Move group
Relative path: /asset-management/v1/groups/{groupUuid}:move
Move a [Group] under another [Group].
It is possible to move groups only in the scope of the same tenant.
The assignment of policies is updated according to the new hierarchy.
NOTE
API calls /v1/groups/{groupUuid}:move and /asset-management/v1/groups/{groupUuid}:move have the same functionality.
Request body
Display Schema instead of an Example or vice-versa
Type |
Required |
Example |
Schema |
|---|---|---|---|
application/json |
Yes |
{
"newParentUuid": "string"
} |
{
"$ref": "GroupsMoveGroupBody",
"newParentUuid": {
"type": "string",
"description": "Reference to the new parent [Group] for the [Group] being moved. type: Group"
}
} |
Parameters in path
Name |
Type |
Required |
Description |
|---|---|---|---|
groupUuid |
string |
Yes |
Reference to the group to be moved. type: Group |
Responses
Display Schema+Headers instead of an Example or vice-versa
Code |
Description and Example |
Description, Schema and Headers |
|---|---|---|
200 |
A successful response.
{
"group": {
"description": "string",
"displayName": "string",
"externalReference": "string",
"externalType": "EXTERNAL_ASSET_TYPE_UNSPECIFIED",
"linkedEntityType": "GROUP_ENTITY_TYPE_UNSPECIFIED",
"parentGroupUuid": "string",
"uuid": "string",
"ownerUuid": "string"
}
}
|
A successful response.
{
"$ref": "v1MoveGroupResponse",
"group": {
"$ref": "v1Group",
"description": {
"type": "string",
"description": "Group description. Free text."
},
"displayName": {
"type": "string",
"description": "User-friendly name of the group."
},
"externalReference": {
"type": "string",
"description": "A unique reference from an external system used to associate this entity with its corresponding record in that system. This value is typically received from an external source during integration or synchronization and remains unchanged for the lifetime of the association."
},
"externalType": {
"$ref": "v1ExternalAssetType",
"type": "string",
"description": "Defines the specific, technical type of an asset as identified in the source system. It is intentionally granular and covers both structural containers and leaf resources. EXTERNAL_ASSET_TYPE_UNSPECIFIED: Unspecified or default type. EXTERNAL_ASSET_TYPE_AZURE_RESOURCE_GROUP: An Azure Resource Group. A container within an Azure Subscription that holds related resources for an application or a project. EXTERNAL_ASSET_TYPE_AZURE_SUBSCRIPTION: An Azure Subscription, which serves as a primary billing and management container for all Azure resources. It is the top-level hierarchical entity in Azure. EXTERNAL_ASSET_TYPE_AWS_ACCOUNT: An Amazon Web Services (AWS) Account. It is the fundamental container for all AWS resources and acts as a security, access, and billing boundary. EXTERNAL_ASSET_TYPE_AWS_REGION: An Amazon Web Services (AWS) Region. A physical location containing one or more availability zones where AWS resources can be deployed. EXTERNAL_ASSET_TYPE_GCP_PROJECT: A Google Cloud Project. It is the core organizational unit for creating and managing resources, and serves as a boundary for billing, enabling APIs, and managing IAM permissions for all contained resources. EXTERNAL_ASSET_TYPE_AZURE_VIRTUAL_MACHINE: A Microsoft Azure Virtual Machine. A scalable, on-demand compute resource that functions as a virtual server. EXTERNAL_ASSET_TYPE_AWS_EC2_INSTANCE: An Amazon Elastic Compute Cloud (EC2) Instance. A virtual server in the AWS cloud used for running applications. EXTERNAL_ASSET_TYPE_GCP_COMPUTE_ENGINE_INSTANCE: A Google Compute Engine (GCE) instance. A virtual machine running in Google's infrastructure, used for a wide range of workloads. EXTERNAL_ASSET_TYPE_ENTRA_ID_USER: A user identity managed by Microsoft Entra ID (formerly Azure AD), used for accessing Microsoft 365, Azure, and other federated cloud services. EXTERNAL_ASSET_TYPE_MICROSOFT_ACTIVE_DIRECTORY_USER: A user account within a Microsoft Active Directory domain. EXTERNAL_ASSET_TYPE_OBSERVED_USER: A user identity as observed from a device logon event, containing partial information. EXTERNAL_ASSET_TYPE_MICROSOFT_ACTIVE_DIRECTORY_MANAGED_SERVICE_ACCOUNT: A Managed Service Account within a Microsoft Active Directory domain, used to provide automatic password management and simplified SPN management for services. EXTERNAL_ASSET_TYPE_ENTRA_ID_APPLICATION: An application registration in Microsoft Entra ID (formerly Azure AD), representing a software application that can authenticate and request access to resources. EXTERNAL_ASSET_TYPE_ENTRA_ID_SERVICE_PRINCIPAL: A service principal in Microsoft Entra ID (formerly Azure AD), representing the local instance of an application or managed identity within a tenant, used for authentication and authorization. EXTERNAL_ASSET_TYPE_PALO_ALTO_FIREWALL: A Next-Generation Firewall (NGFW) appliance (physical or virtual) from Palo Alto Networks, used for network security policy enforcement.",
