Method: groups.memberships.searchTransitiveGroups

Search transitive groups of a member.

Note: This feature is only available to Google Workspace Enterprise Standard, Enterprise Plus, and Enterprise for Education; and Cloud Identity Premium accounts. If the account of the member is not one of these, a 403 (PERMISSION_DENIED) HTTP status code will be returned.

A transitive group is any group that has a direct or indirect membership to the member. Actor must have view permissions all transitive groups.

HTTP request

GET https://cloudidentity.googleapis.com/v1/{parent=groups/*}/memberships:searchTransitiveGroups

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`parent`	`string` Resource name of the group to search transitive memberships in. Format: `groups/{group}`, where `group` is always '-' as this API will search across all groups for a given member.

parent

string

Resource name of the group to search transitive memberships in.

Format: groups/{group}, where group is always '-' as this API will search across all groups for a given member.

Query parameters

Parameters

Parameters
`query`	`string` Required. A CEL expression that MUST include member specification AND label(s). This is a `required` field. Users can search on label attributes of groups. CONTAINS match ('in') is supported on labels. Identity-mapped groups are uniquely identified by both a `member_key_id` and a `member_key_namespace`, which requires an additional query input: `member_key_namespace`. Example query: `member_key_id == 'member_key_id_value' && <label_value> in labels` Query may optionally contain equality operators on the parent of the group restricting the search within a particular customer, e.g. `parent == 'customers/{customerId}'`. The `customerId` must begin with "C" (for example, 'C046psxkn'). This filtering is only supported for Admins with groups read permissons on the input customer. Example query: `member_key_id == 'member_key_id_value' && <label_value> in labels && parent == 'customers/C046psxkn'`
`pageSize`	`integer` The default page size is 200 (max 1000).
`pageToken`	`string` The nextPageToken value returned from a previous list request, if any.

query

string

Required. A CEL expression that MUST include member specification AND label(s). This is a required field.

Users can search on label attributes of groups. CONTAINS match ('in') is supported on labels. Identity-mapped groups are uniquely identified by both a member_key_id and a member_key_namespace, which requires an additional query input: member_key_namespace.

Example query: member_key_id == 'member_key_id_value' && <label_value> in labels

Query may optionally contain equality operators on the parent of the group restricting the search within a particular customer, e.g. parent == 'customers/{customerId}'. The customerId must begin with "C" (for example, 'C046psxkn'). This filtering is only supported for Admins with groups read permissons on the input customer.

Example query: member_key_id == 'member_key_id_value' && <label_value> in labels && parent == 'customers/C046psxkn'

pageSize

integer

The default page size is 200 (max 1000).

pageToken

string

The nextPageToken value returned from a previous list request, if any.

Request body

The request body must be empty.

Response body

The response message for MembershipsService.SearchTransitiveGroups.

If successful, the response body contains data with the following structure:

JSON representation
{ "memberships": [ { object (`GroupRelation`) } ], "nextPageToken": string }

Fields

Fields
`memberships[]`	`object (GroupRelation)` List of transitive groups satisfying the query.
`nextPageToken`	`string` Token to retrieve the next page of results, or empty if there are no more results available for listing.

memberships[]

object (GroupRelation)

List of transitive groups satisfying the query.

nextPageToken

string

Token to retrieve the next page of results, or empty if there are no more results available for listing.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-identity.groups.readonly
https://www.googleapis.com/auth/cloud-identity.groups
https://www.googleapis.com/auth/cloud-identity
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GroupRelation

Message representing a transitive group of a user or a group.

JSON representation

JSON representation
{ "groupKey": { object (`EntityKey`) }, "group": string, "displayName": string, "roles": [ { object (`TransitiveMembershipRole`) } ], "relationType": enum (`RelationType`), "labels": { string: string, ... } }

{
  "groupKey": {
    object (EntityKey)
  },
  "group": string,
  "displayName": string,
  "roles": [
    {
      object (TransitiveMembershipRole)
    }
  ],
  "relationType": enum (RelationType),
  "labels": {
    string: string,
    ...
  }
}

Fields
`groupKey`	`object (EntityKey)` Entity key has an id and a namespace. In case of discussion forums, the id will be an email address without a namespace.
`group`	`string` Resource name for this group.
`displayName`	`string` Display name for this group.
`roles[]`	`object (TransitiveMembershipRole)` Membership roles of the member for the group.
`relationType`	`enum (RelationType)` The relation between the member and the transitive group.
`labels`	`map (key: string, value: string)` Labels for Group resource. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.