# Delegated Groups for Delegated Admins As a Delegated Admin you can add or remove users and assign and unassign policies to a selected group of users you manage as part of the delegated policy scope you have been trusted to manage. This topic contains: * [List Users in a Delegated Group](#ListUsersinaDelegatedGroup) * [Update Users for a Delegated Group](#UpdateUsersforaDelegatedGroup) * [Return a List of Delegated Groups](#ReturnaListofDelegatedGroups) * [Return the Attributes of a Delegated Group](#ReturntheAttributesofaDelegatedGroup) * [List the Policies for a Delegated Group](#ListthePoliciesforaDelegatedGroup) * [Attach a Policy to a User](#AttachaPolicytoaUser) * [Detach a Policy from a User](#DetachaPolicyfromaUser) * [Update Multiple Users with a Policy](#UpdateMultipleUserswithaPolicy) * [Update a User with Multiple Policies](#UpdateaUserwithMultiplePolicies) ## List Users in a Delegated Group You can list the users of a Delegated Group using the HTTP GET method for `policy_group_tags` as follows. ```json Sample Request curl -s --location --request GET 'https://{{baseUrl}}/v3/policy_group_tags/{tag}/users' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ ``` ```json Sample Response { "user_ids": [ 1, 2, 3 ] } ``` ## Update Users for a Delegated Group You can add users to a Delegated Group using the HTTP PATCH method for policy group tags endpoint. An Admin and Delegated Admin can tag any user from within the same account. INFO A Delegated Admin cannot tag/untag oneself nor other Delegated Admins. ```json Sample Request curl -s --location --request PATCH 'https://{{baseUrl}}/v3/policy_group_tags/{tag}/users' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ ``` ```json Sample Response { "user_ids": [ 1, 2, 3 ] } ``` ## Return a List of Delegated Groups You can get a list of Delegates Groups using the HTTP GET method and the following endpoint. ```json Sample Request curl -s --location --request GET 'https://{{baseUrl}}/v3/access_control/policy_groups' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ ``` ```json Sample Response [ { "id": 240, "account_id": 6598, "name": "DG 02", "created_at": "2023-12-06T13:02:53Z", "updated_at": "2023-12-06T13:02:53Z", "taggable_name": "DG 02", "description": "DG 02", "policy_count": 0 } ] ``` ## Return the Attributes of a Delegated Group You can get a list of attributes for a Delegated Group using its policy group id and the HTTP GET method the example that follows. ```json Sample Request curl -s --location --request GET 'https://{{baseUrl}}/v3/access_control/policy_groups/{policy_group_id_or_taggable_name}' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ ``` ```json Sample Response { "id": 240, "account_id": 6598, "name": "DG 02", "created_at": "2023-12-06T13:02:53Z", "updated_at": "2023-12-06T13:02:53Z", "taggable_name": "DG 02", "description": "DG 02", "policy_count": 0 } ``` ## List the Policies for a Delegated Group Get a list of policies in a Delegated Group using the HTTP GET method and the following endpoint. ```json Sample Request curl -s --location --request GET 'https://{{baseUrl}}/v3/access_control/policy_groups/{policy_group_id_or_taggable_name}/policies' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ { "policy_ids": [ 67 ] } ``` ```json Sample Response { "policy_ids": [ 67 ] } ``` ## Attach a Policy to a User You can attach a policy to a user using the HTTP POST method and the following endpoints. INFO A Delegated Admin can only attach policies from within a Permission Set Group / Policy Group they manages. ```json Sample Request curl -s --location --request POST 'https://{{baseUrl}}/v3/access_control/policies/{policy_id}/users/{user_id}' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ ``` ## Detach a Policy from a User You can detach a policy from a user using the HTTP DELETE method and one of the following endpoints. ```json Sample Request Option 1 curl -s --location --request DELETE 'https://{{baseUrl}/v3/access_control/policies/{policy_id}/users/{user_id}' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ ``` ```json Sample Request Option 2 curl -s --location --request DELETE 'https://{{baseUrl}/v3/access_control/users/{user_id}/policies/{policy_id}' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ ``` ```json Sample Response { "id": 67, "account_id": 123, "name": "some_policy", "description": "written about the policy", "user_count": 3 } ``` ## Update Multiple Users with a Policy You can update multiple users with a policy in a delegated group using the HTTP PATCH method and the following endpoint. ```json Sample Request curl -s --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/{policy_id}/users ' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ ``` ## Update a User with Multiple Policies ```json Sample Request curl -s --location --request PATCH 'https://{{baseUrl}}/v3/access_control/users/{user_id}/policies' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ -H 'content-type: application/json' \ { "id": 67, "account_id": 123, "name": "some_policy", "description": "written about the policy", "user_count": 3 } ```