PutGroup - Amazon Q Business

PutGroup

Create, or updates, a mapping of users—who have access to a document—to groups.

You can also map sub groups to groups. For example, the group "Company Intellectual Property Teams" includes sub groups "Research" and "Engineering". These sub groups include their own list of users or people who work in these teams. Only users who work in research and engineering, and therefore belong in the intellectual property group, can see top-secret company documents in their Amazon Q Business chat results.

There are two options for creating groups, either inline or using an S3 file via the S3Path field. For inline groups, there is a limit of 1000 members and for provided S3 files there is a limit of 100 thousand members. When creating a group using an S3 file, you provide both an S3 file and a RoleArn to access the file.

Request Syntax

PUT /applications/applicationId/indices/indexId/groups HTTP/1.1 Content-type: application/json { "dataSourceId": "string", "groupMembers": { "memberGroups": [ { "groupName": "string", "type": "string" } ], "memberUsers": [ { "type": "string", "userId": "string" } ], "s3PathForGroupMembers": { "bucket": "string", "key": "string" } }, "groupName": "string", "roleArn": "string", "type": "string" }

URI Request Parameters

The request uses the following URI parameters.

applicationId

The identifier of the application in which the user and group mapping belongs.

Length Constraints: Fixed length of 36.

Pattern: [a-zA-Z0-9][a-zA-Z0-9-]{35}

Required: Yes

indexId

The identifier of the index in which you want to map users to their groups.

Length Constraints: Fixed length of 36.

Pattern: [a-zA-Z0-9][a-zA-Z0-9-]{35}

Required: Yes

Request Body

The request accepts the following data in JSON format.

dataSourceId

The identifier of the data source for which you want to map users to their groups. This is useful if a group is tied to multiple data sources, but you only want the group to access documents of a certain data source. For example, the groups "Research", "Engineering", and "Sales and Marketing" are all tied to the company's documents stored in the data sources Confluence and Salesforce. However, "Sales and Marketing" team only needs access to customer-related documents stored in Salesforce.

Type: String

Length Constraints: Fixed length of 36.

Pattern: [a-zA-Z0-9][a-zA-Z0-9-]{35}

Required: No

groupMembers

A list of users or sub groups that belong to a group. This is for generating Amazon Q Business chat results only from document a user has access to.

Type: GroupMembers object

Required: Yes

groupName

The list that contains your users or sub groups that belong the same group. For example, the group "Company" includes the user "CEO" and the sub groups "Research", "Engineering", and "Sales and Marketing".

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: \P{C}*

Required: Yes

roleArn

The Amazon Resource Name (ARN) of an IAM role that has access to the S3 file that contains your list of users that belong to a group.The Amazon Resource Name (ARN) of an IAM role that has access to the S3 file that contains your list of users that belong to a group.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 1284.

Pattern: arn:[a-z0-9-\.]{1,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[a-z0-9-\.]{0,63}:[^/].{0,1023}

Required: No

type

The type of the group.

Type: String

Valid Values: INDEX | DATASOURCE

Required: Yes

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You don't have access to perform this action. Make sure you have the required permission policies and user accounts and try again.

HTTP Status Code: 403

ConflictException

You are trying to perform an action that conflicts with the current status of your resource. Fix any inconsistencies with your resources and try again.

HTTP Status Code: 409

InternalServerException

An issue occurred with the internal server used for your Amazon Q Business service. Wait some minutes and try again, or contact Support for help.

HTTP Status Code: 500

ResourceNotFoundException

The application or plugin resource you want to use doesn’t exist. Make sure you have provided the correct resource and try again.

HTTP Status Code: 404

ServiceQuotaExceededException

You have exceeded the set limits for your Amazon Q Business service.

HTTP Status Code: 402

ThrottlingException

The request was denied due to throttling. Reduce the number of requests and try again.

HTTP Status Code: 429

ValidationException

The input doesn't meet the constraints set by the Amazon Q Business service. Provide the correct input and try again.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: