groups
Creates, updates, deletes, gets or lists a groups resource.
Overview
| Name | groups |
| Type | Resource |
| Id | cloudflare.iam.groups |
Fields
The following fields are returned by SELECT queries:
- get
- list
Get SCIM Group response
| Name | Datatype | Description |
|---|---|---|
contents | string |
List SCIM Groups response
| Name | Datatype | Description |
|---|---|---|
contents | string |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | account_id, group_id | Retrieves a single SCIM Group resource by group ID. | |
list | select | account_id | startIndex, count, filter | Lists SCIM Group resources for the account. Returns both system groups (backed by Cloudflare permission groups, prefixed cloudflare-v1-) and custom user groups. Supports filtering by displayName using SCIM filter syntax. |
scim_groups_create | insert | account_id, displayName | Creates a new SCIM Group (user group) for the account. The displayName must not be empty and must not begin with CF (reserved for system groups). | |
scim_groups_patch | update | account_id, group_id, schemas, Operations | Partially updates a SCIM Group via PATCH operations (RFC 7644 Section 3.5.2). Supports add, remove, and replace operations on members, displayName, and externalId. For system groups (prefixed cloudflare-v1-), only member management operations are supported. | |
scim_groups_delete | delete | account_id, group_id | Deletes a SCIM Group (custom user groups only). System groups backed by Cloudflare permission groups cannot be deleted via SCIM. Returns 204 No Content on success. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
group_id | string | The Access group ID. |
count | integer | |
filter | string | |
startIndex | integer |
SELECT examples
- get
- list
Retrieves a single SCIM Group resource by group ID.
SELECT
contents
FROM cloudflare.iam.groups
WHERE account_id = '{{ account_id }}' -- required
AND group_id = '{{ group_id }}' -- required
;
Lists SCIM Group resources for the account. Returns both system groups (backed by Cloudflare permission groups, prefixed cloudflare-v1-) and custom user groups. Supports filtering by displayName using SCIM filter syntax.
SELECT
contents
FROM cloudflare.iam.groups
WHERE account_id = '{{ account_id }}' -- required
AND startIndex = '{{ startIndex }}'
AND count = '{{ count }}'
AND filter = '{{ filter }}'
;
INSERT examples
- scim_groups_create
- Manifest
Creates a new SCIM Group (user group) for the account. The displayName must not be empty and must not begin with CF (reserved for system groups).
INSERT INTO cloudflare.iam.groups (
displayName,
externalId,
account_id
)
SELECT
'{{ displayName }}' /* required */,
'{{ externalId }}',
'{{ account_id }}'
;
# Description fields are for documentation purposes
- name: groups
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the groups resource.
- name: displayName
value: "{{ displayName }}"
description: |
A human-readable name for the Group. REQUIRED. Must not start with `CF` (reserved prefix for Cloudflare-managed virtual groups).
- name: externalId
value: "{{ externalId }}"
description: |
Identifier for the Group as defined by the provisioning client (IdP).
UPDATE examples
- scim_groups_patch
Partially updates a SCIM Group via PATCH operations (RFC 7644 Section 3.5.2). Supports add, remove, and replace operations on members, displayName, and externalId. For system groups (prefixed cloudflare-v1-), only member management operations are supported.
UPDATE cloudflare.iam.groups
SET
Operations = '{{ Operations }}',
schemas = '{{ schemas }}'
WHERE
account_id = '{{ account_id }}' --required
AND group_id = '{{ group_id }}' --required
AND schemas = '{{ schemas }}' --required
AND Operations = '{{ Operations }}' --required
RETURNING
contents;
DELETE examples
- scim_groups_delete
Deletes a SCIM Group (custom user groups only). System groups backed by Cloudflare permission groups cannot be deleted via SCIM. Returns 204 No Content on success.
DELETE FROM cloudflare.iam.groups
WHERE account_id = '{{ account_id }}' --required
AND group_id = '{{ group_id }}' --required
;