For more information, see the following pages:
== User group creation and update Groups can be created via REST API v2 or REST API v1 API endpoint.
The Group privileges are set directly on groups, either during group creation or via a group update API call.
== User association to groups You can add users to specific groups when creating a user or group via REST API endpoints.
The REST API v1 group/addmemberships endpoint allows adding multiple users to multiple groups in a single request.
To get a list of users assigned to a group, you can use the POST /api/rest/2.0/groups/search v2 endpoint or the /tspublic/v1/group/{groupid}/users v1 endpoint.
To remove a user from a group, use the update group REST v2 endpoint, or the following REST API v1 endpoints:
-
POST /tspublic/v1/group/{groupid}/user/{userid}
removes a user from a specific group -
POST /tspublic/v1/group/removememberships
removes a list of users from many groups at once.
== Access control (sharing) Access to objects is determined by content shared directly to the user or the groups they belong to. It is easier to manage and audit sharing through groups rather than object sharing at the individual user level.
Users can share objects or modify sharing properties through the UI or via an API call to the POST /api/rest/2.0/security/metadata/share or /tspublic/v1/security/share endpoint.
== Group privileges Each user group includes a set of privileges for its users. When a user is assigned to a group in ThoughtSpot, the default privileges associated with a group are assigned to its users. The group privileges allow users belonging to a group to perform specific operations and access workflows. If a user belongs to more than one group, they will have the highest level of privileges from all the groups they belong to.