> ## Documentation Index > Fetch the complete documentation index at: https://docs.opal.dev/llms.txt > Use this file to discover all available pages before exploring further. # Put groups users > Updates a user's access level or duration in this group. ## OpenAPI ````yaml https://app.opal.dev/openapi.yaml put /groups/{group_id}/users/{user_id} openapi: 3.1.0 info: contact: email: hello@opal.dev name: Opal Team url: https://www.opal.dev/ description: >- The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. title: Opal API version: '1.0' servers: - description: Production url: https://api.opal.dev/v1 security: [] tags: - name: access-rules description: Operations related to access rules - name: apps description: Operations related to apps - name: bundles description: Operations related to bundles - name: configuration-templates description: Operations related to configuration templates - name: delegations description: Operations related to request reviewer delegations - name: events description: Operations related to events - name: groups description: Operations related to groups - name: group-bindings description: Operations related to group bindings - name: idp-group-mappings description: Operations related to IDP group mappings - name: message-channels description: Operations related to message channels - name: non-human-identities description: Operations related to non-human identities - name: on-call-schedules description: Operations related to on-call schedules - name: owners description: Operations related to owners - name: requests description: Operations related to requests - name: resources description: Operations related to resources - name: sessions description: Operations related to sessions - name: tags description: Operations related to tags - name: tokens description: Operations related to API tokens - name: uars description: Operations related to UARs - name: users description: Operations related to users paths: /groups/{group_id}/users/{user_id}: put: tags: - groups description: Updates a user's access level or duration in this group. operationId: update_group_user parameters: - description: The ID of the group. example: 4baf8423-db0a-4037-a4cf-f79c60cb67a5 in: path name: group_id required: true schema: type: string format: uuid style: simple - description: The ID of the user whose access is being updated. example: f92aa855-cea9-4814-b9d8-f2a60d3e4a06 in: path name: user_id required: true schema: type: string format: uuid style: simple requestBody: required: true content: application/json: schema: type: object example: duration_minutes: 60 access_level_remote_id: arn:aws:iam::590304332660:role/AdministratorAccess properties: duration_minutes: description: >- The updated duration for which the group can be accessed (in minutes). Use 0 for indefinite, or a negative value to revoke access. type: integer maximum: 525960 example: 120 access_level_remote_id: description: >- The updated remote ID of the access level granted to this user. type: string example: arn:aws:iam::590304332660:role/ReadOnlyAccess required: - duration_minutes responses: '200': description: The GroupUser was successfully updated. content: application/json: schema: $ref: '#/components/schemas/GroupUser' security: - BearerAuth: [] components: schemas: GroupUser: description: >- # Group Access User Object ### Description The `GroupAccessUser` object is used to represent a user with access to a group. ### Usage Example Fetch from the `LIST GroupUsers` endpoint. example: full_name: Jake Barnes user_id: 29827fb8-f2dd-4e80-9576-28e31e9934ac group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 expiration_date: '2022-01-23T04:56:07.000Z' email: jake@company.dev properties: group_id: description: The ID of the group. example: 1b978423-db0a-4037-a4cf-f79c60cb67b3 format: uuid type: string group_name: description: The name of the group. example: API Group type: string description: description: The description of the group. example: Group required to request API's type: string user_id: description: The ID of the user. example: 29827fb8-f2dd-4e80-9576-28e31e9934ac format: uuid type: string access_level: $ref: '#/components/schemas/GroupAccessLevel' nullable: true full_name: description: The user's full name. example: Jake Barnes type: string email: description: The user's email. example: jake@company.dev type: string expiration_date: description: The day and time the user's access will expire. example: '2022-01-23T04:56:07.000Z' format: date-time nullable: true type: string propagation_status: $ref: '#/components/schemas/PropagationStatus' required: - email - full_name - group_id - user_id - group_name - description type: object GroupAccessLevel: description: >- # Access Level Object ### Description The `GroupAccessLevel` object is used to represent the level of access that a user has to a group or a group has to a group. The "default" access level is a `GroupAccessLevel` object whose fields are all empty strings. ### Usage Example View the `GroupAccessLevel` of a group/user or group/group pair to see the level of access granted to the group. example: access_level_name: Developer access_level_remote_id: 20 properties: access_level_name: description: The human-readable name of the access level. example: Developer type: string access_level_remote_id: description: The machine-readable identifier of the access level. example: 20 type: string required: - access_level_name - access_level_remote_id type: object PropagationStatus: description: >- The state of whether the push action was propagated to the remote system. If this is null, the access was synced from the remote system. properties: status: $ref: '#/components/schemas/PropagationStatusEnum' required: - status PropagationStatusEnum: description: >- The status of whether the user has been synced to the group or resource in the remote system. enum: - SUCCESS - ERR_REMOTE_INTERNAL_ERROR - ERR_REMOTE_USER_NOT_FOUND - ERR_REMOTE_USER_NOT_LINKED - ERR_REMOTE_RESOURCE_NOT_FOUND - ERR_REMOTE_THROTTLE - ERR_NOT_AUTHORIZED_TO_QUERY_RESOURCE - ERR_REMOTE_PROVISIONING_VIA_IDP_FAILED - ERR_IDP_EMAIL_UPDATE_CONFLICT - ERR_TIMEOUT - ERR_UNKNOWN - ERR_OPAL_INTERNAL_ERROR - ERR_ORG_READ_ONLY - ERR_OPERATION_UNSUPPORTED - PENDING - PENDING_MANUAL_PROPAGATION - PENDING_TICKET_CREATION - ERR_TICKET_CREATION_SKIPPED - ERR_DRY_RUN_MODE_ENABLED - ERR_HR_IDP_PROVIDER_NOT_LINKED - ERR_REMOTE_UNRECOVERABLE_ERROR example: - SUCCESS type: string securitySchemes: BearerAuth: scheme: bearer type: http ````