Skip to main content

Create/Update Groups

Endpoint: PUT /api/groups/{id}

Creates or updates a group in your Conductor cluster. The invoking user must be an Admin to the Conductor cluster.

Path parameters

ParameterDescriptionTypeRequired/ Optional
idThe name of the group.stringRequired.

Request body

ParameterDescriptionTypeRequired/ Optional
descriptionA description of the group.stringRequired.
rolesThe role to assign for the group. Supported values:
  • ADMIN: Superuser. Full access to the system and resources. Can manage users and groups.
  • USER: Regular user group with permissions to create workflow definitions, task definitions, applications, integrations, secrets, and user forms. Has full API Gateway access, including view and management permissions. Can search workflows.
  • METADATA_MANAGER: Can manage all workflow and task definitions in the cluster, including performing any action regardless of workflow or task ownership. Can view and manage API Gateway configurations. Can create integrations and secrets.
  • WORKFLOW_MANAGER: Can view, execute, and manage all workflow executions in the system, including start, pause, resume, rerun, retry, restart, terminate, and delete actions. Has execute and read access to workflow and task definitions.
  • USER_READ_ONLY: Can view applications, metadata, workflows, API gateway, and search workflows.
arrayRequired.
defaultAccessDefines the default permissions automatically granted to the group when a group member creates a workflow definition, task definition, or workflow schedule.
Supported keys:
  • WORKFLOW_DEF
  • TASK_DEF
  • WORKFLOW_SCHEDULE
Supported values:
  • CREATE
  • READ
  • EXECUTE
  • UPDATE
  • DELETE
objectOptional.

Response

Returns the created or updated group object with its ID, description, and roles. Returns 403 if a non-admin invokes the API.

Examples

Create a new group

Request

curl -X 'PUT' \
  'https://<YOUR-SERVER-URL>/api/groups/TechWriters' \
  -H 'accept: application/json' \
  -H 'X-Authorization: <TOKEN>' \
  -H 'Content-Type: application/json' \
  -d '{
  "description": "A dedicated group for testing",
  "roles": [
    "ADMIN"
  ]
}'

Response

{
  "id": "TechWriters",
  "description": "A dedicated group for testing",
  "roles": [
    {
      "name": "ADMIN",
      "permissions": [
        {
          "name": "AUTHORIZATION_MANAGEMENT"
        },
        {
          "name": "WORKFLOW_SEARCH"
        },
        {
          "name": "PUBLISHER_MANAGEMENT"
        },
        {
          "name": "API_GATEWAY_VIEW"
        },
        {
          "name": "API_GATEWAY_MANAGEMENT"
        },
        {
          "name": "WORKFLOW_MANAGEMENT"
        },
        {
          "name": "PROMPT_MANAGEMENT"
        },
        {
          "name": "EVENT_HANDLER_MANAGEMENT"
        },
        {
          "name": "USER_MANAGEMENT"
        },
        {
          "name": "PERMISSION_MANAGEMENT"
        },
        {
          "name": "METADATA_VIEW"
        },
        {
          "name": "ADMIN_MANAGEMENT"
        },
        {
          "name": "METADATA_MANAGEMENT"
        },
        {
          "name": "APPLICATION_MANAGEMENT"
        },
        {
          "name": "BULK_MANAGEMENT"
        },
        {
          "name": "SCHEDULE_MANAGEMENT"
        }
      ]
    }
  ],
  "defaultAccess": {},
  "contactInformation": {}
}
Update an existing group

Request

curl -X 'PUT' \
  'https://<YOUR-SERVER-URL>/api/groups/TechWriters' \
  -H 'accept: application/json' \
  -H 'X-Authorization: <TOKEN>' \
  -H 'Content-Type: application/json' \
  -d '{
  "description": "A dedicated group for testing for tech writers",
  "roles": [
    "METADATA_MANAGER"
  ]
}'

