Update user group
This page will soon be available only on the dedicated Dynatrace Managed Documentation site. Update your bookmarks.
This API call updates a cluster user group.
Authentication
To execute this request, you need the Service Provider API (ServiceProviderAPI) permission assigned to your API token. Generate your API token via Cluster Management Console (CMC). To learn how to obtain and use it, see Cluster API - Authentication.
Endpoint
/api/v1.0/onpremise/groups
Parameter
| Parameter | Type | Description | In | Required |
|---|---|---|---|---|
| body | GroupConfig | Request body used for updating existing user group. For updating user group set correct 'id', not setting 'id' will return 'Bad Request'. Trying to change group name to one that already exists will return 'Bad Request'. Trying to update group that doesn't exist will return 'Not Acceptable'. 'isAccessAccount' value is ignored when 'Dynatrace Platform Subscription' is not in use. | body | optional |
Request body objects
The GroupConfig object
The configuration of the group.
| Element | Type | Description | Required |
|---|---|---|---|
| accessRight | object | Access rights | optional |
| id | string | Group ID. Leave empty if creating group. Set if updating group. | required |
| isAccessAccount | boolean | (only applicable for Dynatrace Platform Subscription license model) If true, then the group has the "Access account" rights. Users assigned to a group with this permission can access account.dynatrace.com service to see Dynatrace Platform Subscription utilization and manage license quotas. | optional |
| isClusterAdminGroup | boolean | If true, then the group has the "cluster administrator" rights. Users assigned to a group with this permission are automatically given administrator access rights for all environments. They have access to Cluster Management Console and can manage your monitoring environments and Dynatrace Server. Users assigned to groups with this permission can also: Add new Dynatrace Server nodes, upgrade Dynatrace Server, manage Dynatrace Managed users and user groups, install Dynatrace OneAgent into any monitoring environment, configure monitoring settings for any monitoring environment. | required |
| isManageAccount | boolean | If true, then the group has "Edit billing & account info" rights. Users assigned to a group with this permission can access myaccount.dynatrace.com service to see product usage statistics, license utilization and account information. | optional |
| ldapGroupNames | string[] | LDAP group names | optional |
| name | string | Group name | required |
| ssoGroupNames | string[] | SSO group names. If defined it's used to map SSO group name to Dynatrace group name, otherwise mapping is done by group name | optional |
Request body JSON model
This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.
1{2 "accessRight": {},3 "id": "string",4 "isAccessAccount": true,5 "isClusterAdminGroup": true,6 "isManageAccount": true,7 "ldapGroupNames": [8 "string"9 ],10 "name": "string",11 "ssoGroupNames": [12 "string"13 ]14}
Response
Response codes
| Code | Type | Description |
|---|---|---|
| 200 | GroupConfig | Successfully updated |
| 400 | - | Operation failed. The input is invalid. Possible reasons:
|
| 406 | - | Not acceptable. Group name already exists or group not found |
Response body objects
The GroupConfig object
The configuration of the group.
| Element | Type | Description |
|---|---|---|
| accessRight | object | Access rights |
| id | string | Group ID. Leave empty if creating group. Set if updating group. |
| isAccessAccount | boolean | (only applicable for Dynatrace Platform Subscription license model) If true, then the group has the "Access account" rights. Users assigned to a group with this permission can access account.dynatrace.com service to see Dynatrace Platform Subscription utilization and manage license quotas. |
| isClusterAdminGroup | boolean | If true, then the group has the "cluster administrator" rights. Users assigned to a group with this permission are automatically given administrator access rights for all environments. They have access to Cluster Management Console and can manage your monitoring environments and Dynatrace Server. Users assigned to groups with this permission can also: Add new Dynatrace Server nodes, upgrade Dynatrace Server, manage Dynatrace Managed users and user groups, install Dynatrace OneAgent into any monitoring environment, configure monitoring settings for any monitoring environment. |
| isManageAccount | boolean | If true, then the group has "Edit billing & account info" rights. Users assigned to a group with this permission can access myaccount.dynatrace.com service to see product usage statistics, license utilization and account information. |
| ldapGroupNames | string[] | LDAP group names |
| name | string | Group name |
| ssoGroupNames | string[] | SSO group names. If defined it's used to map SSO group name to Dynatrace group name, otherwise mapping is done by group name |
Response body JSON model
1{2 "accessRight": {},3 "id": "string",4 "isAccessAccount": true,5 "isClusterAdminGroup": true,6 "isManageAccount": true,7 "ldapGroupNames": [8 "string"9 ],10 "name": "string",11 "ssoGroupNames": [12 "string"13 ]14}
Example
In this example, you update the Sales Group user group to only map to sales LDAP group membership. This group will allow access Cluster Management Console and Account Management full rights. As a response, you'll receive back the entity's current state.
Curl
1curl -X 'PUT' \2 'https://myManaged.cluster.com/api/v1.0/onpremise/groups' \3 -H 'accept: application/json' \4 -H 'Authorization: Api-Token FG563.LKJHDFLKJHDFHLKJDGV.ABCDEFGHJKLMNOP' \5 -H 'Content-Type: application/json' \6 -d '{7 "isClusterAdminGroup": true,8 "isAccessAccount": true,9 "isManageAccount": true,10 "id": "salesgroup",11 "name": "Sales Group",12 "ldapGroupNames": [13 "sales"14 ]15 }16}'
Request URL
1https://myManaged.cluster.com/api/v1.0/onpremise/groups
Response body
1{2 "isClusterAdminGroup": true,3 "isAccessAccount": true,4 "isManageAccount": true,5 "id": "salesgroup",6 "name": "Sales Group",7 "ldapGroupNames": [8 "sales"9 ]10 }
Response code
200