| API Stability |
Long-Term
|
The changeUserAndGroupRolesForSearchDomain() GraphQL mutation field is used to change the user and group roles for a search domain.
For more information on roles in LogScale, see the Manage users & permissions documentation page. You may also want to look at Manage users & permissions for related information.
Syntax
Below is the syntax for the changeUserAndGroupRolesForSearchDomain() mutation field:
changeUserAndGroupRolesForSearchDomain(
searchDomainId: string!
groups: [GroupRoleAssignment!]!
users: [UserRoleAssignment!]!
): [UserOrGroup!]!Below is an example of how this mutation field might be used:
mutation {
changeUserAndGroupRolesForSearchDomain(
searchDomainId: "aK9GKAsTnMXfRxT8Fpecx3fX",
groups: [ {groupId: "Kj3SzghhYxdjz8X6XIxZ2EhaVTrMuSpo",
roleId: "8TKAG5afPxvPcqGJ8De8ccMeJSFiBckE"} ],
users: [ {userId: "DScDf7IpfDeykSYW1B7AU48p",
roleId: "wZ5KEIUY7kRFYDxlQZCHB72VZnFGsmIB"} ] )
{... on Group {displayName, userCount}
... on User {username} }
}Given Datatypes
For GroupRoleAssignment,
there a couple of parameters that may be given. Below is a list of
them along with a description of each:
Table: GroupRoleAssignment
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Sep 18, 2024 | |||||
groupId | string | yes | Long-Term | The unique identifier for the group related to the role. | |
roleId | string | yes | Long-Term | The unique identifier of the role. | |
UserRoleAssignment has
only a couple of parameters. Below is a list of them and a
description of each:
Table: UserRoleAssignment
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Sep 23, 2024 | |||||
userId | string | yes | Long-Term | The unique identifier of the user for which to assign the role. | |
roleId | string | yes | Long-Term | The unique identifier for the role to assign. | |
Returned Datatypes
The returned results are sets of users and groups. This is a union between two other datatypes: Group and User. The parameters for them are listed in the tables below:
Table: Group
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Apr 3, 2025 | |||||
allowedAssetActionsBySource | multiple | yes | Preview | Get allowed asset actions for the group on a specific asset and explain how it has gotten this access The multiple datatype consists of (assetId: string!, assetType: AssetPermissionsAssetType!, searchDomainId: string): GroupAssetActionsBySource!. See AssetPermissionsAssetType GroupAssetActionsBySource. | |
defaultQueryPrefix | string | Long-Term | The default prefix for queries. | ||
defaultRole | role | Long-Term | The default role associated with the group. See role. | ||
defaultSearchDomainCount | integer | yes | Long-Term | The default search domain count. | |
displayName | string | yes | Long-Term | The display name of the group. | |
id | string | yes | Long-Term | The identifier of the group. | |
lookupName | string | Long-Term | The look-up name for the group. | ||
organizationRoles | [GroupOrganizationRole] | yes | Long-Term | The roles of the organization associated with the group. See GroupOrganizationRole. | |
permissionType | PermissionType | Long-Term | Indicates which level of permissions the group contains. See PermissionType. | ||
queryPrefixes | multiple | Long-Term | The query prefixes for the group. The multiple datatype consists of queryPrefixes(onlyIncludeRestrictiveQueryPrefixes: boolean, onlyForRoleWithId: string): [QueryPrefixes]. See queryPrefixes. | ||
roles | [SearchDomainRole] | yes | Long-Term | The roles for the group See SearchDomainRole. | |
searchAssetPermissions | multiple | yes | Preview | Search for asset permissions for the group. This is a preview and subject to change. The datatype consists of (searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction], includeUnassignedAssets: boolean): AssetPermissionSearchResultSet!. See AssetPermissionsAssetType AssetAction, and AssetPermissionSearchResultSet. | |
searchDomainCount | integer | yes | Long-Term | The number of search domains for the group. | |
searchDomainRoles | multiple | yes | Long-Term | The search domain roles assigned to the group. The multiple datatype consists of (searchDomainId: string): [SearchDomainRole]. (seeSearchDomainRole). | |
searchDomainRolesByName | multiple | yes | Deprecated | The search domain roles assigned to the group, by name. The multiple datatype consists of (searchDomainName: string): SearchDomainRole. See SearchDomainRole. When multiple roles per view is enabled, this field will return only the first of possibly multiple roles matching the name for the view. Use roles, searchDomainRoles, or searchDomainRolesBySearchDomainName fields instead. Will be removed at the earliest in version 1.195. | |
searchDomainRolesBySearchDomainName | string | yes | Long-Term | The domain roles by search domain name. The datatype consists of (searchDomainName: string!): [SearchDomainRole!]. See SearchDomainRole. | |
searchUsers | multiple | Long-Term | Used to search the list of users in the group. The datatype consists of (searchFilter: string, skip: integer, limit: integer, sortBy: OrderByUserField, orderBy: OrderBy): UserResultSetType. See OrderByUserField, OrderBy, UserResultSetType. | ||
systemRoles | [GroupSystemRole] | yes | Long-Term | The system roles of the group (see GroupSystemRole Table). | |
