Check a potential member for membership in a group. Note: This feature is only available to Google Workspace Enterprise Standard, Enterprise Plus, and Enterprise for Education; and Cloud Identity Premium accounts. If the account of the member is not one of these, a 403 (PERMISSION_DENIED) HTTP status code will be returned. A member has membership to a group as long as there is a single viewable transitive membership between the group and the member. The actor must have view permissions to at least one transitive membership between the member and group.
Scopes
You will need authorization for at least one of the following scopes to make a valid call:
- https://www.googleapis.com/auth/cloud-identity.groups
- https://www.googleapis.com/auth/cloud-identity.groups.readonly
- https://www.googleapis.com/auth/cloud-platform
If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-identity.groups.readonly.
You can set the scope for this method like this: cloudidentity1 --scope <scope> groups memberships-check-transitive-membership ...
Required Scalar Argument
- <parent> (string)
- Resource name of the group to check the transitive membership in. Format:
groups/{group}, wheregroupis the unique id assigned to the Group to which the Membership belongs to.
- Resource name of the group to check the transitive membership in. Format:
Optional Output Flags
The method's return value a JSON encoded structure, which will be written to standard output by default.
- -o out
- out specifies the destination to which to write the server's result to.
It will be a JSON-encoded structure.
The destination may be
-to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.
- out specifies the destination to which to write the server's result to.
It will be a JSON-encoded structure.
The destination may be
Optional Method Properties
You may set the following properties to further configure the call. Please note that -p is followed by one
or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the
-p for completeness.
- -p query=string
- Required. A CEL expression that MUST include member specification. This is a
requiredfield. Certain groups are uniquely identified by both a 'member_key_id' and a 'member_key_namespace', which requires an additional query input: 'member_key_namespace'. Example query:member_key_id == 'member_key_id_value'
- Required. A CEL expression that MUST include member specification. This is a
Optional General Properties
The following properties can configure any call, and are not specific to this method.
-
-p $-xgafv=string
- V1 error format.
-
-p access-token=string
- OAuth access token.
-
-p alt=string
- Data format for response.
-
-p callback=string
- JSONP
-
-p fields=string
- Selector specifying which fields to include in a partial response.
-
-p key=string
- API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
-
-p oauth-token=string
- OAuth 2.0 token for the current user.
-
-p pretty-print=boolean
- Returns response with indentations and line breaks.
-
-p quota-user=string
- Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
-
-p upload-type=string
- Legacy upload protocol for media (e.g. "media", "multipart").
-
-p upload-protocol=string
- Upload protocol for media (e.g. "raw", "multipart").