Managing memberships for Google Groups
After a group exists, you can create memberships for it. This page explains how to perform some fundamental membership operations with the Cloud Identity Groups API. To learn how to create a Google Group, refer to Creating and searching for Google Groups.
Before you begin
Enable the Cloud Identity API.
Set up authentication and install the client libraries. See Setting up the Cloud Identity Groups API to learn how.
Add a membership to a Google Group
REST
Use the memberships.create
method to add a member to a group.
Before using any of the request data, make the following replacements:
-
GROUP_ID
: The numeric ID of the group that you want to add a member to. To find the ID of a single group, use thegroups.lookup
method. To see all group IDs under a customer or namespace, use thegroups.list
method. -
MEMBER_ID
: The ID of the member. For Google-managed entities, use the member's email address. For external-identity-mapped entities, use a string that meets the identity source's requirements. -
ROLE_NAME
: The name of the role that you want to grant to the member. UseOWNER
,MANAGER
, orMEMBER
. -
PROJECT_ID
: The alphanumeric ID of the Google Cloud project that you want to use to make the request.
HTTP method and URL:
POST https://cloudidentity.googleapis.com/v1/groups/GROUP_ID/memberships
Request JSON body:
{ "preferredMemberKey": { "id": "MEMBER_ID" }, "roles": [ { "name": "MEMBER" } ] }
To send your request, expand one of these options:
The response contains an Operation
indicting the status of your request.
Finished operations contain the membership that was added. For example:
{
"done": true,
"response": {
"@type": "type.googleapis.com/google.apps.cloudidentity.groups.v1.Membership",
"name": "groups/GROUP_ID/memberships/123456789012345678901",
"preferredMemberKey": {
"id": "MEMBER_ID"
},
"roles": [
{
"name": "MEMBER"
}
]
}
}
You can also use the memberships.create
method to add a member as a
manager or owner of the group:
To make someone a manager of the group, follow the procedure to add a member to the group, but use the following request body:
{ "preferredMemberKey": { "id": "MEMBER_ID" }, "roles": [ { "name": "MEMBER" } { "name": "MANAGER" } ] }
To make someone an owner of the group, follow the procedure to add a member to the group, but use the following request body:
{ "preferredMemberKey": { "id": "MEMBER_ID" }, "roles": [ { "name": "MEMBER" } { "name": "OWNER" } ] }
Python
The following code shows you how to add a membership to a group.
expiryDetail
is an optional field that can be added to set an expiration
for the membership. The value of preferredMemberKey
is the member's email
address.
def create_google_group_membership(service, identity_source_id, group_id, member_key):
param = "&groupKey.id=" + group_id + "&groupKey.namespace=identitysources/" + identity_source_id
try:
lookupGroupNameRequest = service.groups().lookup()
lookupGroupNameRequest.uri += param
# Given a group ID and namespace, retrieve the ID for parent group
lookupGroupNameResponse = lookupGroupNameRequest.execute()
groupName = lookupGroupNameResponse.get("name")
# Create a membership object with a memberKey and a single role of type MEMBER
membership = {
"preferredMemberKey": {"id": member_key},
"roles" : {
"name" : "MEMBER",
"expiryDetail": {
"expireTime": "2021-10-02T15:01:23Z"
}
}
}
# Create a membership using the ID for the parent group and a membership object
response = service.groups().memberships().create(parent=groupName, body=membership).execute()
print(response)
except Exception as e:
print(e)
List memberships of a Google Group
REST
Use the memberships.list
method to list the members of a group.
Before using any of the request data, make the following replacements:
-
GROUP_ID
: The numeric ID of the group that you want to list members for. To find the ID of a single group, use thegroups.lookup
method. To see all group IDs under a customer or namespace, use thegroups.list
method. -
PROJECT_ID
: The alphanumeric ID of the Google Cloud project that you want to use to make the request.
HTTP method and URL:
GET https://cloudidentity.googleapis.com/v1/groups/GROUP_ID/memberships
To send your request, expand one of these options:
The response contains an array of all members in the group and their roles.
Python
The following code lists the memberships for a group:
def list_google_group_memberships(service, group_id):
param = "&groupKey.id=" + group_id
try:
lookup_group_name_request = service.groups().lookup()
lookup_group_name_request.uri += param
lookup_group_name_response = lookup_group_name_request.execute()
group_name = lookup_group_name_response.get("name")
# List memberships
response = service.groups().memberships().list(parent=group_name).execute()
print(response)
except Exception as e:
print(e)