipleyes Long-TermThe domain roles by search domain name. See SearchDomainRole.
searchUsers(searchFilter: string, skip: integer, limit: integer, sortBy: OrderByUserField, orderBy: OrderBy): UserResultSetTypemultiple  Long-TermUsed to search the list of users in the group. See OrderByUserField , OrderBy , UserResultSetType.
systemRoles[GroupSystemRole]yes Long-TermThe system roles of the group. See GroupSystemRole.
userCountintegeryes Long-TermThe number of users that are part of the group.
users[User]yes Long-TermThe list of users in the group. See User.