userCount | integer | yes | Long-Term | The number of users that are part of the group. | |
users | [User] | yes | Long-Term | The list of users in the group. See User. | |
Table: User
| Parameter | Type | Required | Default | Stability | Description |
|---|---|---|---|---|---|
| Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column. | |||||
| Table last updated: Mar 25, 2025 | |||||
allowedAssetActionsBySource | multiple | yes | Preview | Get allowed asset actions for the user on a specific asset and explain how these actions have been granted. The multiple datatype consists of (assetId: string!, assetType: AssetPermissionsAssetType!, searchDomainId: string): [AssetActionsBySource]!. | |
allowedOrganizationActions | [OrganizationAction] | yes | Long-Term | Returns the actions the user is allowed to perform in the organization. See OrganizationAction. | |
allowedSystemActions | [SystemAction] | yes | Long-Term | Returns the actions the user is allowed to perform in the system. See SystemAction Table. | |
company | string | Long-Term | The name of the company for the user account. | ||
countryCode | string | Long-Term | The two-letter ISO 3166-1 Alpha-2 code for the country of residence (e.g., us). | ||
createdAt | datetime | yes | Long-Term | The data and time the account was created. | |
displayName | string | yes | Long-Term | The value of the fullName if used, otherwise the username. | |
email | string | Long-Term | The user account's email address for communications from LogScale. | ||
firstName | string | Long-Term | The user's actual first name (e.g., Bob). Don't use with fullName. | ||
fullName | string | Long-Term | The user's full name (e.g., Bob Smith). Don't use if using other name parameters. | ||
groups | [group] | yes | Long-Term | The groups of which the user is a member. See group. | |
groupSearchDomainRoles | [GroupSearchDomainRole] | yes | Long-Term | The group search domain roles. See GroupSearchDomainRole. | |
groupsV2 | multiple | Preview | The groups of which the user is a member. This is a preview and subject to change. The multiple datatype consists of (search: string, typeFilter: [PermissionType], limit: integer, skip: integer, searchInRoles: boolean): GroupResultSetType. See | ||
id | string | yes | Long-Term | The identifier or token for the user. | |
isOrgRoot | boolean | yes | Long-Term | Whether the organization is granted root access. | |
isRoot | boolean | yes | Long-Term | Whether the user account is granted root access. | |
lastName | string | Long-Term | The user's actual last name or family name (e.g., Smith). Don't use with fullName. | ||
permissions | multiple | yes | Long-Term | Permissions of the user. The multiple datatype consists of (viewName: string): [UserPermissions]. See UserPermissions. | |
permissionsPage | multiple | yes | Deprecated | A page of user permissions. The multiple datatype consists of (search: string, pageNumber: integer, pageSize: integer): UserPermissionsPage. See UserPermissionsPage. This field is no longer used. It will be removed at the earliest in version 1.208. | |
phoneNumber | string | Long-Term | The telephone number for LogScale to use for telephone text messages. | ||
picture | string | Long-Term | File name of an image file for the account. | ||
searchAssetPermissions | multiple | Preview | Search for asset permissions for the user. This is a preview and subject to change. The multiple datatype consists of (searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction], searchDomainIds: [string], permissions: [AssetAction!]): AssetPermissionSearchResultSet. See | ||
searchDomainRoles | multiple | Long-Term | The search domain roles assigned to the user. The multiple datatype consists of (searchDomainId: string): [SearchDomainRole]. See SearchDomainRole. | ||
searchDomainRolesByName | multiple | yes | Deprecated | The search domain roles for the user, by name. The multiple datatype consists of (searchDomainName: string): SearchDomainRole. See This is deprecated because when multiple roles per view is enabled, this field will return only the first of possibly multiple roles matching the name for the view. Therefore, use instead searchDomainRoles or searchDomainRolesBySearchDomainName. | |
searchDomainRolesBySearchDomainName | multiple | Long-Term | The search domain roles assigned to the user by search domain name. The multiple datatype consists of (searchDomainName: string): [SearchDomainRole]. See SearchDomainRole. | ||
stateCode | string | Long-Term | The two-letter, ISO 3166-2 country sub-division code for the state of residence (e.g., ny). | ||
rolesV2 | multiple | Preview | The roles assigned to the user through a group. This is a preview and subject to change. The multiple datatype consists of (search: string, typeFilter: [PermissionType], limit: integer, skip: integer, searchInGroups: boolean): RolesResultSetType. See | ||
username | string | yes | Long-Term | The user name for the account. | |
userOrGroupSearchDomainRoles | multiple | yes | Long-Term | The user or group search domain roles. The multiple datatype consists of (search: string, skip: integer, limit: integer, totalSearchDomains: integer): UserOrGroupSearchDomainRoleResultSet. See UserOrGroupSearchDomainRoleResultSet. | |