Stay organized with collections
Save and categorize content based on your preferences.
Check a potential member for membership in a group.
Note: This feature is only available to Google Workspace Enterprise Standard, Enterprise Plus, and Enterprise for Education; and Cloud Identity Premium accounts. If the account of the member is not one of these, a 403 (PERMISSION_DENIED) HTTP status code will be returned.
A member has membership to a group as long as there is a single viewable transitive membership between the group and the member. The actor must have view permissions to at least one transitive membership between the member and group.
HTTP request
GET https://cloudidentity.googleapis.com/v1/{parent=groups/*}/memberships:checkTransitiveMembership
Resource name of the group to check the transitive membership in.
Format: groups/{group}, where group is the unique id assigned to the Group to which the Membership belongs to.
Query parameters
Parameters
query
string
Required. A CEL expression that MUST include member specification. This is a required field.
Certain groups are uniquely identified by both a 'member_key_id' and a 'member_key_namespace', which requires an additional query input: 'member_key_namespace'.
Example query: member_key_id == 'member_key_id_value'
If successful, the response body contains data with the following structure:
JSON representation
{"hasMembership": boolean}
Fields
hasMembership
boolean
Response does not include the possible roles of a member since the behavior of this rpc is not all-or-nothing unlike the other rpcs. So, it may not be possible to list all the roles definitively, due to possible lack of authorization in some of the paths.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["\u003cp\u003eThis API allows you to check if a potential member has transitive membership in a specified group, requiring the actor to have view permissions to at least one transitive membership between the member and the group.\u003c/p\u003e\n"],["\u003cp\u003eThe service is exclusive to Google Workspace Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium accounts, returning a 403 error for other account types.\u003c/p\u003e\n"],["\u003cp\u003eThe request is made via a \u003ccode\u003eGET\u003c/code\u003e request to \u003ccode\u003ehttps://cloudidentity.googleapis.com/v1/{parent=groups/*}/memberships:checkTransitiveMembership\u003c/code\u003e with a mandatory CEL expression in the \u003ccode\u003equery\u003c/code\u003e parameter to define the member.\u003c/p\u003e\n"],["\u003cp\u003eThe response indicates membership status with a boolean \u003ccode\u003ehasMembership\u003c/code\u003e value, and it does not include member roles due to the API's all-or-nothing behavior and potential authorization limitations.\u003c/p\u003e\n"],["\u003cp\u003eTo perform this operation, the request must be authorized with one of the specified OAuth scopes, such as \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-identity.groups.readonly\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,[]]
