Skip to content

Groups

Groups in Contendo Server provide a way to organize users but do not have any inherent semantic meaning. Contendo Server allows users to be grouped for various purposes, such as:

  • Representing a role (e.g., maintainer, editor, viewer)
  • Associating members of an organization (e.g., finance_department, engineering_team)
  • Defining users with access to a specific resource (e.g., project_alpha_access, folder_shared_users)
  • System privilege levels (e.g., super, admin, user)

Groups are primarily used for access control and serve as principals in ACLs, as described in Access Control. However, there is no referential integrity between groups and principals. This means:

  • A group with existing ACL assignments can be freely deleted without affecting stored permissions.
  • ACL with principals referring to a non-existing group can be freely created.

Default Groups

Contendo Server includes several predefined groups:

  • super – Super administrator with unlimited access. Only a super user can assign other users to this role. Should be very selectively used - only be used for managing domains. For all other purposes, admin and user roles should be preferred.
  • admin – Domain administrator with unlimited access within a single domain, required for managing roles and Access Control.
  • user – Basic user with domain access.
  • repository_ – Required for users with the user role to enable repository access (e.g., repository_main, repository_secondary). When a Repository is created, the appropriate _repository__ group is created automatically.

Generally, every user will need either the admin role (if Role and Access Control management is needed) or the user group assigned to them. Additionally, users with the user group will need one or more _repository__ roles to define to which repository they have access.

Group Management Operations

Name Description
Create Group Creates a new group.
Retrieve All Groups Retrieves the list of all groups.
Delete Group Deletes a group.
Add User to Group Adds a user to one or more groups.
Remove User from Group Removes a user from one or more groups.

Create Group

Creates a new group.

Request Format

  • Operation: createGroup
  • HTTP method: POST
  • URL: {DOMAIN_URL}
  • Content-Type: application/json, multipart/form-data, application/x-www-form-urlencoded
Parameters
Name Required Description
groupName Yes Name of the group

Example Request:

curl -X 'POST'
  '{DOMAIN_URL}' \
  -H 'Content-Type: application/json' \
  -d '{
    "operation": "createGroup",
    "groupName": "engineering_team"
  }'

Response Format

  • No response body.

Retrieve All Groups

Retrieves the list of all groups.

Request Format

  • Operation: groups
  • HTTP method: GET
  • URL: {DOMAIN_URL}

Example Request:

curl -X 'GET'
  '{DOMAIN_URL}?operation=groups'

Response Format

  • Content-Type: application/json
  • Response body: Array of group names

Example Response:

[
  "repository_main",
  "repository_second",
  "super",
  "admin",
  "user",
  "maintainer"
]

Delete Group

Deletes a group.

Request Format

  • Operation: deleteGroup
  • HTTP method: POST
  • URL: {DOMAIN_URL}
  • Content-Type: application/json
Parameters
Name Required Description
groupName Yes Name of the group to delete

Example Request:

curl -X 'POST'
  '{DOMAIN_URL}' \
  -H 'Content-Type: application/json' \
  -d '{
    "operation": "deleteGroup",
    "groupName": "engineering_team"
  }'

Response Format

  • No response body.

Add User to Group

Adds a user to one or more groups.

Request Format

  • Operation: addUserToGroup
  • HTTP method: POST
  • URL: {DOMAIN_URL}
  • Content-Type: application/json
Parameters
Name Required Description
groupName Yes Array of group names
username Yes Name of the user to add

Example Request:

curl -X 'POST'
  '{DOMAIN_URL}' \
  -H 'Content-Type: application/json' \
  -d '{
    "operation": "addUserToGroup",
    "groupName": ["engineering_team", "project_alpha_access"],
    "username": "john_doe"
  }'

Response Format

  • No response body.

Remove User from Group

Removes a user from one or more groups.

Request Format

  • Operation: removeUserFromGroup
  • HTTP method: POST
  • URL: {DOMAIN_URL}
  • Content-Type: application/json
Parameters
Name Required Description
groupName Yes Array of group names
username Yes Name of the user to remove

Example Request:

curl -X 'POST'
  '{DOMAIN_URL}' \
  -H 'Content-Type: application/json' \
  -d '{
    "operation": "removeUserFromGroup",
    "groupName": ["engineering_team", "project_alpha_access"],
    "username": "john_doe"
  }'

Response Format

  • No response body.