Skip to main content

Manage users and groups through API

You can use the Imply Polaris Identity management API to manage users and groups.

The Identity management API enables you to perform the following tasks:

  • List all permissions for an organization
  • Create, update, and delete users
  • Create, update, and delete groups
  • Retrieve information for a specific user or a group

This topic explains how to use the Identity management API to create and manage users and groups. For information on managing users and groups in the UI, see Add users to an organization and Manage user groups respectively.

Prerequisites

You must have an API key with the AdministerUsers permission. In the examples below, Polaris reads the key value from an environment variable POLARIS_API_KEY. See Authenticate with API keys to obtain an API key and assign permissions. For more information on permissions, see Permissions reference.

When running the code in the examples, replace ORGANIZATION_NAME with the custom domain through which you access Polaris.

List all permissions

Permissions determine the operations a user can perform. To list all permissions for an organization, send a GET request to the /v1/permissions endpoint.

Sample request

The following request shows how to retrieve a list of permissions for an organization:

curl --location --request GET "https://ORGANIZATION_NAME.app.imply.io/v1/permissions" \
--user ${POLARIS_API_KEY}: \
--header "Content-Type: application/json" \

Sample response

A successful request returns a 200 OK response and the list of permissions.

Show the response
{
"values": [
{
"name": "ManageDashboards",
"resources": [
"projects/*"
]
},
{
"name": "ManageCollections",
"resources": [
"projects/*"
]
},
{
"name": "AdministerEmbedLinks",
"resources": [
"projects/*"
]
},
{
"name": "ReadDataSources",
"resources": [
"projects/*"
]
},
{
"name": "ManageFiles",
"resources": [
"projects/*"
]
},
{
"name": "AdministerProjects"
},
{
"name": "CreateElevatedAlerts",
"resources": [
"projects/*"
]
},
{
"name": "AdministerAlerts",
"resources": [
"projects/*"
]
},
{
"name": "AdministerQueries",
"resources": [
"projects/*"
]
},
{
"name": "AdministerApiKeys"
},
{
"name": "AccessMetrics",
"resources": [
"projects/*"
]
},
{
"name": "AccessVisualization",
"resources": [
"projects/*"
]
},
{
"name": "AccessScaling",
"resources": [
"projects/*"
]
},
{
"name": "AdministerBilling",
"description": "Allows clients to see and update payment info"
},
{
"name": "ManageAlertsWebhooks",
"resources": [
"projects/*"
]
},
{
"name": "ManageConnections",
"resources": [
"projects/*"
]
},
{
"name": "ManageDataCubes",
"resources": [
"projects/*"
]
},
{
"name": "ManageReports",
"resources": [
"projects/*"
]
},
{
"name": "AccessAlerts",
"resources": [
"projects/*"
]
},
{
"name": "AccessCollections",
"resources": [
"projects/*"
]
},
{
"name": "AdministerClients"
},
{
"name": "ManageTables",
"resources": [
"projects/*"
]
},
{
"name": "AccessReports",
"resources": [
"projects/*"
]
},
{
"name": "AdministerScaling",
"resources": [
"projects/*"
]
},
{
"name": "AccessQueries",
"resources": [
"projects/*"
]
},
{
"name": "AccessQueryRawData",
"resources": [
"projects/*"
]
},
{
"name": "AccessMonitorQueries",
"resources": [
"projects/*"
]
},
{
"name": "ManageApiKeys"
},
{
"name": "AdministerDataCubes",
"resources": [
"projects/*"
]
},
{
"name": "ManageProjects",
"resources": [
"projects/*"
]
},
{
"name": "ViewTables",
"resources": [
"projects/*"
]
},
{
"name": "ManageIngestionJobs",
"resources": [
"projects/*"
]
},
{
"name": "AdministerUsers"
},
{
"name": "AdministerReports",
"resources": [
"projects/*"
]
},
{
"name": "AdministerCustomizations"
},
{
"name": "AccessDownloadData",
"resources": [
"projects/*"
]
},
{
"name": "AdministerDashboards",
"resources": [
"projects/*"
]
},
{
"name": "AccessDownloadLargeData",
"resources": [
"projects/*"
]
},
{
"name": "ManageAlerts",
"resources": [
"projects/*"
]
}
]
}

List all groups

A group is a collection of permissions. When you add a user to a group, you apply all of the group's permissions to that user.

Polaris provides predefined groups that correspond to specific organizational roles. You can also create custom groups with finer-grained access control. Before you create a new group, it is a good practice to verify that a similar group does not already exist for your organization.

To list all groups for an organization, send a GET request to the /v1/groups endpoint.

Sample request

The following request shows how to retrieve a list of groups for an organization:

curl --location --request GET "https://ORGANIZATION_NAME.app.imply.io/v1/groups" \
--user ${POLARIS_API_KEY}: \
--header "Content-Type: application/json" \

Sample response

A successful request returns a 200 OK response and the list of groups.

Show the response
{
"values": [
{
"id": "de7af765-6235-4b18-a5ab-2314e28c9e0d",
"name": "Data Analyst",
"readOnly": true,
"permissions": [
{
"name": "AccessQueries",
"resources": [
"projects/*"
]
},
{
"name": "ManageDashboards",
"resources": [
"projects/*"
]
},
{
"name": "ManageCollections",
"resources": [
"projects/*"
]
},
{
"name": "ViewTables",
"resources": [
"projects/*"
]
},
{
"name": "ManageDataCubes",
"resources": [
"projects/*"
]
},
{
"name": "AccessAlerts",
"resources": [
"projects/*"
]
},
{
"name": "AccessCollections",
"resources": [
"projects/*"
]
},
{
"name": "AccessVisualization",
"resources": [
"projects/*"
]
},
{
"name": "AccessScaling",
"resources": [
"projects/*"
]
},
{
"name": "AccessReports",
"resources": [
"projects/*"
]
},
{
"name": "AccessDownloadData",
"resources": [
"projects/*"
]
},
{
"name": "AccessDownloadLargeData",
"resources": [
"projects/*"
]
}
],
"userCount": 9
},
{
"id": "6b7612cf-7687-4d6e-a036-665655f20550",
"name": "Data Manager",
"readOnly": true,
"permissions": [
{
"name": "ManageDashboards",
"resources": [
"projects/*"
]
},
{
"name": "ManageCollections",
"resources": [
"projects/*"
]
},
{
"name": "ManageFiles",
"resources": [
"projects/*"
]
},
{
"name": "AdministerQueries",
"resources": [
"projects/*"
]
},
{
"name": "AccessMetrics",
"resources": [
"projects/*"
]
},
{
"name": "AccessVisualization",
"resources": [
"projects/*"
]
},
{
"name": "AccessScaling",
"resources": [
"projects/*"
]
},
{
"name": "ManageAlertsWebhooks",
"resources": [
"projects/*"
]
},
{
"name": "ManageConnections",
"resources": [
"projects/*"
]
},
{
"name": "ManageReports",
"resources": [
"projects/*"
]
},
{
"name": "ManageDataCubes",
"resources": [
"projects/*"
]
},
{
"name": "AccessAlerts",
"resources": [
"projects/*"
]
},
{
"name": "AccessCollections",
"resources": [
"projects/*"
]
},
{
"name": "ManageTables",
"resources": [
"projects/*"
]
},
{
"name": "AccessReports",
"resources": [
"projects/*"
]
},
{
"name": "AdministerScaling",
"resources": [
"projects/*"
]
},
{
"name": "AccessQueries",
"resources": [
"projects/*"
]
},
{
"name": "AccessQueryRawData",
"resources": [
"projects/*"
]
},
{
"name": "AccessMonitorQueries",
"resources": [
"projects/*"
]
},
{
"name": "ManageApiKeys"
},
{
"name": "ManageProjects",
"resources": [
"projects/*"
]
},
{
"name": "ViewTables",
"resources": [
"projects/*"
]
},
{
"name": "ManageIngestionJobs",
"resources": [
"projects/*"
]
},
{
"name": "AccessDownloadData",
"resources": [
"projects/*"
]
},
{
"name": "AccessDownloadLargeData",
"resources": [
"projects/*"
]
},
{
"name": "ManageAlerts",
"resources": [
"projects/*"
]
}
],
"userCount": 163
},
{
"id": "540cbe7b-c283-4824-804e-566a3d22f3ac",
"name": "Organization Admin",
"readOnly": true,
"permissions": [
{
"name": "ManageDashboards",
"resources": [
"projects/*"
]
},
{
"name": "ManageCollections",
"resources": [
"projects/*"
]
},
{
"name": "AdministerEmbedLinks",
"resources": [
"projects/*"
]
},
{
"name": "ManageFiles",
"resources": [
"projects/*"
]
},
{
"name": "AdministerProjects"
},
{
"name": "AdministerQueries",
"resources": [
"projects/*"
]
},
{
"name": "AdministerAlerts",
"resources": [
"projects/*"
]
},
{
"name": "AdministerApiKeys"
},
{
"name": "AccessMetrics",
"resources": [
"projects/*"
]
},
{
"name": "AccessVisualization",
"resources": [
"projects/*"
]
},
{
"name": "AccessScaling",
"resources": [
"projects/*"
]
},
{
"name": "ManageAlertsWebhooks",
"resources": [
"projects/*"
]
},
{
"name": "AdministerBilling"
},
{
"name": "ManageConnections",
"resources": [
"projects/*"
]
},
{
"name": "ManageReports",
"resources": [
"projects/*"
]
},
{
"name": "ManageDataCubes",
"resources": [
"projects/*"
]
},
{
"name": "AdministerClients"
},
{
"name": "AccessAlerts",
"resources": [
"projects/*"
]
},
{
"name": "AccessCollections",
"resources": [
"projects/*"
]
},
{
"name": "ManageTables",
"resources": [
"projects/*"
]
},
{
"name": "AccessReports",
"resources": [
"projects/*"
]
},
{
"name": "AdministerScaling",
"resources": [
"projects/*"
]
},
{
"name": "AccessQueries",
"resources": [
"projects/*"
]
},
{
"name": "AccessQueryRawData",
"resources": [
"projects/*"
]
},
{
"name": "AccessMonitorQueries",
"resources": [
"projects/*"
]
},
{
"name": "ManageProjects",
"resources": [
"projects/*"
]
},
{
"name": "ViewTables",
"resources": [
"projects/*"
]
},
{
"name": "AdministerDataCubes",
"resources": [
"projects/*"
]
},
{
"name": "ManageIngestionJobs",
"resources": [
"projects/*"
]
},
{
"name": "AdministerUsers"
},
{
"name": "AdministerReports",
"resources": [
"projects/*"
]
},
{
"name": "AdministerCustomizations"
},
{
"name": "AdministerDashboards",
"resources": [
"projects/*"
]
},
{
"name": "AccessDownloadData",
"resources": [
"projects/*"
]
},
{
"name": "AccessDownloadLargeData",
"resources": [
"projects/*"
]
},
{
"name": "ManageAlerts",
"resources": [
"projects/*"
]
}
],
"userCount": 39
},
{
"id": "d919f276-7857-4b59-a616-0c2540fb4ad1",
"name": "Viewer",
"readOnly": true,
"permissions": [
{
"name": "ViewTables",
"resources": [
"projects/*"
]
},
{
"name": "AccessCollections",
"resources": [
"projects/*"
]
},
{
"name": "AccessVisualization",
"resources": [
"projects/*"
]
}
],
"userCount": 18
}
]
}

Create a group

If none of the predefined groups satisfy your requirements, you can create a custom group with a specific set of permissions. To create a group, send a POST request to the /v1/groups endpoint. For a description of required parameters, see the Create a group documentation.

Provide the following details, at a minimum, to create a group:

  • Group name: The name of the group.
  • Group permissions:
    • Permission name: The name of the permission. See Permissions reference for available permissions.
    • Permission resources: The list of projects this permission will apply to. You can use "projects/*" to apply the permission to all existing and future projects or you can scope the permission to a specific project by specifying the project ID, for example: "projects/45c024f4-1254-4b58-8207-4111d2f80669".

The following example shows a group request to create a user group named Alerts and reports that has AdministerReports and AdministerAlerts permissions scoped to two projects:

{
"name": "Alerts and reports",
"permissions": [
{
"name": "AdministerReports",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "AdministerAlerts",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
}
]
}

If you don't know the project ID, you can send a GET request to the /v1/projects endpoint. It returns a list of projects for an organization.

Sample request

The following request creates a custom group named Alerts and reports:

curl --location --request POST "https://ORGANIZATION_NAME.app.imply.io/v1/groups" \
--user ${POLARIS_API_KEY}: \
--header "Content-Type: application/json" \
--data-raw '{
"name": "Alerts and reports",
"permissions": [
{
"name": "AdministerReports",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "AdministerAlerts",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
}
]
}'

Sample response

A successful request returns a 201 Created response and the details of the group:

{
"id": "b694b590-8496-44c3-8994-078db6a09dbf",
"name": "Alerts and reports",
"readOnly": false,
"permissions": [
{
"name": "AdministerReports",
"resources": [
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a",
"projects/45c024f4-1254-4b58-8207-4111d2f80669"
]
},
{
"name": "AdministerAlerts",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
}
],
"userCount": 0
}

Create a user with group membership

To add a user to a group when the user is first created, send a POST request to the /v1/users endpoint. Pass a list of group IDs to the groups property in the user object. For a description of required parameters, see the Create a user documentation.

Sample request

The following example shows how to create a new user and add that user to the Alerts and reports group. Note that the groups property contains the group ID b694b590-8496-44c3-8994-078db6a09dbf that corresponds to the Alerts and reports group. When you assign users to groups, use the group ID instead of the group name.

curl --location --request POST "https://ORGANIZATION_NAME.app.imply.io/v1/users" \
--user ${POLARIS_API_KEY}: \
--header "Content-Type: application/json" \
--data-raw '{
"username": "dani.lee@example.io",
"firstName": "Dani",
"lastName": "Lee",
"groups": [
{
"id": "b694b590-8496-44c3-8994-078db6a09dbf"
}
]
}'

Sample response

A successful request returns a 201 Created response and the details of the user:

{
"id": "880f6811-7e85-47ce-b3c5-a57a85ab95bd",
"username": "dani.lee@example.io",
"email": "dani.lee@example.io",
"firstName": "Dani",
"lastName": "Lee",
"enabled": true,
"emailVerified": false,
"permissions": [],
"groups": [
{
"id": "b694b590-8496-44c3-8994-078db6a09dbf",
"name": "Alerts and reports"
}
],
"identities": [],
"actions": [
"VERIFY_EMAIL",
"UPDATE_PASSWORD"
],
"createdOn": "2023-09-21T02:45:09.205Z"
}

Update a user

To update a user, send a PUT request to the /v1/users/ID endpoint. Replace the ID path parameter with the ID of the user you want to update. You must provide all properties you want to retain in the user object, even if you don't want to update them. Polaris recreates the user with the details you specify in the request.

The username and email properties of the user object cannot be modified. For more information, see the Update a user documentation.

Sample request

The following example shows how to add a user with the ID 880f6811-7e85-47ce-b3c5-a57a85ab95bd to the Viewer group. The ID of the Viewer group is d919f276-7857-4b59-a616-0c2540fb4ad1.

curl --location --request PUT "https://ORGANIZATION_NAME.app.imply.io/v1/users/880f6811-7e85-47ce-b3c5-a57a85ab95bd" \
--user ${POLARIS_API_KEY}: \
--header "Content-Type: application/json" \
--data-raw '{
"username": "dani.lee@example.io",
"email": "dani.lee@example.io",
"firstName": "Dani",
"lastName": "Lee",
"enabled": true,
"groups": [
{
"id": "b694b590-8496-44c3-8994-078db6a09dbf"
},
{
"id": "d919f276-7857-4b59-a616-0c2540fb4ad1"
}
]
}'

Sample response

A successful request returns a 200 OK response and the details of the user:

{
"id": "880f6811-7e85-47ce-b3c5-a57a85ab95bd",
"username": "dani.lee@example.io",
"email": "dani.lee@example.io",
"firstName": "Dani",
"lastName": "Lee",
"enabled": true,
"emailVerified": false,
"permissions": [],
"groups": [
{
"id": "b694b590-8496-44c3-8994-078db6a09dbf",
"name": "Alerts and reports"
},
{
"id": "d919f276-7857-4b59-a616-0c2540fb4ad1",
"name": "Viewer"
}
],
"identities": [],
"actions": [
"UPDATE_PASSWORD",
"VERIFY_EMAIL"
],
"createdOn": "2023-09-21T02:45:09.205Z"
}

Reset password

To reset a user's password, specify "actions": ["UPDATE_PASSWORD"] in the request payload of the PUT request. The user will receive a "Password Reset Request" email from Imply Polaris prompting them to reset their password.

List user permissions

To list all permissions applied to a user through group membership, send a GET request to the /v1/users/ID/effectivepermissions endpoint. Replace the ID path parameter with the ID of the user.

Sample request

The following example shows how to retrieve a list of permissions applied to a user:

curl --location --request GET "https://ORGANIZATION_NAME.app.imply.io/v1/users/880f6811-7e85-47ce-b3c5-a57a85ab95bd/effectivepermissions" \
--user ${POLARIS_API_KEY}: \
--header "Content-Type: application/json" \

Sample response

A successful request returns a 200 OK response and the list of permissions.

Show the response
{
"values": [
{
"name": "AccessVisualization",
"resources": [
"projects/*"
]
},
{
"name": "AccessCollections",
"resources": [
"projects/*"
]
},
{
"name": "ViewTables",
"resources": [
"projects/*"
]
},
{
"name": "AccessDownloadData",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "ManageAlerts",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "AccessReports",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "ManageAlertsWebhooks",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "ManageReports",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "AdministerAlerts",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "AccessAlerts",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "AdministerReports",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
},
{
"name": "AccessDownloadLargeData",
"resources": [
"projects/45c024f4-1254-4b58-8207-4111d2f80669",
"projects/5c9116aa-91ae-41f3-b484-8e45300c961a"
]
}
]
}

Add users to a group

To add one or more users to a group, send a POST request to the /v1/groups/ID/members endpoint. Replace the ID path parameter with the ID of the group. For more information, see the Add users to a group documentation.

Sample request

The following example shows how to add two new users to the Alerts and reports group, ID b694b590-8496-44c3-8994-078db6a09dbf. Note that the payload is an array of user objects.

curl --location --request POST "https://ORGANIZATION_NAME.app.imply.io/v1/groups/b694b590-8496-44c3-8994-078db6a09dbf/members" \
--user ${POLARIS_API_KEY}: \
--header "Content-Type: application/json" \
--data-raw '[
{"id": "d88d4e47-d6ed-4820-880e-c0564ce99752"},
{"id": "48b08425-7393-4730-bb7d-736e69ef1d92"}
]'

Sample response

A successful request returns a 200 OK response.

List all group members

To retrieve a list of group members, send a GET request to the /v1/groups/ID/members endpoint. Replace the ID path parameter with the ID of the group.

Sample request

The following example shows how to retrieve a list of group members for group ID b694b590-8496-44c3-8994-078db6a09dbf:

curl --location --request GET "https://ORGANIZATION_NAME.app.imply.io/v1/groups/b694b590-8496-44c3-8994-078db6a09dbf/members" \
--user ${POLARIS_API_KEY}: \
--header "Content-Type: application/json" \

Sample response

A successful request returns a 200 OK response and the list of group members.

Show the response
{
"values": [
{
"id": "d88d4e47-d6ed-4820-880e-c0564ce99752",
"username": "alex.smith@email.com",
"email": "alex.smith@email.com",
"firstName": "Alex",
"lastName": "Smith"
},
{
"id": "48b08425-7393-4730-bb7d-736e69ef1d92",
"username": "alexa.smith@example.com",
"email": "alexa.smith@example.com",
"firstName": "Alexa",
"lastName": "Smith"
},
{
"id": "880f6811-7e85-47ce-b3c5-a57a85ab95bd",
"username": "dani.lee@example.io",
"email": "dani.lee@example.io",
"firstName": "Dani",
"lastName": "Lee"
}
],
"count": 3
}

Learn more

See the following topics for more information: