Skip to content

Users Group Membership

Ross Scroggs edited this page Jun 25, 2020 · 36 revisions

Users - Group Membership

Definitions

<DeliverySetting> ::=
        allmail|
        abridged|daily|
        digest|
        disabled|
        none|nomail
<DomainName> ::= <String>(.<String>)+
<EmailAddress> ::= <String>@<DomainName>
<UniqueID> ::= uid:<String>
<GroupItem> ::= <EmailAddress>|<UniqueID>|<String>
<GroupList> ::= "<GroupItem>(,<GroupItem>)*"
<GroupEntity> ::= <GroupList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
<GroupRole> ::= owner|manager|member
<GroupRoleList> ::= "<GroupRole>(,<GroupRole>)*"

Add users to groups

Add each user in <UserTypeEntity> to all of the groups specified by ([<GroupRole>] <GroupEntity>)+. If <GroupRole> is not specified, member is assumed.

gam <UserTypeEntity> add group|groups ([<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)+

Basic Example

$ gam user [email protected] add groups owner [email protected] manager [email protected] member [email protected],[email protected]
User: [email protected], Add to 4 Groups
  Group: [email protected], Owner: [email protected], Added (1/4)
  Group: [email protected], Manager: [email protected], Added (2/4)
  Group: [email protected], Member: [email protected], Added (3/4)
  Group: [email protected], Member: [email protected], Added (4/4)

Advanced Example

Use a CSV file to specify users, groups and roles.

# Desired state
$ more UserGroupRole.csv
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],OWNER,ACTIVE,NONE

# Current state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery

# Add users to groups
$ gam redirect stdout - multiprocess csv UserGroupRole.csv gam user ~User add group ~Role ~Delivery ~Group
Using 5 processes...
User: [email protected], Add to 1 Group
  Group: [email protected], Owner: [email protected], Added
User: [email protected], Add to 1 Group
  Group: [email protected], Member: [email protected], Added
User: [email protected], Add to 1 Group
  Group: [email protected], Member: [email protected], Added
User: [email protected], Add to 1 Group
  Group: [email protected], Member: [email protected], Added
User: [email protected], Add to 1 Group
  Group: [email protected], Manager: [email protected], Added
User: [email protected], Add to 1 Group
  Group: [email protected], Member: [email protected], Added
User: [email protected], Add to 1 Group
  Group: [email protected], Manager: [email protected], Added
User: [email protected], Add to 1 Group
  Group: [email protected], Owner: [email protected], Added

# Final state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],OWNER,ACTIVE,NONE

Delete users from groups

Delete each user in <UserTypeEntity> from all of the groups specified by <GroupEntity>. If <GroupEntity> is not specified, the user will be deleted from all groups of which it is a member.

gam <UserTypeEntity> delete|del group|groups [<GroupEntity>]

Basic Example

$ gam user [email protected] delete groups
User: [email protected], Delete from 4 Groups
  Group: [email protected], Member: [email protected], Deleted (1/4)
  Group: [email protected], Member: [email protected], Deleted (2/4)
  Group: [email protected], Member: [email protected], Deleted (3/4)
  Group: [email protected], Member: [email protected], Deleted (4/4)

Advanced Example

Use a CSV file to specify users and groups.

# Current state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],OWNER,ACTIVE,NONE

# Delete users from groups
$ gam csvkmd users UserGroupRole.csv keyfield User delete groups
User: [email protected], Delete from 4 Groups (1/3)
  Group: [email protected], Member: [email protected], Deleted (1/4)
  Group: [email protected], Member: [email protected], Deleted (2/4)
  Group: [email protected], Member: [email protected], Deleted (3/4)
  Group: [email protected], Member: [email protected], Deleted (4/4)
User: [email protected], Delete from 2 Groups (2/3)
  Group: [email protected], Member: [email protected], Deleted (1/2)
  Group: [email protected], Member: [email protected], Deleted (2/2)
User: [email protected], Delete from 2 Groups (3/3)
  Group: [email protected], Member: [email protected], Deleted (1/2)
  Group: [email protected], Member: [email protected], Deleted (2/2)

# Final state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery

Update users group roles and delivery settings

For each user in <UserTypeEntity> update their current group role and delivery settings.

gam <UserTypeEntity> update groups ([<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)+

Example

# Current state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],OWNER,ACTIVE,NONE

# Desired changes
$ more UserGroupRoleNew.csv
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],OWNER,ACTIVE,DIGEST

# Update roles/delivery settings
$ gam redirect stdout - multiprocess csv UserGroupRoleNew.csv gam user ~User update group ~Role ~Delivery ~Group
Using 3 processes...
User: [email protected], Update to 1 Group
  Group: [email protected], Manager: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Owner: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Owner: [email protected], Updated

# Final state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],OWNER,ACTIVE,DIGEST

Synchronize users group membership

For each user in <UserTypeEntity> get their current group membership and do adds and deletes as necessary to match ([<GroupRole>] <GroupEntity>)+. If <GroupRole> is not specified, member is assumed.

gam <UserTypeEntity> sync group|groups ([<GroupRole>] <GroupEntity>)+

Basic Example

# Current state
$ gam user [email protected] print groups
User,Group,Role
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL

# Update membership
$ gam user [email protected] sync groups owner [email protected] manager [email protected] member [email protected],[email protected]
User: [email protected], Remove from 1 Group
  Group: [email protected], Member: [email protected], Removed
User: [email protected], Add to 1 Group
  Group: [email protected], Owner: [email protected], Added
User: [email protected], Update in 1 Group
  Group: [email protected], Manager: [email protected], Updated

