PUT Teams/RemoveTeamMembers

Removes a team member from a team. The team member can be the identity of a person or group with access to Trust Protection Platform. Consider:

  • An owner is a member.
  • If you just want to remove ownership but retain the identity in the group, call PUT Teams/DemoteTeamOwners.
  • Even though you change ownership or the association between an identity and a group, Trust Protection Platform retains the identities.

Requirements

  • Permissions:  The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
  • Token scope:  Configuration:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Team

A PrefixedName for the new local team. For example, PrefixedName:local:Apache Team3.

Members

(Optional) An array of user or group identities to remove from the team. At least one valid identity is required. To get this information, useGET Teams/(prefix)/{universal}, POST Identity/Browse or use the UI.

The syntax varies based on the identity provider. For more information, see Identity Information:

  • AD: Specify a value for PrefixedName or PrefixedUniversal.
  • LDAP: Specify a value for PrefixedName or PrefixedUniversal.
  • Local: Specify values for both a PrefixedName and PrefixedUniversal.

ShowMembers

(Optional) List or omit owners and members from the response:

  • true: List the remaining members.
  • false: Default. Omit the members.

Returns

The response depends on the ShowMembers setting. If ShowMembers is false, this method returns only a HTTP 200 message. Otherwise, Teams/RemoveTeamMembers returns a HTTP 200 message and the following data.

Response description

Name

Description

InvalidMembers

Appears only if there are invalid members. An array of Identity Entry objects. If a local member is invalid, the FullName value is omitted.

Members

An array of all group members. Each member has Identity Entry object.

Message

If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.

  • All identity team owners cannot be deleted.
  • Either the team identity, the members or both are missing.
  • Failed to read the current owners of the team: [Identity Error].
  • Failed to update the team identity owners: [Identity Error].
  • The team identity is not valid or it doesn't exist.

Owners

An array of users who are group owners.

The syntax varies based on the identity provider. For more information, see Identity Information:

  • AD: Specify a value for PrefixedName or PrefixedUniversal.
  • LDAP: Specify a value for PrefixedName or PrefixedUniversal.
  • Local: Specify values for both a PrefixedName and PrefixedUniversal.

Example: Remove members of a local identity group

Request

PUT https://tpp.venafi.example/vedsdk/Teams/RemoveTeamMembers
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Team":{
      "PrefixedName":"local:Apache Team4"
   },
   "Members":[      
      {
          "PrefixedName": "local:Writer",
          "PrefixedUniversal": "{0dc60f5c-314b-44ad-a611-bd42656665d2}"
      }
   ],
   "ShowMembers":true
}

Response

HTTP/1.1 200 OK
{

   "Owners":[
      {
         "PrefixedName":"local:Assistant",
         "PrefixedUniversal":"local:{52cb0fad-8014-4b7d-960c-da579e221f5b }"
      }
   ],
    "Members": [
        {
            "FullName": "CN=bob,CN=Users,DC=venqa,DC=venafi,DC=com",
            "Name": "bob",
            "Prefix": "AD+venqa",
            "PrefixedName": "AD+venqa:bob",
            "PrefixedUniversal": "AD+venqa:77338c27877bd0418c62176f256abd4d",
            "Universal": "77338c27877bd0418c62176f256abd4d"
        },
        {
            "FullName": "CN=group1,OU=Groups,DC=venqa,DC=venafi,DC=com",
            "IsGroup": true,
            "Name": "group1",
            "Prefix": "AD+venqa",
            "PrefixedName": "AD+venqa:group1",
            "PrefixedUniversal": "AD+venqa:30ea418420122f4c84d2490b991e1294",
            "Type": 2,
            "Universal": "30ea418420122f4c84d2490b991e1294"
        }
    ]
}