Search transitive groups of a member. Note: This feature is only available to Google Workspace Enterprise Standard, Enterprise Plus, and Enterprise for Education; and Cloud Identity Premium accounts. If the account of the member is not one of these, a 403 (PERMISSION_DENIED) HTTP status code will be returned. A transitive group is any group that has a direct or indirect membership to the member. Actor must have view permissions all transitive groups.

Scopes

You will need authorization for at least one of the following scopes to make a valid call:

• https://www.googleapis.com/auth/cloud-identity.groups
• https://www.googleapis.com/auth/cloud-identity.groups.readonly
• https://www.googleapis.com/auth/cloud-platform

If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-identity.groups.readonly. You can set the scope for this method like this: cloudidentity1 --scope <scope> groups memberships-search-transitive-groups ...

Required Scalar Argument

• <parent> (string)
  • Resource name of the group to search transitive memberships in. Format: groups/{group}, where group is always '-' as this API will search across all groups for a given member.

Optional Output Flags

The method's return value a JSON encoded structure, which will be written to standard output by default.

• -o out
  • out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.

Optional Method Properties

You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness.

• -p page-size=integer

  • The default page size is 200 (max 1000).

• -p page-token=string

  • The next_page_token value returned from a previous list request, if any.

• -p query=string

  • Required. A CEL expression that MUST include member specification AND label(s). This is a required field. Users can search on label attributes of groups. CONTAINS match ('in') is supported on labels. Identity-mapped groups are uniquely identified by both a member_key_id and a member_key_namespace, which requires an additional query input: member_key_namespace. Example query: member_key_id == 'member_key_id_value' && in labels Query may optionally contain equality operators on the parent of the group restricting the search within a particular customer, e.g. parent == 'customers/{customer_id}'. The customer_id must begin with "C" (for example, 'C046psxkn'). This filtering is only supported for Admins with groups read permissons on the input customer. Example query: member_key_id == 'member_key_id_value' && in labels && parent == 'customers/C046psxkn'

Optional General Properties

The following properties can configure any call, and are not specific to this method.

• -p $-xgafv=string

  • V1 error format.

• -p access-token=string

  • OAuth access token.

• -p alt=string

  • Data format for response.

• -p callback=string

  • JSONP

• -p fields=string

  • Selector specifying which fields to include in a partial response.

• -p key=string

  • API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

• -p oauth-token=string

  • OAuth 2.0 token for the current user.

• -p pretty-print=boolean

  • Returns response with indentations and line breaks.

• -p quota-user=string

  • Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

• -p upload-type=string

  • Legacy upload protocol for media (e.g. "media", "multipart").

• -p upload-protocol=string

  • Upload protocol for media (e.g. "raw", "multipart").