"enum": [
"EXTERNAL_ASSET_TYPE_UNSPECIFIED",
"EXTERNAL_ASSET_TYPE_AZURE_RESOURCE_GROUP",
"EXTERNAL_ASSET_TYPE_AZURE_SUBSCRIPTION",
"EXTERNAL_ASSET_TYPE_AWS_ACCOUNT",
"EXTERNAL_ASSET_TYPE_AWS_REGION",
"EXTERNAL_ASSET_TYPE_GCP_PROJECT",
"EXTERNAL_ASSET_TYPE_AZURE_VIRTUAL_MACHINE",
"EXTERNAL_ASSET_TYPE_AWS_EC2_INSTANCE",
"EXTERNAL_ASSET_TYPE_GCP_COMPUTE_ENGINE_INSTANCE",
"EXTERNAL_ASSET_TYPE_ENTRA_ID_USER",
"EXTERNAL_ASSET_TYPE_MICROSOFT_ACTIVE_DIRECTORY_USER",
"EXTERNAL_ASSET_TYPE_OBSERVED_USER",
"EXTERNAL_ASSET_TYPE_MICROSOFT_ACTIVE_DIRECTORY_MANAGED_SERVICE_ACCOUNT",
"EXTERNAL_ASSET_TYPE_ENTRA_ID_APPLICATION",
"EXTERNAL_ASSET_TYPE_ENTRA_ID_SERVICE_PRINCIPAL",
"EXTERNAL_ASSET_TYPE_PALO_ALTO_FIREWALL"
]
},
"linkedEntityType": {
"$ref": "v1GroupEntityType",
"type": "string",
"description": "Possible entities that the Group represents. GROUP_ENTITY_TYPE_UNSPECIFIED: fallback GROUP_ENTITY_TYPE_CUSTOMER: Group representing [company] GROUP_ENTITY_TYPE_MSP: Group representing [MSP] GROUP_ENTITY_TYPE_SITE: Group representing [site] GROUP_ENTITY_TYPE_HOUSEHOLD: Group representing [household] GROUP_ENTITY_TYPE_EXTERNAL_CONTAINER: Group representing an external container (e.g., Azure Resource Group, AWS Account). Such groups are managed by the integration connector.",
"enum": [
"GROUP_ENTITY_TYPE_UNSPECIFIED",
"GROUP_ENTITY_TYPE_CUSTOMER",
"GROUP_ENTITY_TYPE_MSP",
"GROUP_ENTITY_TYPE_SITE",
"GROUP_ENTITY_TYPE_HOUSEHOLD",
"GROUP_ENTITY_TYPE_EXTERNAL_CONTAINER"
]
},
"parentGroupUuid": {
"type": "string",
"description": "Reference to the parent group in the tree structure. type: Group"
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision-free - two identifiers created anywhere in the world must not collide within the entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 9562: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier, albeit of predictable length and alphabet. RFC UUID can be recognized by being formatted according to the template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on Wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
},
"ownerUuid": {
"type": "string",
"description": "Identifier of the tenant who owns this object.",
"readOnly": true
}
}
}
|
default |
An unexpected error response.
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string",
"additionalProp1": {},
"additionalProp2": {},
"additionalProp3": {}
}
]
}
|
An unexpected error response.
{
"$ref": "rpcStatus",
"description": "The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.",
"code": {
"type": "integer",
"description": "The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].",
"format": "int32"
},
"message": {
"type": "string",
"description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client."
},
"details": [
{
"$ref": "protobufAny",
"description": "Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++. Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... } Example 2: Pack and unpack a message in Java. Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } Example 3: Pack and unpack a message in Python. foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ... The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example 'foo.bar.com/x/y.z' will yield type name 'y.z'. JSON The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: package google.profile; message Person { string first_name = 1; string last_name = 2; } { '@type': 'type.googleapis.com/google.profile.Person', 'firstName': <string>, 'lastName': <string> } If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): { '@type': 'type.googleapis.com/google.protobuf.Duration', 'value': '1.212s' }",
"@type": {
"type": "string",
"description": "A URL/resource name whose content describes the type of the serialized protocol buffer message. For URLs which use the scheme http, https, or no scheme, the following restrictions and interpretations apply: If no scheme is provided, https is assumed. The last segment of the URL's path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading '.' is not accepted). An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics."
},
"additionalProperties": {
"type": "object"
}
}
]
}
|