{"id":76672,"date":"2023-05-19T13:49:00","date_gmt":"2023-05-19T17:49:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=76672"},"modified":"2023-06-05T13:10:39","modified_gmt":"2023-06-05T17:10:39","slug":"user-group-elevated-permissions-via-api","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api","title":{"rendered":"User Group Elevated Permissions via JumpCloud API"},"content":{"rendered":"\n<p>This article discusses how to use the JumpCloud API to control User Elevated Permissions at the User Group level and\/or at the User Group \u2192 Device Group Bind level. The goal is to allow administrators to have better high-level control over the permissions that their users have across devices while minimizing the maintenance overhead that can come with managing User Device permissions on an individual basis.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Elevated Permissions on User Groups<\/h2>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>User Group\u00a0ID (60f84e262921680001dbe9ba\u00a0in the examples)<\/li>\n\n\n\n<li>JumpCloud API key (redacted in the examples)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Getting Existing User Group Data<\/h3>\n\n\n\n<p>Note that the JumpCloud API currently only supports\u00a0<code>POST<\/code>\u00a0and\u00a0<code>PUT<\/code>\u00a0for\u00a0<code>User Groups<\/code>.\u00a0<code>PUT<\/code>\u00a0saves the provided state to the object at the given ID. This means that to modify the attributes field, all\u00a0<code>User Group<\/code>\u00a0fields must be included in the request as the object is intended to be saved. Retrieve all other\u00a0<code>User Group<\/code>\u00a0fields and attribute properties and include them in the request if the goal is only to modify the\u00a0<code>sudo<\/code>\u00a0properties.<\/p>\n\n\n\n<p>cURL to get data from an existing group:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba \\<br>\u00a0\u00a0-H &#8216;Accept: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8216;Content-Type: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8220;x-api-key: $JC_API_KEY&#8221;<\/p>\n<\/div><\/div>\n\n\n\n<p>Returning something similar to:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>{<br>\u00a0&#8220;attributes&#8221;:{<br>\u00a0 &#8220;ldapGroups&#8221;:[<br>\u00a0 \u00a0 \u00a0 {<br>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0&#8220;name&#8221;:&#8221;MYGROUP&#8221;<br>\u00a0 \u00a0 \u00a0 }<br>\u00a0 \u00a0]<br>\u00a0},\u00a0<br>\u00a0&#8220;id&#8221;:&#8221;60f84e262921680001dbe9ba&#8221;,<br>\u00a0&#8220;name&#8221;:&#8221;My User Group&#8221;,<br>\u00a0&#8220;type&#8221;:&#8221;user_group&#8221;,<br>\u00a0&#8220;email&#8221;:&#8221;mydemogroup@business.com&#8221;,<br>\u00a0&#8220;description&#8221;:&#8221;A user group for demonstration&#8221;,<br>\u00a0&#8220;memberSuggestionsNotify&#8221;:false,<br>\u00a0&#8220;memberQuery&#8221;:{<br>\u00a0 \u00a0&#8220;queryType&#8221;:&#8221;FilterQuery&#8221;,<br>\u00a0 \u00a0&#8220;filters&#8221;:[<br>\u00a0 \u00a0 \u00a0 {<br>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 &#8220;field&#8221;:&#8221;company&#8221;,<br>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 &#8220;operator&#8221;:&#8221;eq&#8221;,<br>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 &#8220;value&#8221;:&#8221;MyCompany&#8221;<br>\u00a0 \u00a0 \u00a0 \u00a0}<br>\u00a0 \u00a0 \u00a0]<br>\u00a0 \u00a0}<br>}<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Modifying User Group Elevated Permissions<\/h3>\n\n\n\n<p>To elevate permissions for users in this User Group, add the\u00a0<code>sudo<\/code>\u00a0property to the\u00a0<code>attributes<\/code>\u00a0as below:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>&#8220;attributes&#8221;:{<br>\u00a0\u00a0 &#8220;ldapGroups&#8221;:[<br>\u00a0\u00a0\u00a0\u00a0\u00a0 {<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 &#8220;name&#8221;:&#8221;MYGROUP&#8221;<br>\u00a0\u00a0\u00a0\u00a0\u00a0 }<br>\u00a0\u00a0 ]&#8221;sudo&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0\u00a0 &#8220;enabled&#8221;:true,<br>\u00a0\u00a0\u00a0\u00a0\u00a0 &#8220;withoutPassword&#8221;:true<br>\u00a0\u00a0 }<br>}<\/p>\n<\/div><\/div>\n\n\n\n<p>Example cURL to elevate permissions for all\u00a0<code>User<\/code>\u00a0members of\u00a0<code>User Group<\/code>\u00a0to passwordless sudo with the above\u00a0<code>attributes<\/code>\u00a0included in the request:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p><br>curl -X PUT https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba \\<br>\u00a0\u00a0-H &#8216;Accept: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8216;Content-Type: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8220;x-api-key: $JC_API_KEY&#8221; \\<br>\u00a0\u00a0-d &#8216;{<br>\u00a0\u00a0\u00a0&#8220;attributes&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;ldapGroups&#8221;:[<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;name&#8221;:&#8221;MYGROUP&#8221;<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0],<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;sudo&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;enabled&#8221;:true,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;withoutPassword&#8221;:true<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0},<br>\u00a0\u00a0\u00a0&#8220;id&#8221;:&#8221;60f84e262921680001dbe9ba&#8221;,<br>\u00a0\u00a0\u00a0&#8220;name&#8221;:&#8221;My