> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dados.rio/llms.txt
> Use this file to discover all available pages before exploring further.

# Add member to group

> Add a user to a group with automatic user creation and authorization checks.

**Authorization**: Users can add members to groups they have permission to manage.
Permissions are checked via Cerbos policies.

**Auto-Creation**: If the user being added doesn't exist in the system, they will
be automatically created with their CPF as the identifier.

**Member Identification**: Users are identified by their CPF (Brazilian tax ID),
which serves as the unique subject identifier.

**Use Cases**:
- Add team members to project groups
- Grant users access to specific resources
- Administrative user management
- Bulk user provisioning workflows

**Role Inheritance**: Users automatically inherit all roles assigned to groups
they're members of.



## OpenAPI

````yaml https://raw.githubusercontent.com/prefeitura-rio/heimdall/main/docs/api/openapi.json post /api/v1/groups/{group_name}/members
openapi: 3.1.0
info:
  title: Heimdall Admin Service
  description: >-
    # Heimdall Admin Service API


    A comprehensive admin service for user and group management with
    authorization powered by Cerbos.


    ## Features


    - **User Management**: Automatic user creation from JWT tokens with
    role-based access control

    - **Group Management**: Create, manage, and assign users to groups with
    hierarchical permissions

    - **Role Management**: Define and assign roles to users and groups

    - **Mapping Management**: Configure API endpoint to action mappings for
    authorization

    - **Action Management**: Define available actions for fine-grained
    permission control

    - **Cerbos Integration**: Policy-based authorization with external Cerbos
    service

    - **Audit Logging**: Comprehensive audit trail for all administrative
    operations

    - **Redis Caching**: High-performance caching for frequently accessed data
  version: 1.0.0
servers:
  - url: https://services.pref.rio/heimdall-admin
    description: Production server
  - url: https://services.staging.app.dados.rio/heimdall-admin
    description: Staging server
security: []
tags:
  - name: health
    description: Service health and readiness checks
  - name: users
    description: >-
      User management operations. Users are automatically created from JWT
      tokens.
  - name: groups
    description: >-
      Group management operations. Groups organize users and can have roles
      assigned.
  - name: memberships
    description: Group membership management. Assign and remove users from groups.
  - name: roles
    description: >-
      Role management operations. Roles define permissions that can be assigned
      to users or groups.
  - name: actions
    description: >-
      Action management operations. Actions define the granular permissions
      available in the system.
  - name: mappings
    description: >-
      API endpoint to action mapping configuration. Maps HTTP endpoints to
      authorization actions.
paths:
  /api/v1/groups/{group_name}/members:
    post:
      tags:
        - memberships
      summary: Add member to group
      description: >-
        Add a user to a group with automatic user creation and authorization
        checks.


        **Authorization**: Users can add members to groups they have permission
        to manage.

        Permissions are checked via Cerbos policies.


        **Auto-Creation**: If the user being added doesn't exist in the system,
        they will

        be automatically created with their CPF as the identifier.


        **Member Identification**: Users are identified by their CPF (Brazilian
        tax ID),

        which serves as the unique subject identifier.


        **Use Cases**:

        - Add team members to project groups

        - Grant users access to specific resources

        - Administrative user management

        - Bulk user provisioning workflows


        **Role Inheritance**: Users automatically inherit all roles assigned to
        groups

        they're members of.
      operationId: add_member_to_group_api_v1_groups__group_name__members_post
      parameters:
        - name: group_name
          in: path
          required: true
          schema:
            type: string
            title: Group Name
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AddMemberRequest'
      responses:
        '200':
          description: Member added to group successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MembershipResponse'
              example:
                status: member_added
                group: engineering_team:backend
                subject: '12345678901'
        '400':
          description: Bad request - Invalid CPF format or user already in group
          content:
            application/json:
              example:
                detail: User is already a member of this group
        '401':
          description: Unauthorized - Invalid or missing JWT token
          content:
            application/json:
              example:
                detail: Could not validate credentials
        '403':
          description: Forbidden - Insufficient permissions to add members to this group
          content:
            application/json:
              example:
                detail: >-
                  Permission denied to add member to group
                  'engineering_team:backend'
        '404':
          description: Group not found
          content:
            application/json:
              example:
                detail: Group 'unknown-group' not found
        '422':
          description: Validation error - Invalid CPF format
          content:
            application/json:
              example:
                detail: Validation error
                errors:
                  - loc:
                      - body
                      - subject
                    msg: string does not match regex
                    type: value_error.regex
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                detail: 'Failed to add member: Database connection error'
      security:
        - HTTPBearer: []
components:
  schemas:
    AddMemberRequest:
      properties:
        subject:
          type: string
          pattern: ^[0-9]{11}$
          title: Subject
          description: User's CPF (Brazilian tax ID) to add to the group
          example: '12345678901'
      type: object
      required:
        - subject
      title: AddMemberRequest
      description: Request model for adding a member to a group.
      example:
        subject: '12345678901'
    MembershipResponse:
      properties:
        status:
          type: string
          title: Status
          description: Status of the membership operation
          example: member_added
        group:
          type: string
          title: Group
          description: Name of the group
          example: engineering_team:backend
        subject:
          type: string
          title: Subject
          description: CPF of the user involved in the operation
          example: '12345678901'
      type: object
      required:
        - status
        - group
        - subject
      title: MembershipResponse
      description: Response model for membership operations.
      example:
        group: engineering_team:backend
        status: member_added
        subject: '12345678901'
  securitySchemes:
    HTTPBearer:
      type: http
      scheme: bearer

````