const createdGroups = await client.groups.create([{
name: 'Developers',
capabilities: [{
assetsAcl: {
actions: ['READ'],
scope: { all: {}}
}
}],
}]);from cognite.client.data_classes import GroupWrite
from cognite.client.data_classes.capabilities import AssetsAcl, EventsAcl
my_capabilities = [
AssetsAcl([AssetsAcl.Action.Read], AssetsAcl.Scope.All()),
EventsAcl([EventsAcl.Action.Write], EventsAcl.Scope.DataSet([123, 456]))]
my_group = GroupWrite(name="My Group", capabilities=my_capabilities)
res = client.iam.groups.create(my_group)
grp = GroupWrite(
name="Externally managed group",
capabilities=my_capabilities,
source_id="b7c9a5a4...")
res = client.iam.groups.create(grp)
from cognite.client.data_classes import ALL_USER_ACCOUNTS
all_group = GroupWrite(
name="Everyone is welcome!",
capabilities=my_capabilities,
members=ALL_USER_ACCOUNTS,
)
user_list_group = GroupWrite(
name="Specfic users only",
capabilities=my_capabilities,
members=["XRsSD1k3mTIKG", "M0SxY6bM9Jl"])
res = client.iam.groups.create([user_list_group, all_group])
from cognite.client.data_classes.capabilities import Capability
unparsed_capabilities = [
{'assetsAcl': {'actions': ['READ', 'WRITE'], 'scope': {'all': {}}}},
{'eventsAcl': {'actions': ['WRITE'], 'scope': {'datasetScope': {'ids': [123]}}}},
]
acls = [Capability.load(cap) for cap in unparsed_capabilities]
group = GroupWrite(name="Another group", capabilities=acls)
curl --request POST \
--url https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"items": [
{
"name": "Production Engineers",
"capabilities": [
{
"agentsAcl": {
"actions": [
"READ"
],
"scope": {
"all": {}
}
}
}
],
"metadata": {},
"attributes": {
"token": {
"appIds": [
"<string>"
]
}
},
"sourceId": "b7c9a5a4-99c2-4785-bed3-5e6ad9a78603"
}
]
}
'<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'items' => [
[
'name' => 'Production Engineers',
'capabilities' => [
[
'agentsAcl' => [
'actions' => [
'READ'
],
'scope' => [
'all' => [
]
]
]
]
],
'metadata' => [
],
'attributes' => [
'token' => [
'appIds' => [
'<string>'
]
]
],
'sourceId' => 'b7c9a5a4-99c2-4785-bed3-5e6ad9a78603'
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups"
payload := strings.NewReader("{\n \"items\": [\n {\n \"name\": \"Production Engineers\",\n \"capabilities\": [\n {\n \"agentsAcl\": {\n \"actions\": [\n \"READ\"\n ],\n \"scope\": {\n \"all\": {}\n }\n }\n }\n ],\n \"metadata\": {},\n \"attributes\": {\n \"token\": {\n \"appIds\": [\n \"<string>\"\n ]\n }\n },\n \"sourceId\": \"b7c9a5a4-99c2-4785-bed3-5e6ad9a78603\"\n }\n ]\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"items\": [\n {\n \"name\": \"Production Engineers\",\n \"capabilities\": [\n {\n \"agentsAcl\": {\n \"actions\": [\n \"READ\"\n ],\n \"scope\": {\n \"all\": {}\n }\n }\n }\n ],\n \"metadata\": {},\n \"attributes\": {\n \"token\": {\n \"appIds\": [\n \"<string>\"\n ]\n }\n },\n \"sourceId\": \"b7c9a5a4-99c2-4785-bed3-5e6ad9a78603\"\n }\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"items\": [\n {\n \"name\": \"Production Engineers\",\n \"capabilities\": [\n {\n \"agentsAcl\": {\n \"actions\": [\n \"READ\"\n ],\n \"scope\": {\n \"all\": {}\n }\n }\n }\n ],\n \"metadata\": {},\n \"attributes\": {\n \"token\": {\n \"appIds\": [\n \"<string>\"\n ]\n }\n },\n \"sourceId\": \"b7c9a5a4-99c2-4785-bed3-5e6ad9a78603\"\n }\n ]\n}"
response = http.request(request)
puts response.read_body{
"items": [
{
"name": "Production Engineers",
"id": 123,
"isDeleted": false,
"capabilities": [
{
"agentsAcl": {
"actions": [
"READ"
],
"scope": {
"all": {}
}
},
"projectUrlNames": {
"urlNames": [
"publicdata"
]
}
}
],
"metadata": {},
"attributes": {
"token": {
"appIds": [
"<string>"
]
}
},
"sourceId": "b7c9a5a4-99c2-4785-bed3-5e6ad9a78603",
"deletedTime": 123
}
]
}{
"code": 400,
"message": "<string>",
"missingFields": [
{}
]
}Required capabilities:
groupsAcl:CREATE
Creates one or more named groups, each with a set of capabilities. All users with any group membership in a CDF project automatically get the userProfilesAcl:READ capability and can search for other users. If not assigned automatically, user profiles must be enabled for the project. To enable user profiles, contact support.
