Hi, I have a question regarding user access.
We are trying to determine how to retrieve a list of all users who have access to a specific group, including its subgroups.
From our understanding, access is managed via inventory roles assigned to managed objects. However, we could not find a direct API or recommended approach to efficiently list all users who have access to a given group.
Could you please advise:
- Is there an official or recommended way (API or query) to retrieve all users with access to a specific group/subgroup?
- Is there any endpoint that directly supports this use case?
- What would be the best practice for implementing this?
We do this via Single sign-on with Azure/AD groups. There’s a way, I forget how, to see what rights an AD group has. From there it’s easy to query AD and see who the members are.
Thank you for your response, in our case, we are not using Single Sign-On
I fear this is currently not supported. It is a known limitation and it might be addressed in the future by providing a service that supports such requests.
If you haven’t done so already, I’d suggest entering an enhancement request. Cumulocity does a really good job reading those and responding to them. Unlike other request portals, I actually see what Cumulocity’s response is to my suggestions! 
It’s already on our “list” and discussed internally. There is a new feature specified and discussed already supporting this.
I added this thread to the issue, pointing out that there is interest in this feature so it will be potentially prioritized for implementation.
So if you want, you can still create a feature request but it is not necessarily needed for this feature.