REST Resource: groups.memberships

Stay organized with collections Save and categorize content based on your preferences.

Resource: Membership

A membership within the Cloud Identity Groups API.

A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".

JSON representation 
{
  "name": string,
  "memberKey": {
    object (EntityKey)
  },
  "createTime": string,
  "updateTime": string,
  "roles": [
    {
      object (MembershipRole)
    }
  ],
  "preferredMemberKey": {
    object (EntityKey)
  },
  "type": enum (Type)
}
Fields
name

string

Output only. The resource name of the Membership.

Shall be of the form groups/{groupId}/memberships/{membership_id}.
memberKey

object (EntityKey)

Immutable. The EntityKey of the member.

Either memberKey or preferredMemberKey must be set when calling MembershipsService.CreateMembership but not both; both shall be set when returned.
createTime

string (Timestamp format)

Output only. The time when the Membership was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
updateTime

string (Timestamp format)

Output only. The time when the Membership was last updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
roles[]

object (MembershipRole)

The MembershipRoles that apply to the Membership.

If unspecified, defaults to a single MembershipRole with name MEMBER.

Must not contain duplicate MembershipRoles with the same name.
preferredMemberKey

object (EntityKey)

Required. Immutable. The EntityKey of the member.

Either memberKey or preferredMemberKey must be set when calling MembershipsService.CreateMembership but not both; both shall be set when returned.
type

enum (Type)

Output only. The type of the membership.

MembershipRole

A membership role within the Cloud Identity Groups API.

A MembershipRole defines the privileges granted to a Membership.

JSON representation 
{
  "name": string,
  "expiryDetail": {
    object (ExpiryDetail)
  },
  "restrictionEvaluations": {
    object (RestrictionEvaluations)
  }
}
Fields
name

string

The name of the MembershipRole.

Must be one of OWNER, MANAGER, MEMBER.
expiryDetail

object (ExpiryDetail)

The expiry details of the MembershipRole.

Expiry details are only supported for MEMBER MembershipRoles.

May be set if name is MEMBER. Must not be set if name is any other value.
restrictionEvaluations

object (RestrictionEvaluations)

Evaluations of restrictions applied to parent group on this membership.

ExpiryDetail

The MembershipRole expiry details.

JSON representation 
{
  "expireTime": string
}
Fields
expireTime

string (Timestamp format)

The time at which the MembershipRole will expire.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

RestrictionEvaluations

Evaluations of restrictions applied to parent group on this membership.

JSON representation 
{
  "memberRestrictionEvaluation": {
    object (RestrictionEvaluation)
  }
}
Fields
memberRestrictionEvaluation

object (RestrictionEvaluation)

Evaluation of the member restriction applied to this membership.

Empty if the user lacks permission to view the restriction evaluation.

RestrictionEvaluation

The evaluated state of this restriction.

JSON representation 
{
  "state": enum (State)
}
Fields
state

enum (State)

Output only. The current state of the restriction

State

All possible states of a restriction.

Enums
STATE_UNSPECIFIED Default. Should not be used.
COMPLIANT The member adheres to the parent group's restriction.
FORWARD_COMPLIANT The group-group membership might be currently violating some parent group's restriction but in future, it will never allow any new member in the child group which can violate parent group's restriction.
NON_COMPLIANT The member violates the parent group's restriction.
EVALUATING The state of the membership is under evaluation.

Type

Enums
TYPE_UNSPECIFIED Default. Should not be used.
USER Represents user type.
SERVICE_ACCOUNT Represents service account type.
GROUP Represents group type.
SHARED_DRIVE Represents Shared drive.
OTHER Represents other type.

Methods

checkTransitiveMembership

 Check a potential member for membership in a group.

create

 Creates a Membership.

delete

 Deletes a Membership.

get

 Retrieves a Membership.

getMembershipGraph

 Get a membership graph of just a member or both a member and a group.

list

 Lists the Memberships within a Group.

lookup

 Looks up the resource name of a Membership by its EntityKey.

modifyMembershipRoles

 Modifies the MembershipRoles of a Membership.

searchTransitiveGroups

 Search transitive groups of a member.

searchTransitiveMemberships

 Search transitive memberships of a group.