PUT Teams/RemoveTeamMembers
Removes a team member from a team. The team member can be the identity of a person or group with access to Trust Protection Platform. Consider:
- An owner is a member.
- If you just want to remove ownership but retain the identity in the group, call PUT Teams/DemoteTeamOwners.
- Even though you change ownership or the association between an identity and a group, Trust Protection Platform retains the identities.
Requirements
- Permissions: The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
- Token scope: Configuration:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Team |
A PrefixedName for the new local team. For example, PrefixedName:local:Apache Team3. |
Members |
(Optional) An array of user or group identities to remove from the team. At least one valid identity is required. To get this information, useGET Teams/(prefix)/{universal}, POST Identity/Browse or use the UI. The syntax varies based on the identity provider. For more information, see Identity Information:
|
ShowMembers |
(Optional) List or omit owners and members from the response:
|
Returns
The response depends on the ShowMembers setting. If ShowMembers is false, this method returns only a HTTP 200 message. Otherwise, Teams/RemoveTeamMembers returns a HTTP 200 message and the following data.
Name |
Description |
---|---|
InvalidMembers |
Appears only if there are invalid members. An array of Identity Entry objects. If a local member is invalid, the FullName value is omitted. |
Members |
An array of all group members. Each member has Identity Entry object. |
Message |
If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.
|
Owners |
An array of users who are group owners. The syntax varies based on the identity provider. For more information, see Identity Information:
|
Example: Remove members of a local identity group
Request
PUT https://tpp.venafi.example/vedsdk/Teams/RemoveTeamMembers Authorization:Bearer 4MyGeneratedBearerTknz== { "Team":{ "PrefixedName":"local:Apache Team4" }, "Members":[ { "PrefixedName": "local:Writer", "PrefixedUniversal": "{0dc60f5c-314b-44ad-a611-bd42656665d2}" } ], "ShowMembers":true }
Response
HTTP/1.1 200 OK { "Owners":[ { "PrefixedName":"local:Assistant", "PrefixedUniversal":"local:{52cb0fad-8014-4b7d-960c-da579e221f5b }" } ], "Members": [ { "FullName": "CN=bob,CN=Users,DC=venqa,DC=venafi,DC=com", "Name": "bob", "Prefix": "AD+venqa", "PrefixedName": "AD+venqa:bob", "PrefixedUniversal": "AD+venqa:77338c27877bd0418c62176f256abd4d", "Universal": "77338c27877bd0418c62176f256abd4d" }, { "FullName": "CN=group1,OU=Groups,DC=venqa,DC=venafi,DC=com", "IsGroup": true, "Name": "group1", "Prefix": "AD+venqa", "PrefixedName": "AD+venqa:group1", "PrefixedUniversal": "AD+venqa:30ea418420122f4c84d2490b991e1294", "Type": 2, "Universal": "30ea418420122f4c84d2490b991e1294" } ]
}