Skip to content
/
Groups
Last updated

Groups

Groups let you manage access for multiple subjects at once. Instead of granting permissions to each user or client individually, you can add them to a group and apply policies to the group as a whole.

When to use groups

  • A team of users needs the same access to a subscription
  • You want to onboard new users with a predefined permission set
  • You need to revoke access for an entire team in one step

List groups

Retrieve all subject groups in your tenant:

curl -i -X GET \
  'https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi/v1/subjects/groups?searchQuery=john&page=1&pageSize=100' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Create a group

curl -i -X POST \
  https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi/v1/subjects/groups \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "displayName": "string",
    "description": "string"
  }'

Response:

{
  "id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
  "displayName": "Finance Team",
  "subjectId": "group-7c9e6679-7425-40de-944b-e07fc1f90ae7",
  "type": "Group"
}

Store the id - you will need it for all subsequent group operations. The subjectId is the group's subject identifier used when creating policies targeting the group.

Applying policies to groups

To grant a group permissions, create a policy with the group's subjectId as the subject. See the Policies guide for details.

Add members to a group

You can add one or more subjects (users or clients) to a group in a single request:

curl -i -X POST \
  'https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi/v1/subjects/groups/{groupSubjectId}/members' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "subjectIds": [
      "string"
    ]
  }'

Example request body:

{
  "subjectIds": [
    "user-550e8400-e29b-41d4-a716-446655440000",
    "user-6ba7b810-9dad-11d1-80b4-00c04fd430c8"
  ]
}

Members immediately inherit all policies assigned to the group.

List group members

Retrieve all subjects within a group:

curl -i -X GET \
  'https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi/v1/subjects/groups/{groupSubjectId}/members?page=1&pageSize=100' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Remove a member from a group

curl -i -X DELETE \
  'https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi/v1/subjects/groups/{groupSubjectId}/members' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "subjectIds": [
      "string"
    ]
  }'

The removed subject immediately loses any permissions that were inherited through this group. Permissions granted directly to the subject (via other policies) are unaffected.

View group permissions

See all policies currently assigned to a group:

curl -i -X GET \
  'https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi/v1/subjects/groups/{groupId}/permissions?resourceType=subscriptions&resourceProvider=aritma.control&action=iam.policy.read' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Delete a group

curl -i -X DELETE \
  'https://developer.aritma.com/_mock/apis/platform/iam/openapi/iam-openapi/v1/subjects/groups/{groupId}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'
Warning

Deleting a group removes all members from the group and deletes all policies associated with the group's subject ID. Members lose any permissions they inherited from this group.

Previous page
Next page