Remove Users from Groups
Removes batches of users from existing groups maintained in Access Control using either a CSV file upload (v1) or request payload (v2). You can use the Upload REST API to upload the file to the environment.
Note:
A user is removed from a group only if both of these conditions are met:
- User logins included in the file exist in the identity domain that services the environment
- The user is assigned to an application role in the identity domain
Both APIs provide details about successful and failed user removals, including failure reasons and counts of passed and failed records.
The v1 API requires an ANSI or UTF-8 encoded CSV file containing user login IDs or email addresses. Before running the API, the file must be uploaded to the environment using the Upload REST API. This API can be run only by a Service Administrator in the identity domain from which users are to be removed. The v1 API is asynchronous and returns a Job ID that can be used to monitor the status of the operation.
The v2 API accepts all parameters directly in the request payload. This topic describes the simplified v2 version of the REST API. This version contains all parameters in the payload and does not require URL encoding while calling the REST APIs, which makes the v2 API easier to use. The v2 API is synchronous and returns the outcome of the operation directly in the response.
In v1, a response status of -1 indicates that removing users from the
group is still in progress. Any non-zero status value indicates failure of removing users
from groups.
Required Roles
Service Administrator or any application role and the Access Control - Manage granular role