group query

  • Updated on Jan 30, 2026
  • Published on Jan 28, 2026
  • 2 minute(s) read
Prev Next

This command queries providers and the user database for a group. A provider query can be aggregated across providers to yield a merged result or it can be provider-specific.

You can also use this command to attach S3 identity policies to groups and to remove S3 identity policies from groups.

Usage for Retrieving a Group
group query {--gid GID | --groupname GROUPNAME | --sid SID | --vaid VID}
            [--context local|udb|ad|ldap|nis|aggregated]
            [--tenant-id ID]
Usage for Setting S3 Permissions
group query {--gid GID | --groupname GROUPNAME | --sid SID | --vaid VID}
            [--identity-policies-ids [IDs]]
            [--tenant-id ID]
Required Parameters

--gid GID

Identifies a group by POSIX (NFS) group ID.

--groupname GROUPNAME

identifies a group by group name.

--sid SID

Identifies a group by Security Identifier (SID).

--vaid VID

Identifies a group by VAST ID.

Options

--context local|udb|ad|ldap|nis|aggregated

Specify one of the following contexts:

  • local. Restricts the search to local provider groups.

  • udb. Searches the UDB for the group. The output in this case includes the VAID (VAST ID) for the group, which can be used to specify the group as a grantee in S3 ACLs.

  • aggregated (default). Searches all providers and returns a merged entry. In case of conflicts between providers, attributes are resolved according to the following rules:

    • In case of conflict between local and non local providers, the local provider's attributes override those of the other providers.

    • In case of conflicting POSIX attributes on external providers, the POSIX primary provider overrules the other external provider.

    • Groups are merged if they match according to a non-configurable group name attribute.

  • ad, nis or ldap. Searches the specific provider only. (Each of these options appears only if a provider of that type is connected to the cluster.)

--identity-policies-ids [IDS]

Assigns one or more S3 identity policies to the group.

Specify IDs as a comma-separated list of S3 identity policy IDs.

Each time you run the command with this option, the list overrides the entire previous list of S3 identity policies that were attached to the group. To remove a policy from a group, specify a list that does not include the policy you wish to remove. To remove all policies from the group, do not specify a list of IDs.

--tenant-id ID

Specify the ID of the tenant with which the group is associated.

Example
vcli: admin> group query --gid 1000
+-----------------+----------------------------------------------+
| gid             | 1000                                         |
| sid             | S-1-5-21-927172180-3694312366-24219317-41086 |
| name            | group_gid_1000                               |
| provider_type   | NONE                                         |
| s3_policies     | []                                           |
| s3_policies_ids | []                                           |
+-----------------+----------------------------------------------+
Related articles
  • group query
    VAST Cluster > Version 5.1 > VAST Cluster 5.1 CLI Command Reference > group commands
  • group query
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 CLI Command Reference > group commands
  • group query
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 CLI Command Reference > group commands