assignOrganizationManagementRoleToGroup()

Summary

The assignOrganizationManagementRoleToGroup() GraphQL mutation field is used to assign an organization management role to a group for the provided organizations. This is a preview and subject to change.

To unassign an organization management role from a group, use the unassignOrganizationManagementRoleFromGroup() mutation. Related to these two mutations are a few others: assignRoleToGroup() and unassignRoleFromGroup() to assign and unassign a role for a group; assignOrganizationRoleToGroup() and unassignOrganizationRoleFromGroup() for general organization roles for a group; and assignSystemRoleToGroup() and unassignSystemRoleFromGroup() to assign and unassign system roles.

Hide Query Example

Show Management Permissions Query

To get a list of organization management permissions and group roles, it may be useful to execute the roles() query like this:

graphql

query {
    roles
       { totalResults,
         results {id, displayName, 
                  organizationManagementPermissions,
                  groups { organizationRoles { role } } }
    }
}

For more information on roles in LogScale, see the Manage Users and Permissions documentation page. You may also want to look at Manage Users and Permissions for related information.

API Stability	`Preview`
Security Requirement & Control	`ManageUsers` API permission

Syntax

graphql

assignOrganizationManagementRoleToGroup(
       input: AssignOrganizationManagementRoleToGroupInput!
    ): AssignOrganizationManagementRoleToGroupMutation!

For the input, you'll need to provide the unique identifer of the group and role to assign, along with a list of organizations you're assigning them. Click on Show Query above to find these identifiers. See the Input Parameters section for details.

For the results, you can get plenty on the roles, including user names and counts, as well as permissions. See the Returned Values section for more.

Example

Raw

graphql

mutation {
  assignOrganizationManagementRoleToGroup(input: 
            {groupId: "abc123", 
             roleId: "def456",
             organizationIds: ["SINGLE_ORGANIZATION_ID"]} )
       { group { role {displayName, organizationPermissions} } }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  assignOrganizationManagementRoleToGroup(input: 
            {groupId: \"abc123\", 
             roleId: \"def456\",
             organizationIds: [\"SINGLE_ORGANIZATION_ID\"]} )
       { group { role {displayName, organizationPermissions} } }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  assignOrganizationManagementRoleToGroup(input: 
            {groupId: \"abc123\", 
             roleId: \"def456\",
             organizationIds: [\"SINGLE_ORGANIZATION_ID\"]} )
       { group { role {displayName, organizationPermissions} } }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  assignOrganizationManagementRoleToGroup(input:  ^
            {groupId: \"abc123\",  ^
             roleId: \"def456\", ^
             organizationIds: [\"SINGLE_ORGANIZATION_ID\"]} ) ^
       { group { role {displayName, organizationPermissions} } } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  assignOrganizationManagementRoleToGroup(input: 
            {groupId: \"abc123\", 
             roleId: \"def456\",
             organizationIds: [\"SINGLE_ORGANIZATION_ID\"]} )
       { group { role {displayName, organizationPermissions} } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  assignOrganizationManagementRoleToGroup(input: 
            {groupId: \"abc123\", 
             roleId: \"def456\",
             organizationIds: [\"SINGLE_ORGANIZATION_ID\"]} )
       { group { role {displayName, organizationPermissions} } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  assignOrganizationManagementRoleToGroup(input: 
            {groupId: \"abc123\", 
             roleId: \"def456\",
             organizationIds: [\"SINGLE_ORGANIZATION_ID\"]} )
       { group { role {displayName, organizationPermissions} } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  assignOrganizationManagementRoleToGroup(input: 
            {groupId: \"abc123\", 
             roleId: \"def456\",
             organizationIds: [\"SINGLE_ORGANIZATION_ID\"]} )
       { group { role {displayName, organizationPermissions} } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "assignOrganizationManagementRoleToGroup": {
      "group": {
      "role": { 
          displayName": "sales",
          organizationPermissions": [
             "MonitorQueries", 
             "BlockQueries"
             ]
        } 
      }
    }
  }
}

Input Parameters

For the input, you'll need to provide the unique identifer of the group and role to assign, along with a list of organizations you're assigning them. Click on the Show Query link above the Syntax section to find these identifiers.

Table: AssignOrganizationManagementRoleToGroupInput Input Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 17, 2024
groupId	string	yes	`Preview`	The unique identifier for the group.
organizationIds	[string]	yes	`Preview`	The unique identifier for the organization.
roleId	string	yes	`Preview`	The unique identifier for the role.

Returned Values

With the returned datatype, through sub-parameters, you can get plenty of information about the roles found in the organization, including user names and counts, as well as permissions and assets. It has one choice, which uses a sub-datatype (see second table below), which itself has only one choice, which uses a core datatype (see third table).

Table: AssignOrganizationManagementRoleToGroupMutation Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: May 26, 2025
group	GroupOrganizationManagementRole	yes	`Long-Term`	The organization role to assign to group. See GroupOrganizationManagementRole.

Table: GroupOrganizationManagementRole Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 25, 2024
role	Role	yes	`Long-Term`	The management role to assign to the organization or group. See Role.

Table: Role Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Aug 21, 2025
color	string		`Deprecated`	The color associated with the role. However, role colors are no longer used. This parameter will be removed at the earliest in version 1.195.
description	string		`Long-Term`	A description of the role.
displayName	string	yes	`Long-Term`	The display name of the role.
groups	[Group]	yes	`Long-Term`	The groups related to the role. See Group.
groupsCount	integer	yes	`Long-Term`	The number of groups related to the role.
groupsV2(search: string, userId: string, searchInRoles: boolean, onlyIncludeGroupsWithRestrictiveQueryPrefix: boolean, limit: integer, skip: integer): GroupResultSetType	multiple	yes	`Long-Term`	The groups related to the role. See GroupResultSetType.
id	string	yes	`Long-Term`	The unique identifier for the role.
organizationManagementPermissions	[OrganizationManagementPermission]	yes	`Long-Term`	The organization management permissions given to the role. See OrganizationManagementPermission.
organizationPermissions	[OrganizationPermission]	yes	`Long-Term`	The organization permissions given to the role. See OrganizationPermission.
readonlyDefaultRole	ReadonlyDefaultRole		`Preview`	The read-only default role. This parameter is a preview and subject to change. See ReadonlyDefaultRole.
systemPermissions	[SystemPermission]	yes	`Long-Term`	The system permissions given to the role. See SystemPermission.
users	[User]	yes	`Long-Term`	A list of users assigned the role. See User.
usersCount	integer	yes	`Long-Term`	The number of users assigned the role.
viewPermissions	[Permission]	yes	`Long-Term`	The view permissions given to the role. See Permission.

Versions of this Page

GraphQL Mutations

GraphQL API

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes