> ## Documentation Index > Fetch the complete documentation index at: https://docs.opal.dev/llms.txt > Use this file to discover all available pages before exploring further. # Put groups > Bulk updates a list of groups. ## OpenAPI ````yaml https://app.opal.dev/openapi.yaml put /groups openapi: 3.1.0 info: contact: email: hello@opal.dev name: Opal Team url: https://www.opal.dev/ description: >- The Opal API is a RESTful API that allows you to interact with the Opal Security platform programmatically. title: Opal API version: '1.0' servers: - description: Production url: https://api.opal.dev/v1 security: [] tags: - name: access-rules description: Operations related to access rules - name: apps description: Operations related to apps - name: bundles description: Operations related to bundles - name: configuration-templates description: Operations related to configuration templates - name: delegations description: Operations related to request reviewer delegations - name: events description: Operations related to events - name: groups description: Operations related to groups - name: group-bindings description: Operations related to group bindings - name: idp-group-mappings description: Operations related to IDP group mappings - name: message-channels description: Operations related to message channels - name: non-human-identities description: Operations related to non-human identities - name: on-call-schedules description: Operations related to on-call schedules - name: owners description: Operations related to owners - name: requests description: Operations related to requests - name: resources description: Operations related to resources - name: sessions description: Operations related to sessions - name: tags description: Operations related to tags - name: tokens description: Operations related to API tokens - name: uars description: Operations related to UARs - name: users description: Operations related to users paths: /groups: put: tags: - groups description: Bulk updates a list of groups. operationId: updateGroups requestBody: description: Groups to be updated required: true content: application/json: schema: $ref: '#/components/schemas/UpdateGroupInfoList' responses: '200': content: application/json: schema: $ref: '#/components/schemas/UpdateGroupInfoList' description: The resulting updated group infos. security: - BearerAuth: [] components: schemas: UpdateGroupInfoList: example: groups: - group_id: f454d283-ca87-4a8a-bdbb-df212eca5353 description: >- This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. name: api-group admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 max_duration: 120 require_manager_approval: false require_support_ticket: false - group_id: 99d0b81d-14be-4cf6-bd27-348b4af1d11b description: >- Manages the Integrations Team on-call privileged resources. This group is automatically synced with the on-call rotation defined in PagerDuty. name: on-call-integrations admin_owner_id: 4220bc12-ab8a-4b5d-be7b-f6bbcf9159f3 max_duration: 360 require_manager_approval: false require_support_ticket: true properties: groups: description: A list of groups with information to update. items: $ref: '#/components/schemas/UpdateGroupInfo' type: array type: object required: - groups UpdateGroupInfo: description: |- # UpdateGroupInfo Object ### Description The `UpdateGroupInfo` object is used as an input to the UpdateGroup API. example: group_id: f454d283-ca87-4a87-bdbb-df212eca5353 description: >- This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. name: api-group admin_owner_id: 7c86c85d-0651-43e2-a748-d69d658418e8 max_duration: 120 require_manager_approval: false require_support_ticket: false properties: group_id: description: The ID of the group. example: f454d283-ca87-4a87-bdbb-df212eca5353 format: uuid type: string name: description: The name of the group. example: api-group type: string description: description: A description of the group. example: >- This group represents Active Directory group "Payments Production Admin". We use this AD group to facilitate staging deployments and qualifying new releases. type: string admin_owner_id: description: The ID of the owner of the group. example: 7c86c85d-0651-43e2-a748-d69d658418e8 format: uuid type: string max_duration: description: >- The maximum duration for which the group can be requested (in minutes). Use -1 to set to indefinite. Deprecated in favor of `request_configurations`. type: integer example: 120 deprecated: true recommended_duration: description: >- The recommended duration for which the group should be requested (in minutes). Will be the default value in a request. Use -1 to set to indefinite and 0 to unset. Deprecated in favor of `request_configurations`. type: integer example: 120 deprecated: true require_manager_approval: description: >- A bool representing whether or not access requests to the group require manager approval. Deprecated in favor of `request_configurations`. example: false type: boolean deprecated: true require_support_ticket: description: >- A bool representing whether or not access requests to the group require an access ticket. Deprecated in favor of `request_configurations`. example: false type: boolean deprecated: true folder_id: description: The ID of the folder that the group is located in. example: e27cb7b0-98e2-4555-9916-9e6d8ca6b079 format: uuid type: string deprecated: true require_mfa_to_approve: description: >- A bool representing whether or not to require MFA for reviewers to approve requests for this group. example: false type: boolean require_mfa_to_request: description: >- A bool representing whether or not to require MFA for requesting access to this group. Deprecated in favor of `request_configurations`. example: false type: boolean deprecated: true auto_approval: description: >- A bool representing whether or not to automatically approve requests to this group. Deprecated in favor of `request_configurations`. example: false type: boolean deprecated: true configuration_template_id: description: The ID of the associated configuration template. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string request_template_id: description: >- The ID of the associated request template. Deprecated in favor of `request_configurations`. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string deprecated: true is_requestable: description: >- A bool representing whether or not to allow access requests to this group. Deprecated in favor of `request_configurations`. example: false type: boolean deprecated: true group_leader_user_ids: description: A list of User IDs for the group leaders of the group items: type: string format: uuid type: array extensions_duration_in_minutes: description: >- The duration for which access can be extended (in minutes). Deprecated, set the extension duration in the request_configuration you want it to apply to. type: integer example: 120 deprecated: true request_configurations: type: array items: $ref: '#/components/schemas/RequestConfiguration' description: >- The request configuration list of the configuration template. If not provided, the default request configuration will be used. request_configuration_list: $ref: '#/components/schemas/CreateRequestConfigurationInfoList' description: >- The request configuration list of the configuration template. If not provided, the default request configuration will be used. Deprecated in favor of `request_configurations`. deprecated: true example: request_configurations: - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 condition: null allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 0 - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 condition: group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 1 custom_request_notification: description: >- Custom request notification sent to the requester when the request is approved. type: string maxLength: 800 nullable: true example: Check your email to register your account. risk_sensitivity_override: allOf: - $ref: '#/components/schemas/RiskSensitivityEnum' required: - group_id type: object RequestConfiguration: description: >- # Request Configuration Object ### Description The `RequestConfiguration` object is used to represent a request configuration. ### Usage Example Returned from the `GET Request Configurations` endpoint. example: request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 created_at: '2021-01-06T20:00:00.000Z' updated_at: '2021-01-06T20:00:00.000Z' condition: group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b3 allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 1 type: object properties: condition: $ref: '#/components/schemas/Condition' description: The condition for the request configuration. allow_requests: description: >- A bool representing whether or not to allow requests for this resource. example: true type: boolean auto_approval: description: >- A bool representing whether or not to automatically approve requests for this resource. example: false type: boolean require_mfa_to_request: description: >- A bool representing whether or not to require MFA for requesting access to this resource. example: false type: boolean max_duration_minutes: description: >- The maximum duration for which the resource can be requested (in minutes). type: integer example: 120 recommended_duration_minutes: description: >- The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration. type: integer example: 120 require_support_ticket: description: >- A bool representing whether or not access requests to the resource require an access ticket. example: false type: boolean extensions_duration_in_minutes: description: >- The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration. type: integer example: 120 request_template_id: description: The ID of the associated request template. example: 06851574-e50d-40ca-8c78-f72ae6ab4304 format: uuid type: string reviewer_stages: description: The list of reviewer stages for the request configuration. items: $ref: '#/components/schemas/ReviewerStage' type: array priority: description: The priority of the request configuration. example: 1 type: integer required: - organization_id - allow_requests - auto_approval - require_mfa_to_request - require_support_ticket - priority CreateRequestConfigurationInfoList: description: >- # CreateRequestConfigurationInfoList Object ### Description The `CreateRequestConfigurationInfoList` object is used as an input to the CreateRequestConfigurations API. ### Formatting Requirements The `CreateRequestConfigurationInfoList` object must contain a list of `RequestConfiguration` objects. Exactly one default `RequestConfiguration` must be provided. A default `RequestConfiguration` is one with a `condition` of `null` and a `priority` of `0`. The default `RequestConfiguration` will be used when no other `RequestConfiguration` matches the request. Only one `RequestConfiguration` may be provided for each priority, and the priorities must be contiguous. For example, if there are two `RequestConfigurations` with priorities 0 and 2, there must be a `RequestConfiguration` with priority 1. To use the `condition` field, the `condition` must be a valid JSON object. The `condition` must be a JSON object with the key `group_ids` (more options may be added in the future), whose value is a list of group IDs. The `condition` will match if the user requesting access is a member of any of the groups in the list. Currently, we only support using a single group as a condition. example: request_configurations: - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e8 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 condition: null allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 0 - request_configuration_id: 7c86c85d-0651-43e2-a748-d69d658418e9 organization_id: w86c85d-0651-43e2-a748-d69d658418e8 condition: group_id: 1b978423-db0a-4037-a4cf-f79c60cb67b4 allow_requests: true auto_approval: false require_mfa_to_request: false max_duration_minutes: 120 recommended_duration_minutes: 120 require_support_ticket: false reviewer_stages: - reviewer_stage_id: 7c86c85d-0651-43e2-a748-d69d658418e8 owner_ids: - 37cb7e41-12ba-46da-92ff-030abe0450b1 - 37cb7e41-12ba-46da-92ff-030abe0450b2 stage: 1 priority: 1 properties: request_configurations: description: A list of request configurations to create. items: $ref: '#/components/schemas/RequestConfiguration' type: array type: object required: - request_configurations RiskSensitivityEnum: type: string description: >- Indicates the level of potential impact misuse or unauthorized access may incur. enum: - UNKNOWN - CRITICAL - HIGH - MEDIUM - LOW - NONE Condition: description: |- # Condition Object ### Description The `Condition` object is used to represent a condition. ### Usage Example Used to match request configurations to users in `RequestConfiguration` example: group_ids: - 1b978423-db0a-4037-a4cf-f79c60cb67b3 type: object properties: group_ids: description: The list of group IDs to match. example: - 1b978423-db0a-4037-a4cf-f79c60cb67b3 items: type: string format: uuid type: array role_remote_ids: description: The list of role remote IDs to match. example: - arn:aws:iam::590304332660:role/AdministratorAccess type: array items: type: string ReviewerStage: description: A reviewer stage. example: owner_ids: - 7870617d-e72a-47f5-a84c-693817ab4567 - 1520617d-e72a-47f5-a84c-693817ab48ad2 service_user_ids: - 7870617d-e72a-47f5-a84c-693817ab4568 properties: require_manager_approval: description: Whether this reviewer stage should require manager approval. example: false type: boolean require_admin_approval: description: Whether this reviewer stage should require admin approval. example: false type: boolean operator: description: >- The operator of the reviewer stage. Admin and manager approval are also treated as reviewers. enum: - AND - OR example: AND type: string owner_ids: description: The IDs of owners assigned as reviewers for this stage. items: type: string format: uuid type: array service_user_ids: description: The IDs of service users assigned as reviewers for this stage. items: type: string format: uuid type: array type: object required: - operator - require_manager_approval - owner_ids - stage securitySchemes: BearerAuth: scheme: bearer type: http ````