assignRoleToGroup()

Summary

The assignRoleToGroup() GraphQL mutation assigns a role to a group for a given view.

To unassign a role from a group, use the unassignRoleFromGroup() mutation. Related to these two mutations are a few others: assignOrganizationRoleToGroup() and unassignOrganizationRoleFromGroup() to assign and unassign organization roles for a group; assignOrganizationManagementRoleToGroup() and unassignOrganizationManagementRoleFromGroup() for organization management roles; and assignSystemRoleToGroup() and unassignSystemRoleFromGroup() to assign and unassign system roles.

Hide Query Example

Show Group Roles Query

To get a list of group roles, you could execute the group() query like this:

graphql

query {
     group( groupId: "def456" ) 
       { roles 
         { role { id, displayName, 
                  systemPermissions,
                  users { username } }
         }
     }
}

The query above will return a list of roles for the group, the system permissions of each, and the usernames of those who are part of the group.

For more information on roles in LogScale, see the Manage Users and Permissions documentation page. To assign roles to a group with the user interface instead of GraphQL, see Assign Roles to Groups.

API Stability	`Long-Term`
Security Requirement & Control	`ManageUsers` API permission

Syntax

graphql

assignRoleToGroup(
      input: AssignRoleToGroupInput!
   ): AssignRoleToGroupMutation!

For the input, you'll have to give the unique identifiers for the view, the role, and the group. Click on Show Query above to find these identifiers. See the Input Parameters section for details.

For the results, you can get plenty on the roles, including user names and permissions. See the Returned Values section for more.

Example

Raw

graphql

mutation {
  assignRoleToGroup(input: 
          { viewId: "abc123",
            groupId: "def456", 
            roleId: "ghi789"} )
     { group { role {id, displayName, viewPermissions} } }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  assignRoleToGroup(input: 
          { viewId: \"abc123\",
            groupId: \"def456\", 
            roleId: \"ghi789\"} )
     { group { role {id, displayName, viewPermissions} } }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  assignRoleToGroup(input: 
          { viewId: \"abc123\",
            groupId: \"def456\", 
            roleId: \"ghi789\"} )
     { group { role {id, displayName, viewPermissions} } }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  assignRoleToGroup(input:  ^
          { viewId: \"abc123\", ^
            groupId: \"def456\",  ^
            roleId: \"ghi789\"} ) ^
     { group { role {id, displayName, viewPermissions} } } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  assignRoleToGroup(input: 
          { viewId: \"abc123\",
            groupId: \"def456\", 
            roleId: \"ghi789\"} )
     { group { role {id, displayName, viewPermissions} } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  assignRoleToGroup(input: 
          { viewId: \"abc123\",
            groupId: \"def456\", 
            roleId: \"ghi789\"} )
     { group { role {id, displayName, viewPermissions} } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  assignRoleToGroup(input: 
          { viewId: \"abc123\",
            groupId: \"def456\", 
            roleId: \"ghi789\"} )
     { group { role {id, displayName, viewPermissions} } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  assignRoleToGroup(input: 
          { viewId: \"abc123\",
            groupId: \"def456\", 
            roleId: \"ghi789\"} )
     { group { role {id, displayName, viewPermissions} } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "assignRoleToGroup": {
      "group": {
        "role": {
          "id": "ghi789",
          "displayName": "Member",
          "viewPermissions": [
            "ChangeDashboards",
            "ChangeSavedQueries",
            "ChangeTriggers",
            "ChangeFiles",
            "ChangeParsers",
            "ReadAccess"
          ]
        }
      }
    }
  }
}

Input Parameters

For the given datatype, you'll need to provide the unique identifiers for the view, the role, and the group — the role you want to assign to which group, relative to the view. Click on the Show Query link above the Syntax section to find these identifiers.

Table: AssignRoleToGroupInput Input Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 17, 2024
groupId	string	yes	`Long-Term`	The unique identifier of the group being assigned.
overrideExistingAssignmentsForView	boolean		`Long-Term`	Whether to override any existing assignments for a view.
roleId	string	yes	`Long-Term`	The unique identifier of the role being assigned.
viewId	string	yes	`Long-Term`	The unique identifier of the view.

Returned Values

For the results, you can get plenty of information about the roles found in the organization, including user names and counts, as well as permissions and assets.

Table: AssignRoleToGroupMutation Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 23, 2024
group	SearchDomainRole	yes	`Long-Term`	The group for which to assign role. See SearchDomainRole.

The datatype above uses the datatype choosing between role and search domain information. For your convenience, the table for that sub-datatype is included here:

Table: SearchDomainRole Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 3, 2024
role	Role	yes	`Long-Term`	The relevant role for the search domain. See Role.
searchDomain	SearchDomain	yes	`Long-Term`	The relevant search domain. See SearchDomain.

Versions of this Page

GraphQL Mutations

GraphQL API

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes