Create Group

Create an Active Directory, Lightweight Directory Access Protocol, or Keystone group.

Request

Security

Table 1. Roles capable of executing the Create Group API method
Any Super User System Admin Security Admin Operator
  superUser   securityAdmin  

HTTP method

POST /manager/api/{apiResponseType}/createGroup.adm HTTP/1.1 HOST:{manager.dsnet} groupType={ldap|keystone}&distinguishedName={distinguishedNameOfGroup}

Curl method

curl -u {admin}:{password} -k “https://{manager.dsnet}/manager/api/{apiResponseType}/createGroup.adm” -d “groupType=ldap&distinguishedName={distinguishedNameOfGroup}”

Parameters

Table 2. Request Parameters for Create Group (createGroup) API method
Parameter Type Usage Default Description
groupType String Optional ldap ldap/oidc - external group that exists on LDAP server/OIDC provider.
distinguishedName String groupType=ldap  

The Distinguished Name (DN) is the name that uniquely identifies a group entry in the directory. A DN is made up of attribute=value pairs, which are separated by commas. The order of the component attribute value pairs is important.

DNs begin with the most specific attribute (usually some sort of name such as CN [Common Name]), and continue with progressively broader attributes, often ending with a country attribute. It identifies an entry distinctly from any other entries that have the same parent.

CN=Development,OU=Group,
OU=Internal,DC=Cleversafe,DC=com
keystoneType String groupType=keystone project
  • project - the group name and domain are to be associated with a Keystone project.
  • group - the group name and domain are to be associated with a Keystone group.
keystoneName String groupType=keystone  

The name of the group or project that is managed in Keystone.

keystoneDomain String groupType=keystone  

The name of the domain that is associated with the Keystone group or project.

alias String Optional  

Friendly name to give to the group.

rolesMap Set[{role}] Optional  

Key is name of role string including:

  • admin
  • systemAdmin
  • securityAdmin
  • operator
  • vaultProvisioner
  • readOnlySystemAdmin
  • readOnlySecurityAdmin

An account cannot be assigned with readOnlysystemAdmin/SystemAdmin or readOnlySecurityOfficer/securityOfficer together at the same time.

vaultUserPermissions Map[{vaultId}] Optional disabled

With specific vault ID, set vault access permissions to one of four options.

  • disabled
  • owner
  • readOnly
  • readWrite

Multiple vaultUserPermission[{vaultId}] parameters can be passed as part of the editGroup call.

vaultUserPermission[1]=disabled
&vaultUserPermission[2]=owner
defaultDevicePermission String Optional noAccess Default access permission that can be set on all devices except manager that will enable user to perform actions using nut interface.
Can be 1 of 4 options
  • noAccess
  • readOnlyAccess
  • readWriteAccess
  • rootAccess
managerDevicePermission String Optional noAccess Manager access permission that is specific to manager devices to enable user to perform actions using nut interface. Can be 1 of 4 options as listed above.
siteDevicePermissions Map[{siteId}] Optional noAccess For specific site ID, device access permission can be set to 1 of 4 options, as listed above.
regionDevicePermissions Map{regionId} Optional noAccess For specific region ID, device access permission can be set to 1 of 4 options, as listed above.
claimValue String Required if groupType = oidc   The value of the group claim that identifies a group within the configured OIDC provider.

Response

Success or failure status. On a successful group creation, the generated group ID is returned.

JSON response example

{
  “responseData”: {
    “id”: 1
  },
  “responseHeader”: {
    “status”: “ok”,
    “now”: 1407336578434,
    “requestId”: null
  },
  “responseStatus”: “ok”
}