Summary

The updateUser() GraphQL mutation is used to update a user in LogScale — with the user name. If you know their unique identifier, though, you can use instead the updateUserById() mutation.

API Stability Long-Term
Security Requirement & Control ManageUsers API permission

Syntax

graphql
updateUser(
      input: AddUserInput!
   ): UpdateUserMutation!

For the input, you'll have to give the user name, and whatever user information you want to change. See the Input Parameters section for details.

For the results, you can get a multitude of information on the user account. See the Returned Values section.

Example

Raw
graphql
mutation {
  updateUser( input:
       { username: "bob",
         isRoot: true
      } )
  { user { id } }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateUser( input:
       { username: \"bob\",
         isRoot: true
      } )
  { user { id } }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateUser( input:
       { username: \"bob\",
         isRoot: true
      } )
  { user { id } }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateUser( input: ^
       { username: \"bob\", ^
         isRoot: true ^
      } ) ^
  { user { id } } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateUser( input:
       { username: \"bob\",
         isRoot: true
      } )
  { user { id } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  updateUser( input:
       { username: \"bob\",
         isRoot: true
      } )
  { user { id } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateUser( input:
       { username: \"bob\",
         isRoot: true
      } )
  { user { id } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateUser( input:
       { username: \"bob\",
         isRoot: true
      } )
  { user { id } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "updateUser": {
      "user": {
        "id": "abc123"
      }
    }
  }
}

Input Parameters

For the input, you would provide the user name, and whatever you want to change: the user's name, their email address, whether they may have root access, and other information. These parameters are listed and explained in the table below:

Table: AddUserInput Input Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 17, 2024
companystring  Long-TermThe name of the company or other entity associated with the user.
countryCodestring  Long-TermThe two-letter ISO 3166-1 Alpha-2 code for the country of residence (e.g., us).
emailstring  Long-TermThe email address for contacting the user related to the account.
firstNamestring  Long-TermThe first name of the user.
fullNamestring  Long-TermThe full name of the user.
isRootboolean  Long-TermWhether the user has root access.
lastNamestring  Long-TermThe last name or family name of the user.
picturestring  Long-TermThe file name of an image file containing a picture of the user.
stateCodestring  Long-TermThe two-letter, ISO 3166-2 country sub-division code for the state of residence (e.g., ny).
usernamestringyes Long-TermThe name of the user.

Returned Values

For the results, can get a multitude of information on the user account. Besides the usual information (e.g., name, email address, etc.), it can return data about user permissions and access, what groups they're a member and the assets to which they have access. See the second table below for the sub-parameters.

Table: UpdateUserMutation Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 4, 2024
userUseryes Long-TermThe user to update. See User.

The datatype above uses another datatype for user information. For your convenience, the table for that sub-datatype is included here:

Table: User Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Sep 30, 2025
allowedAssetActionsBySource(assetId: string, assetType: AssetPermissionsAssetType, searchDomainId: string): [AssetActionsBySource]multipleyes Short-Term

Get allowed asset actions for the user on a specific asset and explain how these actions have been granted.

See AssetPermissionsAssetType , and AssetActionsBySource.

allowedOrganizationActions[OrganizationAction]yes Long-TermReturns the actions the user is allowed to perform in the organization. See OrganizationAction .
allowedSystemActions[SystemAction]yes Long-TermReturns the actions the user is allowed to perform in the system. See SystemAction Table.
companystring  Long-TermThe name of the company for the user account.
countryCodestring  Long-TermThe two-letter ISO 3166-1 Alpha-2 code for the country of residence (e.g., us).
createdAtdatetimeyes Long-TermThe data and time the account was created.
displayNamestringyes Long-TermThe value of the fullName if used, otherwise the username.
emailstring  Long-TermThe user account's email address for communications from LogScale.
firstNamestring  Long-TermThe user's actual first name (e.g., Bob). Don't use with fullName.
fullNamestring  Long-TermThe user's full name (e.g., Bob Smith). Don't use if using other name parameters.
groups[Group]yes Long-TermThe groups of which the user is a member. See Group.
groupSearchDomainRoles[GroupSearchDomainRole]yes Long-TermThe group search domain roles. See GroupSearchDomainRole.
groupsV2(search: string, typeFilter: [PermissionType], limit: integer, skip: integer, searchInRoles: boolean): GroupResultSetTypemultiple  Short-Term

The groups of which the user is a member. This is a preview and subject to change. The default for skip is 0, and limit is 50.

See PermissionType , and GroupResultSetType.

idstringyes Long-TermThe identifier or token for the user.
isOrgRootbooleanyes Long-TermWhether the organization is granted organization ownership.
isRootbooleanyes Long-TermWhether the user account is granted root access.
lastNamestring  Long-TermThe user's actual last name or family name (e.g., Smith). Don't use with fullName.
permissions(viewName: string): [UserPermissions]multipleyes Long-TermPermissions of the user. See UserPermissions.
permissionsPage(search: string, pageNumber: integer, pageSize: integer): UserPermissionsPagemultipleyes Deprecated

A page of user permissions.

See UserPermissionsPage.

This field is no longer used. It will be removed at the earliest in version 1.208.

phoneNumberstring  Long-TermThe telephone number for LogScale to use for telephone text messages.
picturestring  Long-TermFile name of an image file for the account.
rolesV2(search: string, typeFilter: [PermissionType], limit: integer, skip: integer, searchInGroups: boolean): RolesResultSetTypemultiple  Short-Term

The roles assigned to the user through a group. The default for skip is 0, and limit is 50.

See PermissionType , and RolesResultSetType.

searchAssetPermissions(searchFilter: string, skip: integer, limit: integer, orderBy: OrderBy, sortBy: SortBy, assetTypes: [AssetPermissionsAssetType], searchDomainIds: [string], permissions: [AssetAction]): AssetPermissionSearchResultSetmultiple  Short-Term

Search for asset permissions for the user. This is a preview and subject to change. The default for skip is 0, limit is 50, and OrderBy is ASC.

See AssetPermissionsAssetType , AssetAction , and AssetPermissionSearchResultSet.

searchDomainRoles(searchDomainId: string): [SearchDomainRole]multiple  Long-TermThe search domain roles assigned to the user. See SearchDomainRole.
searchDomainRolesByName(searchDomainName: string): SearchDomainRolemultipleyes Deprecated

The search domain roles for the user, by name. See SearchDomainRole.

This field is deprecated because when multiple roles per view is enabled, it will return only the first of possibly multiple roles matching the name for the view. Use instead searchDomainRoles or searchDomainRolesBySearchDomainName.

searchDomainRolesBySearchDomainName(searchDomainName: string): [SearchDomainRole]multiple  Long-TermThe search domain roles assigned to the user by search domain name. See SearchDomainRole.
stateCodestring  Long-TermThe two-letter, ISO 3166-2 country sub-division code for the state of residence (e.g., ny).
usernamestringyes Long-TermThe user name for the account.
userOrGroupSearchDomainRoles(search: string, skip: integer, limit: integer): UserOrGroupSearchDomainRoleResultSetmultipleyes Long-Term

The user or group search domain roles. The default for skip is 0, and limit is 50.

See UserOrGroupSearchDomainRoleResultSet.