const createdGroups = await client.groups.create([{
name: 'Developers',
capabilities: [{
assetsAcl: {
actions: ['READ'],
scope: { all: {}}
}
}],
}]);from cognite.client.data_classes import GroupWrite
from cognite.client.data_classes.capabilities import AssetsAcl, EventsAcl
my_capabilities = [
AssetsAcl([AssetsAcl.Action.Read], AssetsAcl.Scope.All()),
EventsAcl([EventsAcl.Action.Write], EventsAcl.Scope.DataSet([123, 456]))]
my_group = GroupWrite(name="My Group", capabilities=my_capabilities)
res = client.iam.groups.create(my_group)
grp = GroupWrite(
name="Externally managed group",
capabilities=my_capabilities,
source_id="b7c9a5a4...")
res = client.iam.groups.create(grp)
from cognite.client.data_classes import ALL_USER_ACCOUNTS
all_group = GroupWrite(
name="Everyone is welcome!",
capabilities=my_capabilities,
members=ALL_USER_ACCOUNTS,
)
user_list_group = GroupWrite(
name="Specfic users only",
capabilities=my_capabilities,
members=["XRsSD1k3mTIKG", "M0SxY6bM9Jl"])
res = client.iam.groups.create([user_list_group, all_group])
from cognite.client.data_classes.capabilities import Capability
unparsed_capabilities = [
{'assetsAcl': {'actions': ['READ', 'WRITE'], 'scope': {'all': {}}}},
{'eventsAcl': {'actions': ['WRITE'], 'scope': {'datasetScope': {'ids': [123]}}}},
]
acls = [Capability.load(cap) for cap in unparsed_capabilities]
group = GroupWrite(name="Another group", capabilities=acls)
curl --request POST \
--url https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"items": [
{
"name": "Production Engineers",
"capabilities": [
{
"agentsAcl": {
"actions": [
"READ"
],
"scope": {
"all": {}
}
}
}
],
"metadata": {},
"attributes": {
"token": {
"appIds": [
"<string>"
]
}
},
"sourceId": "b7c9a5a4-99c2-4785-bed3-5e6ad9a78603"
}
]
}
'<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'items' => [
[
'name' => 'Production Engineers',
'capabilities' => [
[
'agentsAcl' => [
'actions' => [
'READ'
],
'scope' => [
'all' => [
]
]
]
]
],
'metadata' => [
],
'attributes' => [
'token' => [
'appIds' => [
'<string>'
]
]
],
'sourceId' => 'b7c9a5a4-99c2-4785-bed3-5e6ad9a78603'
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups"
payload := strings.NewReader("{\n \"items\": [\n {\n \"name\": \"Production Engineers\",\n \"capabilities\": [\n {\n \"agentsAcl\": {\n \"actions\": [\n \"READ\"\n ],\n \"scope\": {\n \"all\": {}\n }\n }\n }\n ],\n \"metadata\": {},\n \"attributes\": {\n \"token\": {\n \"appIds\": [\n \"<string>\"\n ]\n }\n },\n \"sourceId\": \"b7c9a5a4-99c2-4785-bed3-5e6ad9a78603\"\n }\n ]\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"items\": [\n {\n \"name\": \"Production Engineers\",\n \"capabilities\": [\n {\n \"agentsAcl\": {\n \"actions\": [\n \"READ\"\n ],\n \"scope\": {\n \"all\": {}\n }\n }\n }\n ],\n \"metadata\": {},\n \"attributes\": {\n \"token\": {\n \"appIds\": [\n \"<string>\"\n ]\n }\n },\n \"sourceId\": \"b7c9a5a4-99c2-4785-bed3-5e6ad9a78603\"\n }\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{cluster}.cognitedata.com/api/v1/projects/{project}/groups")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"items\": [\n {\n \"name\": \"Production Engineers\",\n \"capabilities\": [\n {\n \"agentsAcl\": {\n \"actions\": [\n \"READ\"\n ],\n \"scope\": {\n \"all\": {}\n }\n }\n }\n ],\n \"metadata\": {},\n \"attributes\": {\n \"token\": {\n \"appIds\": [\n \"<string>\"\n ]\n }\n },\n \"sourceId\": \"b7c9a5a4-99c2-4785-bed3-5e6ad9a78603\"\n }\n ]\n}"
response = http.request(request)
puts response.read_body{
"items": [
{
"name": "Production Engineers",
"id": 123,
"isDeleted": false,
"capabilities": [
{
"agentsAcl": {
"actions": [
"READ"
],
"scope": {
"all": {}
}
},
"projectUrlNames": {
"urlNames": [
"publicdata"
]
}
}
],
"metadata": {},
"attributes": {
"token": {
"appIds": [
"<string>"
]
}
},
"sourceId": "b7c9a5a4-99c2-4785-bed3-5e6ad9a78603",
"deletedTime": 123
}
]
}{
"code": 400,
"message": "<string>",
"missingFields": [
{}
]
}Authorizations
Access token issued by the CDF project's configured identity provider. Access token must be an OpenID Connect token, and the project must be configured to accept OpenID Connect tokens. Use a header key of 'Authorization' with a value of 'Bearer $accesstoken'. The token can be obtained through any flow supported by the identity provider.
Body
List of groups to create.
A specification for creating a new group
- managedExternally
- managedInCDF
Show child attributes
Show child attributes
Response
A list of the created groups.
Group membership managed by the external identity provider
- managedExternally
- managedInCDF
Show child attributes
Show child attributes
Was this page helpful?