User Group&#8221;,<br>\u00a0\u00a0\u00a0&#8220;type&#8221;:&#8221;user_group&#8221;,<br>\u00a0\u00a0\u00a0&#8220;email&#8221;:&#8221;mydemogroup@business.com&#8221;,<br>\u00a0\u00a0\u00a0&#8220;description&#8221;:&#8221;A user group for demonstration&#8221;,<br>\u00a0\u00a0\u00a0&#8220;memberSuggestionsNotify&#8221;:false,<br>\u00a0\u00a0\u00a0&#8220;memberQuery&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;queryType&#8221;:&#8221;FilterQuery&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;filters&#8221;:[<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;field&#8221;:&#8221;company&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;operator&#8221;:&#8221;eq&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;value&#8221;:&#8221;MyCompany&#8221;<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0]<br>\u00a0\u00a0\u00a0}<br>}&#8217;<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Removing User Group Elevated Permissions<\/h3>\n\n\n\n<p>Removing elevated permissions consists of removing the\u00a0<code>sudo<\/code>\u00a0property from the\u00a0<code>User Group<\/code>&#8216;s\u00a0<code>attributes.<\/code><\/p>\n\n\n\n<p>Example cURL to remove elevated permissions with\u00a0<code>sudo<\/code>\u00a0removed:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl -X PUT https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba \\<br>\u00a0\u00a0-H &#8216;Accept: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8216;Content-Type: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8220;x-api-key: $JC_API_KEY&#8221; \\<br>\u00a0\u00a0-d &#8216;{<br>\u00a0\u00a0\u00a0&#8220;attributes&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;ldapGroups&#8221;:[<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;name&#8221;:&#8221;MYGROUP&#8221;<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0]<br>\u00a0\u00a0\u00a0},<br>\u00a0\u00a0\u00a0&#8220;id&#8221;:&#8221;60f84e262921680001dbe9ba&#8221;,<br>\u00a0\u00a0\u00a0&#8220;name&#8221;:&#8221;My User Group&#8221;,<br>\u00a0\u00a0\u00a0&#8220;type&#8221;:&#8221;user_group&#8221;,<br>\u00a0\u00a0\u00a0&#8220;email&#8221;:&#8221;mydemogroup@business.com&#8221;,<br>\u00a0\u00a0\u00a0&#8220;description&#8221;:&#8221;A user group for demonstration&#8221;,<br>\u00a0\u00a0\u00a0&#8220;memberSuggestionsNotify&#8221;:false,<br>\u00a0\u00a0\u00a0&#8220;memberQuery&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;queryType&#8221;:&#8221;FilterQuery&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;filters&#8221;:[<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;field&#8221;:&#8221;company&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;operator&#8221;:&#8221;eq&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;value&#8221;:&#8221;MyCompany&#8221;<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0]<br>\u00a0\u00a0\u00a0}<br>}&#8217;<br><\/p>\n<\/div><\/div>\n\n\n\n<p>Again, the entirety of the group&#8217;s properties is included except for the modified\u00a0<code>attributes<\/code>\u00a0which no longer include the\u00a0<code>sudo<\/code>\u00a0property:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>&#8220;attributes&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;ldapGroups&#8221;:[<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;name&#8221;:&#8221;MYGROUP&#8221;<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0]<br>\u00a0\u00a0\u00a0}<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Verifying User Group Elevated Permissions<\/h3>\n\n\n\n<ul>\n<li><code>POST<\/code>ing and&nbsp;<code>PUT<\/code>ing groups returns the saved object, allowing for inspection of the response for confirmation.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Elevated Permissions User Group \u2192 Device Group Associations<\/h2>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>User Group\u00a0ID (60f84e262921680001dbe9ba\u00a0for the example)<\/li>\n\n\n\n<li>Device Group\u00a0ID (60d9f2c796021e000117f31a\u00a0for the example)<\/li>\n\n\n\n<li>JumpCloud API Key (redacted for the example)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Creating User Group \u2192 Device Group Associations<\/h3>\n\n\n\n<p>cURL for creating a new User Group \u2192 Device Group association with elevated permissions:<\/p>\n\n\n\n<ul>\n<li>This example sets the elevated permissions to\u00a0<code>passwordless sudo.<\/code><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl -X POST https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba\/associations \\<br>\u00a0\u00a0-H &#8216;Accept: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8216;Content-Type: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8220;x-api-key: $JC_API_KEY&#8221; \\<br>\u00a0\u00a0-d &#8216;{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;op&#8221;: &#8220;add&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;type&#8221;: &#8220;system_group&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;id&#8221;: &#8220;60d9f2c796021e000117f31a&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;attributes&#8221;: {<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;sudo&#8221;: {<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;enabled&#8221;: true,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;withoutPassword&#8221;: true<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}&#8217;<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Removing User Group \u2192 Device Group Associations<\/h3>\n\n\n\n<p>cURL for removing a User Group \u2192 Device Group association:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl -X POST https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba\/associations \\<br>\u00a0\u00a0-H &#8216;Accept: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8216;Content-Type: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8220;x-api-key: $JC_API_KEY&#8221; \\<br>\u00a0\u00a0-d &#8216;{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;op&#8221;: &#8220;remove&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;type&#8221;: &#8220;system_group&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;id&#8221;: &#8220;60d9f2c796021e000117f31a&#8221;<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}&#8217;<\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Modifying Existing User Group \u2192 Device Group Associations<\/h3>\n\n\n\n<p>cURL for modifying elevated permissions on an existing User Group \u2192 Device Group association:<\/p>\n\n\n\n<ul>\n<li>This example sets the elevated permissions to\u00a0<code>sudo.<\/code><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl -X POST https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba\/associations \\<br>\u00a0\u00a0-H &#8216;Accept: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8216;Content-Type: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8220;x-api-key: $JC_API_KEY&#8221; \\<br>\u00a0\u00a0-d &#8216;{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;op&#8221;: &#8220;update&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;type&#8221;: &#8220;system_group&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;id&#8221;: &#8220;60d9f2c796021e000117f31a&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;attributes&#8221;: {<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;sudo&#8221;: {<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;enabled&#8221;: true,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;withoutPassword&#8221;: false<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}&#8217;<\/p>\n<\/div><\/div>\n\n\n\n<p>cURL for removing elevated permissions on an existing User Group \u2192 Device Group association:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl -X POST https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba\/associations \\<br>\u00a0\u00a0-H &#8216;Accept: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8216;Content-Type: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8220;x-api-key: $JC_API_KEY&#8221; \\<br>\u00a0\u00a0-d &#8216;{<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;op&#8221;: &#8220;update&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;type&#8221;: &#8220;system_group&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;id&#8221;: &#8220;60d9f2c796021e000117f31a&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;attributes&#8221;: {}<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}&#8217;<\/p>\n<\/div><\/div>\n\n\n\n<p>Again, note that this was accomplished by removing the&nbsp;<code>sudo<\/code>&nbsp;property from the&nbsp;<code>attributes.<\/code><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Verifying User Group \u2192 Device Group Association Permissions<\/h3>\n\n\n\n<ul>\n<li>cURL for retrieving User Groups \u2192 Device Groups (referred to as\u00a0<code>system_group<\/code>\u00a0in the API) associations:<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>curl<a href=\"https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba\/associations?targets%5B0%5D=system_group\"> https:\/\/console.jumpcloud.com\/api\/v2\/usergroups\/60f84e262921680001dbe9ba\/associations?targets%5B0%5D=system_group<\/a> \\<br>\u00a0\u00a0-H &#8216;Accept: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8216;Content-Type: application\/json&#8217; \\<br>\u00a0\u00a0-H &#8220;x-api-key: $JC_API_KEY&#8221;<\/p>\n<\/div><\/div>\n\n\n\n<p>Returning something similar:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>[<br>\u00a0\u00a0{<br>\u00a0\u00a0\u00a0\u00a0&#8220;attributes&#8221;: {<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;sudo&#8221;: {<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;withoutPassword&#8221;: true,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;enabled&#8221;: true<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0\u00a0\u00a0},<br>\u00a0\u00a0\u00a0\u00a0&#8220;to&#8221;: {<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;attributes&#8221;: null,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;id&#8221;: &#8220;60d9f2c796021e000117f31a&#8221;,<br>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&#8220;type&#8221;: &#8220;system_group&#8221;<br>\u00a0\u00a0\u00a0\u00a0}<br>\u00a0\u00a0}<br>]<\/p>\n<\/div><\/div>\n\n\n\n<ul>\n<li>In this case, the returned JSON indicates that the group has\u00a0<code>passwordless sudo<\/code>\u00a0elevated permissions to the\u00a0<code>system_group<\/code>\u00a0with id\u00a0<code>60d9f2c796021e000117f31a.<\/code><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>The response from the\u00a0<code>\/associations<\/code>\u00a0endpoint is a list of Device Groups, so it may return many associations that may need to be inspected to confirm elevated permissions for a specific group.