Method: groups.memberships.getMembershipGraph

Get a membership graph of just a member or both a member and a group.

Note: This feature is only available to Google Workspace Enterprise Standard, Enterprise Plus, and Enterprise for Education; and Cloud Identity Premium accounts. If the account of the member is not one of these, a 403 (PERMISSION_DENIED) HTTP status code will be returned.

Given a member, the response will contain all membership paths from the member. Given both a group and a member, the response will contain all membership paths between the group and the member.

HTTP request

GET https://cloudidentity.googleapis.com/v1/{parent=groups/*}/memberships:getMembershipGraph

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. Resource name of the group to search transitive memberships in.

Format: groups/{group}, where group is the unique ID assigned to the Group to which the Membership belongs to. group can be a wildcard collection id "-".

When a group is specified, the membership graph will be constrained to paths between the member (defined in the query) and the parent. If a wildcard collection is provided, all membership paths connected to the member will be returned.

Query parameters

Parameters
query

string

Required. A CEL expression that MUST include member specification AND label(s).

Certain groups are uniquely identified by both a 'member_key_id' and a 'member_key_namespace', which requires an additional query input: 'member_key_namespace'.

Example query: member_key_id == 'member_key_id_value' && <label_value> in labels

Request body

The request body must be empty.

Response body

If successful, the response body contains an instance of Operation.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-identity.groups.readonly
  • https://www.googleapis.com/auth/cloud-identity.groups
  • https://www.googleapis.com/auth/cloud-identity
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.