Managing memberships for Google Groups

After a group exists, you can create memberships for it. This page explains how to perform some fundamental membership operations with the Cloud Identity Groups API. To learn how to create a Google Group, refer to Creating and searching for Google Groups.

Before you begin

Add a membership to a Google Group

REST

Use the memberships.create method to add a member to a group.

Before using any of the request data, make the following replacements:

  • GROUP_ID: The numeric ID of the group that you want to add a member to. To find the ID of a single group, use the groups.lookup method. To see all group IDs under a customer or namespace, use the groups.list method.
  • MEMBER_ID: The ID of the member. For Google-managed entities, use the member's email address. For external-identity-mapped entities, use a string that meets the identity source's requirements.
  • ROLE_NAME: The name of the role that you want to grant to the member. Use OWNER, MANAGER, or MEMBER.
  • PROJECT_ID: The alphanumeric ID of the Google Cloud project that you want to use to make the request.

HTTP method and URL:

POST https://cloudidentity.googleapis.com/v1/groups/GROUP_ID/memberships

Request JSON body:

{
  "preferredMemberKey": {
    "id": "MEMBER_ID"
  },
  "roles": [
    {
      "name": "MEMBER"
    }
  ]
}

To send your request, expand one of these options:

The response contains an Operation indicting the status of your request.

Finished operations contain the membership that was added. For example:

{
  "done": true,
  "response": {
    "@type": "type.googleapis.com/google.apps.cloudidentity.groups.v1.Membership",
    "name": "groups/GROUP_ID/memberships/123456789012345678901",
    "preferredMemberKey": {
      "id": "MEMBER_ID"
    },
    "roles": [
      {
        "name": "MEMBER"
      }
    ]
  }
}

You can also use the memberships.create method to add a member as a manager or owner of the group:

  • To make someone a manager of the group, follow the procedure to add a member to the group, but use the following request body:

    {
      "preferredMemberKey": {
        "id": "MEMBER_ID"
      },
      "roles": [
        {
          "name": "MEMBER"
        }
        {
          "name": "MANAGER"
        }
      ]
    }
  • To make someone an owner of the group, follow the procedure to add a member to the group, but use the following request body:

    {
      "preferredMemberKey": {
        "id": "MEMBER_ID"
      },
      "roles": [
        {
          "name": "MEMBER"
        }
        {
          "name": "OWNER"
        }
      ]
    }

Python

The following code shows you how to add a membership to a group. expiryDetail is an optional field that can be added to set an expiration for the membership. The value of preferredMemberKey is the member's email address.

def create_google_group_membership(service, identity_source_id, group_id, member_key):
  param = "&groupKey.id=" + group_id + "&groupKey.namespace=identitysources/" + identity_source_id
  try:
    lookupGroupNameRequest = service.groups().lookup()
    lookupGroupNameRequest.uri += param
    # Given a group ID and namespace, retrieve the ID for parent group
    lookupGroupNameResponse = lookupGroupNameRequest.execute()
    groupName = lookupGroupNameResponse.get("name")
    # Create a membership object with a memberKey and a single role of type MEMBER
    membership = {
      "preferredMemberKey": {"id": member_key},
      "roles" : {
        "name" : "MEMBER",
        "expiryDetail": {
          "expireTime": "2021-10-02T15:01:23Z"
        }
      }
    }
    # Create a membership using the ID for the parent group and a membership object
    response = service.groups().memberships().create(parent=groupName, body=membership).execute()
    print(response)
  except Exception as e:
    print(e)

List memberships of a Google Group

REST

Use the memberships.list method to list the members of a group.

Before using any of the request data, make the following replacements:

  • GROUP_ID: The numeric ID of the group that you want to list members for. To find the ID of a single group, use the groups.lookup method. To see all group IDs under a customer or namespace, use the groups.list method.
  • PROJECT_ID: The alphanumeric ID of the Google Cloud project that you want to use to make the request.

HTTP method and URL:

GET https://cloudidentity.googleapis.com/v1/groups/GROUP_ID/memberships

To send your request, expand one of these options:

The response contains an array of all members in the group and their roles.

Python

The following code lists the memberships for a group:

def list_google_group_memberships(service, group_id):
  param = "&groupKey.id=" + group_id
  try:
    lookup_group_name_request = service.groups().lookup()
    lookup_group_name_request.uri += param
    lookup_group_name_response = lookup_group_name_request.execute()
    group_name = lookup_group_name_response.get("name")
    # List memberships
    response = service.groups().memberships().list(parent=group_name).execute()
    print(response)
  except Exception as e:
    print(e)