Response

{
  "id": "TechWriters",
  "description": "A dedicated group for testing for tech writers",
  "roles": [
    {
      "name": "METADATA_MANAGER",
      "permissions": [
        {
          "name": "API_GATEWAY_VIEW"
        },
        {
          "name": "API_GATEWAY_MANAGEMENT"
        },
        {
          "name": "CREATE_INTEGRATION"
        },
        {
          "name": "CREATE_SECRET"
        },
        {
          "name": "METADATA_VIEW"
        },
        {
          "name": "METADATA_MANAGEMENT"
        }
      ]
    }
  ],
  "defaultAccess": {},
  "contactInformation": {}
}
Create a group with defaultAccess

In this example, you will:

  1. Create a group with defaultAccess configured for WORKFLOW_DEF.
  2. Verify that defaultAccess is configured correctly on the group.
  3. Add a member to the group.
  4. Have the member create a workflow definition.
  5. Verify that the group is automatically granted the configured permissions on the workflow definition.

Step 1: Create the group

Create a group with USER role and defaultAccess configured for WORKFLOW_DEF.

Request

curl -X 'PUT' \
  'https://<YOUR-SERVER-URL>/api/groups/TechWriters' \
  -H 'accept: application/json' \
  -H 'X-Authorization: <TOKEN>' \
  -H 'Content-Type: application/json' \
  -d '{
  "description": "A dedicated group for tech writers",
  "roles": [
    "USER"
  ],
  "defaultAccess": {
    "WORKFLOW_DEF": ["READ", "EXECUTE"]
  }
}
'

Step 2: Verify the defaultAccess configuration

To confirm that defaultAccess is configured correctly, call GET /api/groups/TechWriters.

Request

curl -X 'GET' \
  'https://<YOUR-SERVER-URL>/api/groups/TechWriters' \
  -H 'accept: application/json' \
  -H 'X-Authorization: <TOKEN>'

Response

{
  "id": "TechWriters",
  "description": "A dedicated group for tech writers",
  "roles": [
    {
      "name": "USER",
      "permissions": [
        {
          "name": "CREATE_SECRET"
        },
        {
          "name": "API_GATEWAY_VIEW"
        },
        {
          "name": "CREATE_USER_FORM_TEMPLATE"
        },
        {
          "name": "CREATE_WORKFLOW_DEF"
        },
        {
          "name": "CREATE_TASK_DEF"
        },
        {
          "name": "WORKFLOW_SEARCH"
        },
        {
          "name": "CREATE_INTEGRATION"
        },
        {
          "name": "CREATE_APPLICATION"
        },
        {
          "name": "API_GATEWAY_MANAGEMENT"
        }
      ]
    }
  ],
  "defaultAccess": {
    "WORKFLOW_DEF": [
      "EXECUTE",
      "READ"
    ]
  },
  "contactInformation": {}
}

The defaultAccess field confirms that when a group member creates a workflow definition, the group is automatically granted READ and EXECUTE permissions on that resource.

Step 3: Add a member to the group

Add a user to TechWriters.

Request

curl -X 'POST' \
  'https://<YOUR-SERVER-URL>/api/groups/TechWriters/users/john.doe%40acme.com' \
  -H 'accept: application/json' \
  -H 'X-Authorization: <TOKEN>' \
  -d ''

Step 4: Member creates a workflow definition

Let the group member create a workflow definition using their own credentials. Let the name of the workflow be Test Workflow.

Step 5: Verify the group permissions

Confirm that the group was automatically granted the configured permissions on the workflow definition created in Step 4.

Request

curl -X 'GET' \
  'https://<YOUR-SERVER-URL/api/groups/TechWriters/permissions' \
  -H 'accept: application/json' \
  -H 'X-Authorization: <TOKEN>'

Response

{
  "grantedAccess": [
    {
      "target": {
        "type": "WORKFLOW_DEF",
        "id": "Test Workflow"
      },
      "access": [
        "EXECUTE",
        "READ"
      ]
    }
  ]
}

This confirms that the group was automatically granted READ and EXECUTE access on Test Workflow when the group member created it.

Therefore, any workflow definitions created by any member of the TechWriters will automatically have READ and EXECUTE access granted to the group.