unassignOrganizationManagementRoleFromGroup()

Summary

The unassignOrganizationManagementRoleFromGroup() GraphQL mutation may be used to remove an organization management role assigned to a group for the provided organizations.

To assign a role to a group, use the assignOrganizationManagementRoleToGroup() mutation. Related to these two mutations are a few others: assignRoleToGroup() and unassignRoleFromGroup() to assign and unassign a role for a group; assignOrganizationRoleToGroup() and unassignOrganizationRoleFromGroup() to assign and unassign organization roles; and assignSystemRoleToGroup() and unassignSystemRoleFromGroup() to assign and unassign system roles.

Hide Query Example

Show Management Permissions Query

To get a list of organization management permissions and group roles, it may be useful to execute the roles() query like this:

graphql

query {
    roles
       { totalResults,
         results {id, displayName, 
                  organizationManagementPermissions,
                  groups { organizationRoles { role } } }
    }
}

For more information on roles in LogScale, see the Manage Users and Permissions documentation page. You may also want to look at the Manage Users and Permissions page for related information.

API Stability Preview

Syntax

graphql

unassignOrganizationManagementRoleFromGroup(
      input: UnassignOrganizationManagementRoleFromGroupInput!
   ): UnassignOrganizationManagementRoleFromGroup!

For the input, you'll have to give the unique identifiers for the role, the group, and the organizations — the role you want to unassign from which group from which organizations. Click on the Show Query link above for an example of how to get these. See the Input Parameters section for details.

For the results, you can get a list of users, which assets they can access, a list of organization roles, etc. See the Returned Values section for more.

Example

Raw

graphql

mutation {
  unassignOrganizationManagementRoleFromGroup(input:
     { groupId: "abc123",
       roleId: "def456",
       organizationIds:[ "SINGLE_ORGANIZATION_ID" ]
     } 
  )
  { group { displayName } }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  unassignOrganizationManagementRoleFromGroup(input:
     { groupId: \"abc123\",
       roleId: \"def456\",
       organizationIds:[ \"SINGLE_ORGANIZATION_ID\" ]
     } 
  )
  { group { displayName } }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  unassignOrganizationManagementRoleFromGroup(input:
     { groupId: \"abc123\",
       roleId: \"def456\",
       organizationIds:[ \"SINGLE_ORGANIZATION_ID\" ]
     } 
  )
  { group { displayName } }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  unassignOrganizationManagementRoleFromGroup(input: ^
     { groupId: \"abc123\", ^
       roleId: \"def456\", ^
       organizationIds:[ \"SINGLE_ORGANIZATION_ID\" ] ^
     }  ^
  ) ^
  { group { displayName } } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  unassignOrganizationManagementRoleFromGroup(input:
     { groupId: \"abc123\",
       roleId: \"def456\",
       organizationIds:[ \"SINGLE_ORGANIZATION_ID\" ]
     } 
  )
  { group { displayName } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  unassignOrganizationManagementRoleFromGroup(input:
     { groupId: \"abc123\",
       roleId: \"def456\",
       organizationIds:[ \"SINGLE_ORGANIZATION_ID\" ]
     } 
  )
  { group { displayName } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  unassignOrganizationManagementRoleFromGroup(input:
     { groupId: \"abc123\",
       roleId: \"def456\",
       organizationIds:[ \"SINGLE_ORGANIZATION_ID\" ]
     } 
  )
  { group { displayName } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  unassignOrganizationManagementRoleFromGroup(input:
     { groupId: \"abc123\",
       roleId: \"def456\",
       organizationIds:[ \"SINGLE_ORGANIZATION_ID\" ]
     } 
  )
  { group { displayName } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "unassignOrganizationManagementRoleFromGroup": {
      "group": {
        "displayName": "sales"
      }
    }
  }
}

Input Parameters

For the input, you'll need to provide the unique identifiers for the role, the group, and the organizations — the role you want to unassign from which group from which organizations. Click on the Show Query link above the Syntax section for an example of how to get these identifiers.

Table: UnassignOrganizationManagementRoleFromGroupInput Input Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 23, 2024
groupId	string	yes	`Preview`	The unique identifier for the group.
organizationIds	[string]	yes	`Preview`	The unique identifiers for the organization.
roleId	string	yes	`Preview`	The unique identifier for the role.

Returned Values

For the results, you can get information on the group, such as how many users, a list of them, and which assets they can access. You can also get a list of organization roles using organizationRoles.

Table: UnassignOrganizationManagementRoleFromGroup Datatype

Parameter	Type	Required	Stability	Description
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Feb 18, 2025
group	Group	yes	`Preview`	The group for which the organization management role was unassigned. See Group.

Versions of this Page

GraphQL Mutations

GraphQL API

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes