role_group_targets
Creates, updates, deletes, gets or lists a role_group_targets resource.
Overview
| Name | role_group_targets |
| Type | Resource |
| Id | okta.users.role_group_targets |
Fields
The following fields are returned by SELECT queries:
- list_group_targets_for_role
| Name | Datatype | Description |
|---|---|---|
id | string | Unique ID for the group (example: 0gabcd1234) |
_embedded | object | Embedded resources related to the group |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
created | string (date-time) | Timestamp when the group was created |
lastMembershipUpdated | string (date-time) | Timestamp when the groups memberships were last updated |
lastUpdated | string (date-time) | Timestamp when the group's profile was last updated |
objectClass | array | Determines the group's profile |
profile | | Specifies required and optional properties for a group. The objectClass of a group determines which additional properties are available. You can extend group profiles with custom properties, but you must first add the properties to the group profile schema before you can reference them. Use the Profile Editor in the Admin Console or the Schemas APIto manage schema extensions. Custom properties can contain HTML tags. It is the client's responsibility to escape or encode this data before displaying it. Use best-practices to prevent cross-site scripting. |
type | string | Determines how a group's profile and memberships are managed |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_group_targets_for_role | select | subdomain | after, limit | Lists all group targets for a USER_ADMIN, HELP_DESK_ADMIN, or GROUP_MEMBERSHIP_ADMIN role assignment to an admin user.If the role isn't scoped to specific group targets, an empty array [] is returned. |
assign_group_target_to_user_role | replace | subdomain | Assigns a group target for a USER_ADMIN, HELP_DESK_ADMIN, or GROUP_MEMBERSHIP_ADMIN role assignment to an admin user.When you assign the first group target, you reduce the scope of the role assignment. The role no longer applies to all targets but applies only to the specified target. | |
unassign_group_target_from_user_admin_role | delete | subdomain | Unassigns a group target from a USER_ADMIN, HELP_DESK_ADMIN, or GROUP_MEMBERSHIP_ADMIN role assignment to an admin user.> Note: You can't remove the last group target from a role assignment since this causes an exception. > If you need a role assignment that applies to all groups, delete the role assignment to the user and recreate a new one. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination. |
limit | integer | A limit on the number of objects to return |
SELECT examples
- list_group_targets_for_role
Lists all group targets for a USER_ADMIN, HELP_DESK_ADMIN, or GROUP_MEMBERSHIP_ADMIN role assignment to an admin user.
If the role isn't scoped to specific group targets, an empty array [] is returned.
SELECT
id,
_embedded,
_links,
created,
lastMembershipUpdated,
lastUpdated,
objectClass,
profile,
type
FROM okta.users.role_group_targets
WHERE subdomain = '{{ subdomain }}' -- required
AND after = '{{ after }}'
AND limit = '{{ limit }}';
REPLACE examples
- assign_group_target_to_user_role
Assigns a group target for a USER_ADMIN, HELP_DESK_ADMIN, or GROUP_MEMBERSHIP_ADMIN role assignment to an admin user.
When you assign the first group target, you reduce the scope of the role assignment. The role no longer applies to all targets but applies only to the specified target.
REPLACE okta.users.role_group_targets
SET
-- No updatable properties
WHERE
subdomain = '{{ subdomain }}' --required;
DELETE examples
- unassign_group_target_from_user_admin_role
Unassigns a group target from a USER_ADMIN, HELP_DESK_ADMIN, or GROUP_MEMBERSHIP_ADMIN role assignment to an admin user.
> Note: You can't remove the last group target from a role assignment since this causes an exception.
> If you need a role assignment that applies to all groups, delete the role assignment to the user and recreate a new one.
DELETE FROM okta.users.role_group_targets
WHERE subdomain = '{{ subdomain }}' --required;