cURL

curl --request PUT \
  --url https://api.opal.dev/v1/groups/{group_id}/users/{user_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "duration_minutes": 60,
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}
'

{
  "full_name": "Jake Barnes",
  "user_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
  "group_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
  "expiration_date": "2022-01-23T04:56:07.000Z",
  "email": "jake@company.dev"
}

PUT

groups

{group_id}

users

{user_id}

cURL

curl --request PUT \
  --url https://api.opal.dev/v1/groups/{group_id}/users/{user_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "duration_minutes": 60,
  "access_level_remote_id": "arn:aws:iam::590304332660:role/AdministratorAccess"
}
'

{
  "full_name": "Jake Barnes",
  "user_id": "29827fb8-f2dd-4e80-9576-28e31e9934ac",
  "group_id": "1b978423-db0a-4037-a4cf-f79c60cb67b3",
  "expiration_date": "2022-01-23T04:56:07.000Z",
  "email": "jake@company.dev"
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

group_id

string<uuid>

required

The ID of the group.

user_id

string<uuid>

required

The ID of the user whose access is being updated.

Body

application/json

duration_minutes

integer

required

The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite.

Required range: x <= 525960

Example:

120

access_level_remote_id

string

The updated remote ID of the access level granted to this user.

Example:

"arn:aws:iam::590304332660:role/ReadOnlyAccess"

Response

200 - application/json

The GroupUser was successfully updated.

Group Access User Object

Description

The GroupAccessUser object is used to represent a user with access to a group.

Usage Example

Fetch from the LIST GroupUsers endpoint.

group_id

string<uuid>

required

The ID of the group.

Example:

"1b978423-db0a-4037-a4cf-f79c60cb67b3"

group_name

string

required

The name of the group.

Example:

"API Group"

description

string

required

The description of the group.

Example:

"Group required to request API's"

user_id

string<uuid>

required

The ID of the user.

Example:

"29827fb8-f2dd-4e80-9576-28e31e9934ac"

full_name

string

required

The user's full name.

Example:

"Jake Barnes"

string

required

The user's email.

Example:

"jake@company.dev"

access_level

object

Access Level Object

Description

The GroupAccessLevel object is used to represent the level of access that a user has to a group or a group has to a group. The "default" access level is a GroupAccessLevel object whose fields are all empty strings.

Usage Example

View the GroupAccessLevel of a group/user or group/group pair to see the level of access granted to the group.

Show child attributes

Example:

{
  "access_level_name": "Developer",
  "access_level_remote_id": 20
}

expiration_date

string<date-time> | null

The day and time the user's access will expire.

Example:

"2022-01-23T04:56:07.000Z"

propagation_status

object

The state of whether the push action was propagated to the remote system. If this is null, the access was synced from the remote system.

Show child attributes

Last modified on February 19, 2026

Get groups users Post groups users

API Concepts

SDKs

Opal API

Put groups users

Authorizations

Path Parameters

Body

Response

Group Access User Object

Description

Usage Example

Access Level Object

Description

Usage Example