Skip to main content

tcld user group command reference

The tcld user-group commands manage user groups in Temporal Cloud.

Alias: ug

add-users

The tcld user-group add-users command adds users to the specified user group in Temporal Cloud. You must set --group-id to specify the group to add users to.

Alias: au

The following flags control the behavior of the command.

--group-id (-id)

Specify the ID of the group to add users to.

--user-email (-e)

Specify the email of the user to add. This flag can be specified multiple times to add multiple users in one command

create

Creates a user group.

Alias: c

The following flags control the behavior of the command.

--display-name

The display name of the group.

--account-role

The account role that the group should have. One of admin, read, developer, owner, financeadmin, none.

--namespace-role (-nr)

Specifies a namespace role that the group should have. Can be repeated multiple times to add multiple namespace roles to the group. Value is the form of <namspaceid>-<role> where the namspace ID is the full ID of the namespace and role is one of admin, read, or write. Example: mynamespace.abc123-read adds the read role for the mynamespace.abc123 namespace.

delete

Deletes the user group.

Alias: d

The following flags control the behavior of the command.

--group-id (-id)

Specify the ID of the group to delete.

get

Gets the user group details.

Alias: g

The following flags control the behavior of the command.

--group-id (-id)

Specify the ID of the group to list.

list

List the user groups in your Temporal Cloud account.

Alias: l

The following flags control the behavior of the command.

--page-size (-s)

The number of groups to list per page. Defaults to 10.

--page-token (-p)

The page token used when paginating through result pages.

list-members

Lists all of the members of a group.

Alias: lm

The following flags control the behavior of the command.

--group-id (-id)

Specify the ID of the group to list.

remove-users

Removes one or more users as members of the group.

Alias: ru

The following flags control the behavior of the command.

--group-id (-id)

Specify the ID of the group to remove users from.

--user-email (-e)

The email address of the user to remove from the group. This flag can be specified multiple times in order to remove multiple users with one command.

set-access

This command sets the access roles that for a group. It follows the same conventions as the create command by specifying an optional account role and 0 or more namespace roles.

Alias: sa

--group-id (-id)

Specify the ID of the group to set access.

--account-role

The account role that the group should have. One of admin, read, developer, owner, financeadmin, none.

--namespace-role (-nr)

Specifies a namespace role that the group should have. Can be repeated multiple times to add multiple namespace roles to the group. Value is the form of <namspaceid>-<role> where the namspace ID is the full ID of the namespace and role is one of admin, read, or write. Example: mynamespace.abc123-read adds the read role for the mynamespace.abc123 namespace.

--append (-a)

Will append namespace roles instead of replacing all existing roles already assigned. This allows namespace roles to be added without knowing what roles are already assigned to the group.

--remove (-r)

Will remove the given namespace roles instead of replacing all existing roles already assigned. This allows namespace roles to be removed without knowing what roles are already assigned to the group.