assignOrganizationRoleToGroup()

Security Requirements and Controls

Manage users API permission

API Stability Long-Term

The assignOrganizationRoleToGroup() GraphQL mutation field is used to assign an organization role to a group.

To unassign an organization role from a group, use the unassignOrganizationRoleFromGroup() mutation. Related to these two mutations are a few others: assignRoleToGroup() and unassignRoleFromGroup() to assign and unassign a role for a group; assignOrganizationManagementRoleToGroup() and unassignOrganizationManagementRoleFromGroup() for organization management roles; and assignSystemRoleToGroup() and unassignSystemRoleFromGroup() to assign and unassign system roles.

Hide Query Example

Show Organization Permissions Query

To get lists of group roles and organization permissions, you could use the organization() query like this:

graphql

query {
      organization { 
        searchDomains{ groups { 
          organizationRoles { 
             role { id, displayName, organizationPermissions } } 
         }
      }
  }
}

For more information on roles in LogScale, see the Manage Users and Permissions documentation page. You may also want to look at Manage Users and Permissions for related information.

Syntax

graphql

assignOrganizationRoleToGroup(
       input: AssignOrganizationRoleToGroupInput!
    ): AssignOrganizationRoleToGroupMutation!

Example

Below is an example of how this mutation field might be used:

Raw

graphql

mutation {
  assignOrganizationRoleToGroup(input: 
            {groupId: "0dVscp645a6lCbe1WuJxjPbRRF5uBMD5", 
             roleId: "wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB"} )
       { group { role {id, displayName, organizationPermissions} } }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  assignOrganizationRoleToGroup(input: 
            {groupId: \"0dVscp645a6lCbe1WuJxjPbRRF5uBMD5\", 
             roleId: \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\"} )
       { group { role {id, displayName, organizationPermissions} } }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  assignOrganizationRoleToGroup(input: 
            {groupId: \"0dVscp645a6lCbe1WuJxjPbRRF5uBMD5\", 
             roleId: \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\"} )
       { group { role {id, displayName, organizationPermissions} } }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  assignOrganizationRoleToGroup(input:  ^
            {groupId: \"0dVscp645a6lCbe1WuJxjPbRRF5uBMD5\",  ^
             roleId: \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\"} ) ^
       { group { role {id, displayName, organizationPermissions} } } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  assignOrganizationRoleToGroup(input: 
            {groupId: \"0dVscp645a6lCbe1WuJxjPbRRF5uBMD5\", 
             roleId: \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\"} )
       { group { role {id, displayName, organizationPermissions} } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  assignOrganizationRoleToGroup(input: 
            {groupId: \"0dVscp645a6lCbe1WuJxjPbRRF5uBMD5\", 
             roleId: \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\"} )
       { group { role {id, displayName, organizationPermissions} } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  assignOrganizationRoleToGroup(input: 
            {groupId: \"0dVscp645a6lCbe1WuJxjPbRRF5uBMD5\", 
             roleId: \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\"} )
       { group { role {id, displayName, organizationPermissions} } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  assignOrganizationRoleToGroup(input: 
            {groupId: \"0dVscp645a6lCbe1WuJxjPbRRF5uBMD5\", 
             roleId: \"wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB\"} )
       { group { role {id, displayName, organizationPermissions} } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "assignOrganizationRoleToGroup": {
      "group": {
        "role": {
          "id": "wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB",
          "displayName": "Maintainer",
          "organizationPermissions": [
            "ChangeSecurityPolicies",
            "ManageUsers",
            "ChangeOrganizationPermissions",
            "ChangeSessions",
            "ChangeAllViewOrRepositoryPermissions"
          ]
        }
      }
    }
  }
}

Given Datatype

For the given datatype, you'll need to provide the unique identifer of the group and role to assign. The table below lists provides more details:

Table: AssignOrganizationRoleToGroupInput

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 17, 2024
groupId	[string]	yes	`Long-Term`	The unique identifier of the group.
roleId	string		`Long-Term`	The unique identifier of the role.

Returned Datatype

With the returned datatype, through sub-parameters, you can get plenty of information about the roles found in the organization, including user names and counts, as well as permissions and assets. The table below lists links to these sub-parameters:

Table: AssignOrganizationRoleToGroupMutation

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 23, 2024
group	GroupOrganizationRole	yes	`Long-Term`	The group to which to assign organization role. See GroupOrganizationRole.

Versions of this Page

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes