2017-05-10 14:48:07 -04:00
# Group and project members API
2016-06-23 11:14:31 -04:00
2020-07-09 14:10:09 -04:00
## Valid access levels
2016-06-23 11:14:31 -04:00
The access levels are defined in the `Gitlab::Access` module. Currently, these levels are recognized:
2020-06-08 17:09:17 -04:00
- No access (`0`)
- Guest (`10`)
- Reporter (`20`)
- Developer (`30`)
- Maintainer (`40`)
- Owner (`50`) - Only valid to set for groups
CAUTION: **Caution:**
Due to [an issue ](https://gitlab.com/gitlab-org/gitlab/-/issues/219299 ),
projects in personal namespaces will not show owner (`50`) permission
for owner.
2016-06-23 11:14:31 -04:00
## List all members of a group or project
Gets a list of group or project members viewable by the authenticated user.
2018-09-28 06:45:43 -04:00
Returns only direct members and not inherited members through ancestors groups.
2016-06-23 11:14:31 -04:00
2020-03-02 19:08:11 -05:00
This function takes pagination parameters `page` and `per_page` to restrict the list of users.
2020-02-27 04:09:01 -05:00
```plaintext
2016-06-23 11:14:31 -04:00
GET /groups/:id/members
GET /projects/:id/members
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2017-04-08 04:54:00 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
2016-06-23 11:14:31 -04:00
| `query` | string | no | A query string to search for members |
2019-10-16 14:08:01 -04:00
| `user_ids` | array of integers | no | Filter the results on the given user IDs |
2016-06-23 11:14:31 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/members"
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/members"
2016-06-23 11:14:31 -04:00
```
Example response:
```json
[
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
2018-07-25 17:45:42 -04:00
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
2020-02-23 19:09:02 -05:00
"access_level": 30,
"group_saml_identity": null
2016-06-23 11:14:31 -04:00
},
{
"id": 2,
"username": "john_doe",
"name": "John Doe",
"state": "active",
2018-07-25 17:45:42 -04:00
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
2020-02-23 19:09:02 -05:00
"access_level": 30,
2020-05-26 14:08:20 -04:00
"email": "john@example.com",
2020-02-23 19:09:02 -05:00
"group_saml_identity": {
"extern_uid":"ABC-1234567890",
"provider": "group_saml",
"saml_provider_id": 10
}
2018-07-25 17:45:42 -04:00
}
]
```
## List all members of a group or project including inherited members
Gets a list of group or project members viewable by the authenticated user, including inherited members through ancestor groups.
2019-10-16 14:08:01 -04:00
When a user is a member of the project/group and of one or more ancestor groups the user is returned only once with the project `access_level` (if exists)
2020-02-07 10:09:52 -05:00
or the `access_level` for the user in the first group which they belong to in the project groups ancestors chain.
2018-07-25 17:45:42 -04:00
2020-03-02 19:08:11 -05:00
This function takes pagination parameters `page` and `per_page` to restrict the list of users.
2020-02-27 04:09:01 -05:00
```plaintext
2018-07-25 17:45:42 -04:00
GET /groups/:id/members/all
GET /projects/:id/members/all
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
| `query` | string | no | A query string to search for members |
2019-10-16 14:08:01 -04:00
| `user_ids` | array of integers | no | Filter the results on the given user IDs |
2018-07-25 17:45:42 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/members/all"
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/members/all"
2018-07-25 17:45:42 -04:00
```
Example response:
```json
[
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
2020-02-23 19:09:02 -05:00
"access_level": 30,
"group_saml_identity": null
2018-07-25 17:45:42 -04:00
},
{
"id": 2,
"username": "john_doe",
"name": "John Doe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
"access_level": 30
2020-05-26 14:08:20 -04:00
"email": "john@example.com",
2020-02-23 19:09:02 -05:00
"group_saml_identity": {
"extern_uid":"ABC-1234567890",
"provider": "group_saml",
"saml_provider_id": 10
}
2018-07-25 17:45:42 -04:00
},
{
"id": 3,
"username": "foo_bar",
"name": "Foo bar",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-11-22T14:13:35Z",
2020-02-23 19:09:02 -05:00
"access_level": 30,
"group_saml_identity": null
2016-06-23 11:14:31 -04:00
}
]
```
## Get a member of a group or project
2019-10-16 14:08:01 -04:00
Gets a member of a group or project. Returns only direct members and not inherited members through ancestor groups.
2016-06-23 11:14:31 -04:00
2020-02-27 04:09:01 -05:00
```plaintext
2016-06-23 11:14:31 -04:00
GET /groups/:id/members/:user_id
GET /projects/:id/members/:user_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2017-04-08 04:54:00 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
2016-06-23 11:14:31 -04:00
| `user_id` | integer | yes | The user ID of the member |
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/members/:user_id"
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/members/:user_id"
2016-06-23 11:14:31 -04:00
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
2018-07-25 17:45:42 -04:00
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
2016-08-18 10:49:32 -04:00
"access_level": 30,
2020-02-23 19:09:02 -05:00
"expires_at": null,
"group_saml_identity": null
2016-06-23 11:14:31 -04:00
}
```
2019-10-16 14:08:01 -04:00
## Get a member of a group or project, including inherited members
2020-02-06 10:09:11 -05:00
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/17744) in GitLab 12.4.
2019-10-16 14:08:01 -04:00
Gets a member of a group or project, including members inherited through ancestor groups. See the corresponding [endpoint to list all inherited members ](#list-all-members-of-a-group-or-project-including-inherited-members ) for details.
2020-02-27 04:09:01 -05:00
```plaintext
2019-10-16 14:08:01 -04:00
GET /groups/:id/members/all/:user_id
GET /projects/:id/members/all/:user_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
| `user_id` | integer | yes | The user ID of the member |
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/members/all/:user_id"
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/members/all/:user_id"
2019-10-16 14:08:01 -04:00
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"access_level": 30,
2020-02-23 19:09:02 -05:00
"expires_at": null,
"group_saml_identity": null
2019-10-16 14:08:01 -04:00
}
```
2016-06-23 11:14:31 -04:00
## Add a member to a group or project
Adds a member to a group or project.
2020-02-27 04:09:01 -05:00
```plaintext
2016-06-23 11:14:31 -04:00
POST /groups/:id/members
POST /projects/:id/members
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2017-04-08 04:54:00 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
2016-06-23 11:14:31 -04:00
| `user_id` | integer | yes | The user ID of the new member |
| `access_level` | integer | yes | A valid access level |
2016-08-18 10:49:32 -04:00
| `expires_at` | string | no | A date string in the format YEAR-MONTH-DAY |
2016-06-23 11:14:31 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --request POST --header "PRIVATE-TOKEN: < your_access_token > " --data "user_id=1& access_level=30" "https://gitlab.example.com/api/v4/groups/:id/members"
curl --request POST --header "PRIVATE-TOKEN: < your_access_token > " --data "user_id=1& access_level=30" "https://gitlab.example.com/api/v4/projects/:id/members"
2016-06-23 11:14:31 -04:00
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
2018-07-25 17:45:42 -04:00
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
2020-02-23 19:09:02 -05:00
"access_level": 30,
"group_saml_identity": null
2016-06-23 11:14:31 -04:00
}
```
## Edit a member of a group or project
Updates a member of a group or project.
2020-02-27 04:09:01 -05:00
```plaintext
2016-06-23 11:14:31 -04:00
PUT /groups/:id/members/:user_id
PUT /projects/:id/members/:user_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2017-04-08 04:54:00 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
2016-06-23 11:14:31 -04:00
| `user_id` | integer | yes | The user ID of the member |
| `access_level` | integer | yes | A valid access level |
2016-08-18 10:49:32 -04:00
| `expires_at` | string | no | A date string in the format YEAR-MONTH-DAY |
2016-06-23 11:14:31 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --request PUT --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/members/:user_id?access_level=40"
curl --request PUT --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/members/:user_id?access_level=40"
2016-06-23 11:14:31 -04:00
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
2018-07-25 17:45:42 -04:00
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
2020-02-23 19:09:02 -05:00
"access_level": 40,
"group_saml_identity": null
2016-06-23 11:14:31 -04:00
}
```
2020-04-23 17:09:31 -04:00
### Set override flag for a member of a group
2020-07-02 11:09:08 -04:00
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/4875) in GitLab 13.0.
2020-04-23 17:09:31 -04:00
By default, the access level of LDAP group members is set to the value specified
by LDAP through Group Sync. You can allow access level overrides by calling this endpoint.
```plaintext
POST /groups/:id/members/:user_id/override
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
| `user_id` | integer | yes | The user ID of the member |
2020-05-20 23:08:00 -04:00
```shell
2020-05-27 20:08:37 -04:00
curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v4/groups/:id/members/:user_id/override"
2020-04-23 17:09:31 -04:00
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
"access_level": 40,
"override": true
}
```
### Remove override for a member of a group
2020-07-02 11:09:08 -04:00
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/4875) in GitLab 13.0.
2020-04-23 17:09:31 -04:00
Sets the override flag to false and allows LDAP Group Sync to reset the access
level to the LDAP-prescribed value.
```plaintext
DELETE /groups/:id/members/:user_id/override
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
| `user_id` | integer | yes | The user ID of the member |
2020-05-20 23:08:00 -04:00
```shell
2020-05-27 20:08:37 -04:00
curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v4/groups/:id/members/:user_id/override"
2020-04-23 17:09:31 -04:00
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80& d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
"access_level": 40,
"override": false
}
```
2016-06-23 11:14:31 -04:00
## Remove a member from a group or project
Removes a user from a group or project.
2020-02-27 04:09:01 -05:00
```plaintext
2016-06-23 11:14:31 -04:00
DELETE /groups/:id/members/:user_id
DELETE /projects/:id/members/:user_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
2017-04-08 04:54:00 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group ](README.md#namespaced-path-encoding ) owned by the authenticated user |
2016-06-23 11:14:31 -04:00
| `user_id` | integer | yes | The user ID of the member |
2020-06-23 11:08:41 -04:00
| `unassign_issuables` | boolean | false | Flag indicating if the removed member should be unassigned from any issues or merge requests within given group or project |
2016-06-23 11:14:31 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --request DELETE --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/members/:user_id"
curl --request DELETE --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/members/:user_id"
2016-06-23 11:14:31 -04:00
```
2018-06-01 01:02:52 -04:00
## Give a group access to a project
2020-06-07 23:08:17 -04:00
See [share project with group ](projects.md#share-project-with-group )
