Skip to content

User group resources

Zenoss Cloud manages users as members of groups, not as individuals. To enable access, create a Zenoss Cloud group and assign one or more roles to the group. If you are using an outside identity service, create Zenoss Cloud groups that match the group names in your identity service. For more information, see Managing groups.

Resource list

POST /v1/user-mgmt/end-user-groups

Create a new group.

Request template

An abstract preview of a JSON request to create one group.

{
  "name": "<name>",
  "cloudRoles": [ "<role>" ],
  "restrictionFilters": [ "<filter>" ]
}

Request fields

name (string, required)
A name for the new group.
cloudRoles (array, required)

A list of one or more Zenoss Cloud roles. Use the internal role names, not the display names, for this field.

Internal name Display name
read_only_user Read Only User
user User
key_creator Key Creator
key_administrator Key Administrator
manager Manager

Zenoss Cloud adds the Delegate to Collection Zone role to each new group.

restrictionFilters (array, optional)

A list of one or more restriction filters.

The syntax of a restriction filter is CollectionZoneNumber:OrganizerPath. For example, cz0:Location/Austin.

For most deployments, the value of CollectionZoneNumber is cz0. If your deployment includes multiple Collection Zones, check the URI of the organizer home page for the correct number.

NOTE: For the Locations organizer only, the organizer name portion of OrganizerPath must be Location (singular), not Locations (plural).

Status codes

  • 200 (success)
  • 400 (bad request)
  • 401 (unauthorized; missing or invalid authentication key)

Example

curl https://YOUR-API-ENDPOINT/v1/user-mgmt/end-user-groups \
  -H "content-type: application/json" \
  -H "zenoss-api-key: YOUR-API-KEY" \
  -X POST -s -S -d \
'{
  "name": "mygroup",
  "cloudRoles": [
    "user"
  ],
  "restrictionFilters": [
    "cz0:Devices/HTTP"
  ]
}'

{}

{
  "code": 3,
  "message": "unknown value \"\\\"mgr\\\"\" for enum zenoss.cloud.CloudRoles"
}

GET /v1/user-mgmt/end-user-groups/{group-name}

Get a group.

Status codes

  • 200 (success)
  • 401 (unauthorized; missing or invalid authentication key)
  • 404 (not found)

Example

curl https://YOUR-API-ENDPOINT/v1/user-mgmt/end-user-groups/YOUR-GROUP-NAME \
  -H "content-type: application/json" \
  -H "zenoss-api-key: YOUR-API-KEY" \
  -X GET

{
  "name": "mygroup",
  "cloudRoles": [
    "user"
  ],
  "restrictionFilters": [
    "cz0:Devices/HTTP"
  ]
}

PUT /v1/user-mgmt/end-user-groups/{group-name}

Update an existing group.

Request fields

Update requests use the same fields as create requests. The name field cannot be changed.

Status codes

  • 200 (success)
  • 400 (bad request)
  • 401 (unauthorized; missing or invalid authentication key)

Example

curl https://YOUR-API-ENDPOINT/v1/user-mgmt/end-user-groups/YOUR-GROUP-NAME \
  -H "content-type: application/json" \
  -H "zenoss-api-key: YOUR-API-KEY" \
  -X PUT -s -S -d \
'{
  "name": "mygroup",
  "cloudRoles": [
    "user"
  ],
  "restrictionFilters": [
    "cz0:Devices/HTTP"
  ]
}'

{}

{
    "code": 3,
    "message": "invalid character '\"' after array element"
}

DELETE /v1/user-mgmt/end-user-groups/{group-name}

Delete a user group.

Status codes

  • 200 (success)
  • 401 (unauthorized; missing or invalid authentication key)
  • 404 (not found)

Example

curl https://YOUR-API-ENDPOINT/v1/user-mgmt/end-user-groups/YOUR-GROUP-NAME \
  -H "content-type: application/json" \
  -H "zenoss-api-key: YOUR-API-KEY" \
  -X DELETE

{}

{ 
    "code": 5,
    "message": "No group found by that name"
}