updateDefaultRole()

The updateDefaultRole() GraphQL mutation is used to update the default role for a group in LogScale.

Related to this mutation, there are the mutations createRole(), and removeRole() for creating and removing a role.

For getting information about a given role, there is the role() query. There are also the roles() and rolesPage() queries to get a list of roles.

For more information on roles in LogScale, see the Manage Users and Permissions documentation page. You may also want to look at the Manage Users and Permissions page for related information. In particular, read the section on groups, Manage Groups.

API Stability	`Long-Term`
Security Requirement & Control	`ManageUsers` API permission

Syntax

graphql

updateDefaultRole(
      input: UpdateDefaultRoleInput!
   ): updateDefaultRoleMutation!

For the input, you'll have to give the unique identifier of the group, and the default role. See the Given Datatype section.

For the results, you can get information on the group and roles. See the tables in the Returned Datatype section for details.

Example

Raw

graphql

mutation {
  updateDefaultRole( input: 
    {
      roleId: "abc123",
      groupId: "def456"
    }
  )
  { group { displayName } }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateDefaultRole( input: 
    {
      roleId: \"abc123\",
      groupId: \"def456\"
    }
  )
  { group { displayName } }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateDefaultRole( input: 
    {
      roleId: \"abc123\",
      groupId: \"def456\"
    }
  )
  { group { displayName } }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateDefaultRole( input:  ^
    { ^
      roleId: \"abc123\", ^
      groupId: \"def456\" ^
    } ^
  ) ^
  { group { displayName } } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateDefaultRole( input: 
    {
      roleId: \"abc123\",
      groupId: \"def456\"
    }
  )
  { group { displayName } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  updateDefaultRole( input: 
    {
      roleId: \"abc123\",
      groupId: \"def456\"
    }
  )
  { group { displayName } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateDefaultRole( input: 
    {
      roleId: \"abc123\",
      groupId: \"def456\"
    }
  )
  { group { displayName } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateDefaultRole( input: 
    {
      roleId: \"abc123\",
      groupId: \"def456\"
    }
  )
  { group { displayName } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "updateDefaultRole": {
      "group": {
        "displayName": "sales"
      }
    }
  }
}

Given Datatype

For the input datatype, you'll have to provide the unique identifier of the group, and the default role. These are described below:

Table: UpdateDefaultRoleInput

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 23, 2024
groupId	string	yes	`Long-Term`	The unique identifier of the group.
roleId	string		`Long-Term`	The unique identifier of the default role to update.

Returned Datatype

For the return datatype, through sub-parameters, you can get information on the group, such as how many users, a list of them, and which assets they can access. You can also get a list of roles using the roles parameter and the default role with defaultRole.

Table: updateDefaultRoleMutation

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Oct 4, 2024
group	Group	yes	`Long-Term`	The group for which to update the default role. See Group.

The datatype above uses another datatype for group information. For your convenience, the table for that sub-datatype is included here:

Table: Group

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 11, 2025
allowedAssetActionsBySource(assetId: string, assetType: AssetPermissionsAssetType, searchDomainId: string): GroupAssetActionsBySource	multiple	yes	`Preview`	Get allowed asset actions for the group on a specific asset and explain how it has gotten this access. See AssetPermissionsAssetType GroupAssetActionsBySource.
defaultQueryPrefix	string		`Long-Term`	The default prefix for queries.
defaultRole	Role		`Long-Term`	The default role associated with the group. See Role.
defaultSearchDomainCount	integer	yes	`Long-Term`	The default search domain count.
displayName	string	yes	`Long-Term`	The display name of the group.
id	string	yes	`Long-Term`	The identifier of the group.
lookupName	string		`Long-Term`	The look-up name for the group.
organizationRoles	[GroupOrganizationRole]	yes	`Long-Term`	The roles of the organization associated with the group. See GroupOrganizationRole.
permissionType	PermissionType		`Long-Term`	Indicates which level of permissions the group contains. See PermissionType .
queryPrefixes(onlyIncludeRestrictiveQueryPrefixes: boolean, onlyForRoleWithId: string): [QueryPrefixes]	multiple		`Long-Term`	The query prefixes for the group. See QueryPrefixes.
roles	[SearchDomainRole]	yes	`Long-Term`	The roles for the group See SearchDomainRole.
searchAssetPermissions(searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction], includeUnassignedAssets: boolean): AssetPermissionSearchResultSet	multiple	yes	`Short-Term`	Search for asset permissions for the group. This is a preview and subject to change. See AssetPermissionsAssetType AssetAction, and AssetPermissionSearchResultSet.
searchDomainCount	integer	yes	`Long-Term`	The number of search domains for the group.
searchDomainRoles(searchDomainId: string): [SearchDomainRole]	multiple	yes	`Long-Term`	The search domain roles assigned to the group. See SearchDomainRole.
searchDomainRolesByName(searchDomainName: string): SearchDomainRole	multiple	yes	`Deprecated`	The search domain roles assigned to the group, by name. See SearchDomainRole. When multiple roles per view is enabled, this field will return only the first of possibly multiple roles matching the name for the view. Use roles, searchDomainRoles, or searchDomainRolesBySearchDomainName fields instead. This field will be removed at the earliest in version 1.195.
searchDomainRolesBySearchDomainName(searchDomainName: string): [SearchDomainRole]	multiple	yes	`Long-Term`	The domain roles by search domain name. See SearchDomainRole.
searchUsers(searchFilter: string, skip: integer, limit: integer, sortBy: OrderByUserField, orderBy: OrderBy): UserResultSetType	multiple		`Long-Term`	Used to search the list of users in the group. See OrderByUserField , OrderBy , UserResultSetType.
systemRoles	[GroupSystemRole]	yes	`Long-Term`	The system roles of the group. See GroupSystemRole.
userCount	integer	yes	`Long-Term`	The number of users that are part of the group.
users	[User]	yes	`Long-Term`	The list of users in the group. See User.

Versions of this Page

GraphQL Mutations

GraphQL API

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes