Skip to content

User group resources

Zenoss Cloud manages users as members of groups, not as individuals. To enable access, create a Zenoss Cloud group and assign one or more roles to the group. If you are using an outside identity service, create Zenoss Cloud groups that match the group names in your identity service. For more information, see Managing groups.

Resource list

POST /v1/user-mgmt/end-user-groups

Creates a new group.

Fields

Field Required? Type Description
name Yes String

A name for the new group.

cloudRoles Yes Array

A list of one or more Zenoss Cloud roles.

Use the internal role names, not the display names, for this field:

Internal name Display name
read_only_user ReadOnlyUser
user User
key_creator Key Creator
key_administrator Key Administrator
manager Manager

Zenoss Cloud adds the Delegate to Collection Zone role to each new group.

restrictionFilters No Array

A list of one or more restriction filters.

The syntax of a restriction filter is CollectionZoneNumber:OrganizerPath. For example, cz0:Location/Austin.

For most deployments, the value of CollectionZoneNumber is cz0. If your deployment includes multiple Collection Zones, check the URI of the organizer home page for the correct number.

NOTE: For the Locations organizer only, the organizer name portion of OrganizerPath must be Location (singular), not Locations (plural).

Status codes

  • 200 (success)
  • 400 (bad request)
  • 401 (unauthorized; missing or invalid authentication key)

Example

curl https://YOUR-API-ENDPOINT/v1/user-mgmt/end-user-groups \
  -H "content-type: application/json" \
  -H "zenoss-api-key: YOUR-API-KEY" \
  -X POST -s -S -d \
'{
  "name": "mygroup",
  "cloudRoles": [
    "user"
  ],
  "restrictionFilters": [
    "cz0:Devices/HTTP"
  ]
}'
{}
{
  "code": 3,
  "message": "unknown value \"\\\"mgr\\\"\" for enum zenoss.cloud.CloudRoles"
}

GET /v1/user-mgmt/end-user-groups/{group-name}

Gets a group.

Status codes

  • 200 (success)
  • 401 (unauthorized; missing or invalid authentication key)
  • 404 (not found)

Example

curl https://YOUR-API-ENDPOINT/v1/user-mgmt/end-user-groups/YOUR-GROUP-NAME \
  -H "content-type: application/json" \
  -H "zenoss-api-key: YOUR-API-KEY" \
  -X GET
{
  "name": "mygroup",
  "cloudRoles": [
    "user"
  ],
  "restrictionFilters": [
    "cz0:Devices/HTTP"
  ]
} 

PUT /v1/user-mgmt/end-user-groups/{group-name}

Updates an existing group.

The fields you specify replace the existing fields.

Fields

Field Required? Type Description
name Yes String

The name of an existing group.

cloudRoles Yes Array

A list of one or more Zenoss Cloud roles.

Use the internal role names, not the display names, for this field:

Internal name Display name
read_only_user ReadOnlyUser
user User
key_creator Key Creator
key_administrator Key Administrator
manager Manager
newName No String A new name for the group.
restrictionFilters No Array

A list of one or more restriction filters.

The syntax of a restriction filter is CollectionZoneNumber:OrganizerPath. For example, cz0:Location/Austin.

For most deployments, the value of CollectionZoneNumber is cz0. If your deployment includes multiple Collection Zones, check the URI of the organizer home page for the correct number.

NOTE: For the Locations organizer only, the organizer name portion of OrganizerPath must be Location (singular), not Locations (plural).

Status codes

  • 200 (success)
  • 400 (bad request)
  • 401 (unauthorized; missing or invalid authentication key)

Example

curl https://YOUR-API-ENDPOINT/v1/user-mgmt/end-user-groups/YOUR-GROUP-NAME \
  -H "content-type: application/json" \
  -H "zenoss-api-key: YOUR-API-KEY" \
  -X PUT -s -S -d \
'{
  "name": "mygroup",
  "cloudRoles": [
    "user"
  ],
  "restrictionFilters": [
    "cz0:Devices/HTTP"
  ]
}'
{}
{
    "code": 3,
    "message": "invalid character '\"' after array element"
}

DELETE /v1/user-mgmt/end-user-groups/{group-name}

Delete a user group.

Status codes

  • 200 (success)
  • 401 (unauthorized; missing or invalid authentication key)
  • 404 (not found)

Example

curl https://YOUR-API-ENDPOINT/v1/user-mgmt/end-user-groups/YOUR-GROUP-NAME \
  -H "content-type: application/json" \
  -H "zenoss-api-key: YOUR-API-KEY" \
  -X DELETE
{}
{ 
    "code": 5,
    "message": "No group found by that name"
}