Check a potential member for membership in a group.
Note: This feature is only available to Google Workspace Enterprise Standard, Enterprise Plus, and Enterprise for Education; and Cloud Identity Premium accounts. If the account of the member is not one of these, a 403 (PERMISSION_DENIED) HTTP status code will be returned.
A member has membership to a group as long as there is a single viewable transitive membership between the group and the member. The actor must have view permissions to at least one transitive membership between the member and group.
HTTP request
GET https://cloudidentity.googleapis.com/v1/{parent=groups/*}/memberships:checkTransitiveMembership
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
parent |
Resource name of the group to check the transitive membership in. Format: |
Query parameters
Parameters | |
---|---|
query |
Required. A CEL expression that MUST include member specification. This is a Certain groups are uniquely identified by both a 'member_key_id' and a 'member_key_namespace', which requires an additional query input: 'member_key_namespace'. Example query: |
Request body
The request body must be empty.
Response body
The response message for MembershipsService.CheckTransitiveMembership
.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "hasMembership": boolean } |
Fields | |
---|---|
hasMembership |
Response does not include the possible roles of a member since the behavior of this rpc is not all-or-nothing unlike the other rpcs. So, it may not be possible to list all the roles definitively, due to possible lack of authorization in some of the paths. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-identity.groups.readonly
https://www.googleapis.com/auth/cloud-identity.groups
https://www.googleapis.com/auth/cloud-identity
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.