Remove a User from a Batch of Groups

Removes a user from a batch of groups listed in an ANSI or UTF-8 encoded CSV file maintained in Access Control. You can use the Upload REST API to upload the file to the environment. The file format is as follows:

Group Name

Note: You cannot remove your own account from a group. A user is removed from groups only if these conditions are met:

  • The user must exist in the identity domain that services the environment
  • The user must be assigned to a pre-defined role in the identity domain
  • The groups provided must exist in Access Control and must not be pre-defined groups

Additionally, the user running this API must be authorized to perform this action. This API should be run only by a service administrator in the environment where a user is to be removed from the groups. With this API, you can see which records failed and the reason why they failed in addition to how many records passed and failed.

The presence of status -1 in the response indicates that the removal in progress. Use the job status URI to determine whether the removal is complete. Any non-zero status except -1 indicates failure.

This API is version v1.

Before using the REST resources, you must understand how to access the REST resources and other important concepts. See About the REST APIs. Using this REST API requires prerequisites. See Prerequisites.

Table 8-23 Tasks for Remove a User from a Batch of Groups

Task Request REST Resource
Remove a user from groups PUT /interop/rest/security/<api_version>/groups
Remove a user from groups status GET /interop/rest/security/<api_version>/jobs/<jobId>

REST Resource

PUT /interop/rest/security/<api_version>/groups

Supported Media Types: application/x-www-form-urlencoded


The following table summarizes the request parameters.

Table 8-24 Parameters

Name Description Type Required Default
api_version Specific API version Path Yes None
jobtype The string should have the value REMOVE_USER_FROM_GROUPS. This value denotes that the user is being removed from the groups. Form Yes None

The name of the uploaded ANSI or UTF-8 encoded CSV file containing information on the groups from which the user is to be removed, for example, removeUserFromGroups.csv.

The file must have been uploaded already using the Upload REST API.

File format:

Group Name



Form Yes None
username The name of the user to remove from the provided list of groups. This user must already exist. Form Yes None


Supported Media Types: application/json


Table 8-25 Parameters

Name Description
details In the case of errors, details are published with the error string
status See Migration Status Codes
links Detailed information about the link
href Links to API call or status API
action The HTTP call type
rel Possible values: self or Job Status. If the value is set to Job Status, you can use the href to get the status of the recreate service
data Parameters as key value pairs passed in the request
items Details about the resource
links Details of the first URL to be requested to get the job details; rel is "Job Details"

Example of Response Body in JSON format

Example 1: Response when the job is in progress

"filename": "Groups.csv",
"username": "Joe"

Example 2: Response when the job completes with errors

  "links": [
      "rel": "self",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX><api_version>/jobs/<jobId>",
      "data": null,
      "action": "GET"
  "details": "Failed to remove user from groups. File <filename> is not found. Please provide a valid file name.",
  "status": 1,
  "items": null

Example 3: Response when the job completes with no errors

  "links": [
      "rel": "self",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX><api_version>/jobs/<jobId>",
      "data": null,
      "action": "GET"
  "details": "Processed - 3, Succeeded - 1, Failed - 2.",
  "status": 0,
  "items": [
				"GroupName":"<GROUPNAME>","Error_Details": "Group <GROUPNAME> is not found. Please verify that the group exists in the system."

{				"GroupName":"<GROUPNAME>","Error_Details": "Group <GROUPNAME> is not found. Please verify that the group exists in the system."

Example 8-15 Java Sample Code

Prerequisites: json.jar

Common Functions: See CSS Common Helper Functions for Java

public void removeUserFromGroups(String fileName, String userName) {
		try {
			String url = this.serverUrl + "/interop/rest/security/" + apiVersion + "/groups";
			Map<String, String> reqHeaders = new HashMap<String, String>();
			reqHeaders.put("Authorization", "Basic " + DatatypeConverter
					.printBase64Binary((this.userName + ":" + this.password).getBytes(Charset.defaultCharset())));

			Map<String, String> reqParams = new HashMap<String, String>();
			reqParams.put("filename", fileName);
			reqParams.put("jobtype", "REMOVE_USER_FROM_GROUPS");
			reqParams.put("username", userName);

			Map<String, String> restResult = CSSRESTHelper.callRestApi(new HashMap(), url, reqHeaders, reqParams,
			String jobStatus = CSSRESTHelper.getCSSRESTJobCompletionStatus(restResult, reqHeaders);
		} catch (Exception e) {

Example 8-16 Shell Script Sample Code

Prerequisites: jq (

Common Functions: See CSS Common Helper Functions for cURL.

funcRemoveUserFromGroups() {
        header="Content-Type: application/x-www-form-urlencoded"
        statusMessage=$(funcCSSRESTHelper "PUT" "$url" "$header" "$USERNAME" "$PASSWORD" "$params" "$cssRESTAPI")
        echo $statusMessage

Groovy Sample Code

Common Functions: See CSS Common Helper Functions for Groovy

def removeUserFromGroups(fileName, userName) {

	String scenario = "Removing users in " + fileName + " from group " + userName;
	String params = "jobtype=REMOVE_USER_FROM_GROUPS&filename="+ fileName +"&username="+ userName;
	def url = null;
	def response = null;
	try {
		url = new URL(serverUrl + "/interop/rest/security/" + apiVersion + "/groups");
	} catch (MalformedURLException e) {
		println "Please enter a valid URL"
	response = executeRequest(url, "PUT", params, "application/x-www-form-urlencoded");
	if (response != null) {
		getJobStatus(getUrlFromResponse(scenario, response, "Job Status"), "GET");