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Permission Caveats<\/h2>\n\n\n\n<ul>\n<li>It is recommended to have the&nbsp;<code>sudo<\/code>&nbsp;property as one of two states (below).<\/li>\n\n\n\n<li>If no elevated permissions are desired, it is advisable to remove the\u00a0<code>sudo<\/code>\u00a0attribute entirely from the\u00a0<code>attributes<\/code>\u00a0object.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>&#8220;sudo&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0&#8220;enabled&#8221;:true,<br>\u00a0\u00a0\u00a0\u00a0&#8220;withoutPassword&#8221;:false<br>\u00a0\u00a0}<\/p>\n<\/div><\/div>\n\n\n\n<p>Passwordless sudo:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>&#8220;sudo&#8221;:{<br>\u00a0\u00a0\u00a0\u00a0&#8220;enabled&#8221;:true,<br>\u00a0\u00a0\u00a0\u00a0&#8220;withoutPassword&#8221;:true<br>\u00a0\u00a0}<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>This article discusses how to use the JumpCloud API to control User Elevated Permissions at the User Group level and\/or [&hellip;]<\/p>\n","protected":false},"author":207,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[3003,2933,2850],"support_tag":[],"coauthors":[2843],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>User Group Elevated Permissions via JumpCloud API - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to use the JumpCloud API to allow admins to have high-level control over the permissions that their users have across devices, while minimizing the maintenance overhead that can come with managing User Device permissions on an individual basis.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"User Group Elevated Permissions via JumpCloud API\" \/>\n<meta property=\"og:description\" content=\"Learn how to use the JumpCloud API to allow admins to have high-level control over the permissions that their users have across devices, while minimizing the maintenance overhead that can come with managing User Device permissions on an individual basis.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-05T17:10:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"sashaharrington\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api\",\"url\":\"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api\",\"name\":\"User Group Elevated Permissions via JumpCloud API - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-05-19T17:49:00+00:00\",\"dateModified\":\"2023-06-05T17:10:39+00:00\",\"description\":\"Learn how to use the JumpCloud API to allow admins to have high-level control over the permissions that their users have across devices, while minimizing the maintenance overhead that can come with managing User Device permissions on an individual basis.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"User Group Elevated Permissions via JumpCloud API\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"User Group Elevated Permissions via JumpCloud API - JumpCloud","description":"Learn how to use the JumpCloud API to allow admins to have high-level control over the permissions that their users have across devices, while minimizing the maintenance overhead that can come with managing User Device permissions on an individual basis.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api","og_locale":"en_US","og_type":"article","og_title":"User Group Elevated Permissions via JumpCloud API","og_description":"Learn how to use the JumpCloud API to allow admins to have high-level control over the permissions that their users have across devices, while minimizing the maintenance overhead that can come with managing User Device permissions on an individual basis.","og_url":"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api","og_site_name":"JumpCloud","article_modified_time":"2023-06-05T17:10:39+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes","Written by":"sashaharrington"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api","url":"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api","name":"User Group Elevated Permissions via JumpCloud API - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-05-19T17:49:00+00:00","dateModified":"2023-06-05T17:10:39+00:00","description":"Learn how to use the JumpCloud API to allow admins to have high-level control over the permissions that their users have across devices, while minimizing the maintenance overhead that can come with managing User Device permissions on an individual basis.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/user-group-elevated-permissions-via-api#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"User Group Elevated Permissions via JumpCloud API"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76672"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/207"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76672\/revisions"}],"predecessor-version":[{"id":87318,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76672\/revisions\/87318"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=76672"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=76672"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=76672"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=76672"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}