# Final state
$ gam user [email protected] print groups
User,Group,Role
[email protected],[email protected],OWNER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL

Advanced Example

# Current state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL

# Desired state
$ more UserGroupRole.csv
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],OWNER,ACTIVE,NONE

# Update membership
$ gam csvkmd users UserGroupRole.csv keyfield User subkeyfield Role datafield Group sync groups csvdata Group
User: [email protected], Remove from 1 Group (1/3)
  Group: [email protected], Member: [email protected], Removed
User: [email protected], Update to 1 Group (2/3)
  Group: [email protected], Manager: [email protected], Updated
User: [email protected], Add to 1 Group (3/3)
  Group: [email protected], Owner: [email protected], Added

# Intermediate state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],OWNER,ACTIVE,ALL_MAIL

# Update roles/delivery settings
$ gam redirect stdout - multiprocess csv UserGroupRole.csv gam user ~User update group ~Role ~Delivery ~Group
Using 5 processes...
User: [email protected], Update to 1 Group
  Group: [email protected], Member: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Member: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Member: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Manager: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Owner: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Member: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Manager: [email protected], Updated
User: [email protected], Update to 1 Group
  Group: [email protected], Owner: [email protected], Updated

# Final state
$ gam csvkmd users UserGroupRole.csv keyfield User print groups
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MANAGER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],OWNER,ACTIVE,NONE

Display users group membership

It takes one API call to get the list of groups to which a user belongs and one API call per group to get the user's role and delivery settings.

Display data as an indented list.

gam <UserTypeEntity> show groups [roles <GroupRoleList>] [domain <DomainName>]

Display data in CSV format; there is one row per user/group combination including role, status and delivery information.

gam <UserTypeEntity> print groups [roles <GroupRoleList>] [domain <DomainName>] [todrive <ToDriveAttributes>*]

By default, all groups to which a member belongs are displayed, these options allow selection of subsets of groups:

  • roles <GroupRoleList> - Limit display to those groups for which the user has a specific role
  • domain <DomainName> - Limit display to groups in the domain <DomainName>

Display data in CSV format; there is one row per user showing the number and list of groups to which a user directly belongs.

gam <UserTypeEntity> print groupslist [domain <DomainName>] [todrive <ToDriveAttribute>*]
        [delimiter <Character>] [quotechar <Character>]

By default, all groups to which a member belongs are displayed, these options allow selection of subsets of groups:

  • domain <DomainName> - Limit display to groups in the domain <DomainName>

By default, the entries in lists of groups are separated by the csv_output_field_delimiter' from gam.cfg`.

  • delimiter <Character> - Separate list items with <Character>

By default, when writing CSV files, Gam uses a quote character of double quote ". The quote character is used to enclose columns that contain the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled. The quotechar <Character> option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output. quotechar defaults to gam.cfg/csv_output_quote_char.

Examples

$ gam user [email protected] show groups
User: [email protected], Show 4 Groups
  Group: [email protected], Role: OWNER, Status: ACTIVE, Delivery: DIGEST (1/4)
  Group: [email protected], Role: MANAGER, Status: ACTIVE, Delivery: DAILY (2/4)
  Group: [email protected], Role: MEMBER, Status: ACTIVE, Delivery: ALL_MAIL (3/4)
  Group: [email protected], Role: MEMBER, Status: ACTIVE, Delivery: ALL_MAIL (4/4)

$ gam user [email protected] print groups
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],MANAGER,ACTIVE,DAILY
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL
[email protected],[email protected],MEMBER,ACTIVE,ALL_MAIL

$ gam csvkmd users UserGroupRole.csv keyfield User show groups role owner
User: [email protected], Show maximum of 4 Groups (1/3)
  Group: [email protected], Role: OWNER, Status: ACTIVE, Delivery: DIGEST (1/4)
User: [email protected], Show maximum of 2 Groups (2/3)
User: [email protected], Show maximum of 2 Groups (3/3)
  Group: [email protected], Role: OWNER, Status: ACTIVE, Delivery: NONE (2/2)

$ gam csvkmd users UserGroupRole.csv keyfield User print groups role owner
User,Group,Role,Status,Delivery
[email protected],[email protected],OWNER,ACTIVE,DIGEST
[email protected],[email protected],OWNER,ACTIVE,NONE

$ gam users testuser1,testuser2 show groups domain domain.net
User: [email protected], Show maximum of 2 Groups (1/2)
  Group: [email protected], Role: MEMBER (1/2)
  Group: [email protected], Role: MEMBER (2/2)
User: [email protected], Show maximum of 0 Groups (2/2)

$ gam users testuser1,testuser2 print groups domain domain.net
User,Group,Role
[email protected],[email protected],MEMBER
[email protected],[email protected],MEMBER

$ gam users testuser1,testuser2 print groupslist
Getting all Groups for [email protected] (1/2)
Getting all Groups for [email protected] (2/2)
User,Groups,GroupsList
[email protected],6,[email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
[email protected],0,

$ gam config csv_output_row_filter "Groups:count=0" users testuser1,testuser2 print groupslist
Getting all Groups for [email protected] (1/2)
Getting all Groups for [email protected] (2/2)
User,Groups,GroupsList
[email protected],0,

Update History

Installation

Configuration

Notes and Information

Definitions

Command Processing

Collections

Client Access

Special Service Account Access

Service Account Access

Clone this wiki locally