Sonatype · Capability

Sonatype Lifecycle Public REST API — Role Memberships

Sonatype Lifecycle Public REST API — Role Memberships. 10 operations. Lead operation: Role Memberships. Self-contained Naftiko capability covering one Sonatype business surface.

Run with Naftiko SonatypeRole Memberships

What You Can Do

GET
Getrolemembershipsglobalorrepositorycontainer — Use this method to retrieve all users and roles globally or for all repositories.
/v1/api/v2/rolememberships/{ownertype}
PUT
Setbulkrolemembersglobalorrepositorycontainer — Use this method to set all members for a specific role in the global or repository container context. This operation atomically replaces all existing members for the role with the provided list.
/v1/api/v2/rolememberships/{ownertype}/role/{roleid}/members
DELETE
Revokerolemembershipglobalorrepositorycontainer — Use this method to revoke roles globally or on all repositories.
/v1/api/v2/rolememberships/{ownertype}/role/{roleid}/{membertype}/{membername}
PUT
Grantrolemembershipglobalorrepositorycontainer — Use this method to grant a role to a user or user group globally or on all repositories.
/v1/api/v2/rolememberships/{ownertype}/role/{roleid}/{membertype}/{membername}
GET
Getbulkrolemembershipsglobalorrepositorycontainer — Use this method to retrieve all role memberships for global or repository container context with full details including role names, descriptions, and member information.
/v1/api/v2/rolememberships/{ownertype}/roles
GET
Getrolemembershipsapplicationororganization — Use this method to retrieve the users, user groups and the corresponding role Ids.
/v1/api/v2/rolememberships/{ownertype}/{internalownerid}
PUT
Setbulkrolemembersnonglobal — Use this method to set all members for a specific role. This operation atomically replaces all existing members for the role with the provided list.
/v1/api/v2/rolememberships/{ownertype}/{internalownerid}/role/{roleid}/members
DELETE
Revokerolemembershipapplicationororganization — Use this method to revoke a role from a user or user group, on a specific application or organization.
/v1/api/v2/rolememberships/{ownertype}/{internalownerid}/role/{roleid}/{membertype}/{membername}
PUT
Grantrolemembershipapplicationororganization — Use this method to grant a role to a user or user group for the specified application or organization.
/v1/api/v2/rolememberships/{ownertype}/{internalownerid}/role/{roleid}/{membertype}/{membername}
GET
Getbulkrolemembershipsnonglobal — Use this method to retrieve all role memberships with full details including role names, descriptions, and member information organized by owner (for inheritance display).
/v1/api/v2/rolememberships/{ownertype}/{internalownerid}/roles

MCP Tools

use-this-method-retrieve-all

Use this method to retrieve all users and roles globally or for all repositories.

read-only idempotent
use-this-method-set-all

Use this method to set all members for a specific role in the global or repository container context. This operation atomically replaces all existing members for the role with the provided list.

idempotent
use-this-method-revoke-roles

Use this method to revoke roles globally or on all repositories.

idempotent
use-this-method-grant-role

Use this method to grant a role to a user or user group globally or on all repositories.

idempotent
use-this-method-retrieve-all-2

Use this method to retrieve all role memberships for global or repository container context with full details including role names, descriptions, and member information.

read-only idempotent
use-this-method-retrieve-users

Use this method to retrieve the users, user groups and the corresponding role Ids.

read-only idempotent
use-this-method-set-all-2

Use this method to set all members for a specific role. This operation atomically replaces all existing members for the role with the provided list.

idempotent
use-this-method-revoke-role

Use this method to revoke a role from a user or user group, on a specific application or organization.

idempotent
use-this-method-grant-role-2

Use this method to grant a role to a user or user group for the specified application or organization.

idempotent
use-this-method-retrieve-all-3

Use this method to retrieve all role memberships with full details including role names, descriptions, and member information organized by owner (for inheritance display).

read-only idempotent

Capability Spec

lifecycle-role-memberships.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Sonatype Lifecycle Public REST API — Role Memberships
  description: 'Sonatype Lifecycle Public REST API — Role Memberships. 10 operations. Lead operation: Role Memberships. Self-contained
    Naftiko capability covering one Sonatype business surface.'
  tags:
  - Sonatype
  - Role Memberships
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    SONATYPE_API_KEY: SONATYPE_API_KEY
capability:
  consumes:
  - type: http
    namespace: lifecycle-role-memberships
    baseUri: ''
    description: Sonatype Lifecycle Public REST API — Role Memberships business capability. Self-contained, no shared references.
    resources:
    - name: api-v2-roleMemberships-ownerType
      path: /api/v2/roleMemberships/{ownerType}
      operations:
      - name: getrolemembershipsglobalorrepositorycontainer
        method: GET
        description: Use this method to retrieve all users and roles globally or for all repositories.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the value for ownerType. Using `global` will return the users and groups who have been assigned
            the administrator role.
          required: true
    - name: api-v2-roleMemberships-ownerType-role-roleId-members
      path: /api/v2/roleMemberships/{ownerType}/role/{roleId}/members
      operations:
      - name: setbulkrolemembersglobalorrepositorycontainer
        method: PUT
        description: Use this method to set all members for a specific role in the global or repository container context.
          This operation atomically replaces all existing members for the role with the provided list.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the ownerType.
          required: true
        - name: roleId
          in: path
          type: string
          description: Enter the roleId for the role whose members should be set.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v2-roleMemberships-ownerType-role-roleId-memberType-memberName
      path: /api/v2/roleMemberships/{ownerType}/role/{roleId}/{memberType}/{memberName}
      operations:
      - name: revokerolemembershipglobalorrepositorycontainer
        method: DELETE
        description: Use this method to revoke roles globally or on all repositories.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the value for ownerType. Using `global` will revoke the administrator role.
          required: true
        - name: roleId
          in: path
          type: string
          description: Enter the roleId for the role to be revoked.
          required: true
        - name: memberType
          in: path
          type: string
          description: Enter the value for memberType, to specify a user or a user group.
          required: true
        - name: memberName
          in: path
          type: string
          description: Enter the value for memberName. This can be a username or group name depending upon the value of memberType
            above.
          required: true
      - name: grantrolemembershipglobalorrepositorycontainer
        method: PUT
        description: Use this method to grant a role to a user or user group globally or on all repositories.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the value for the ownerType for which you want to grant the role.
          required: true
        - name: roleId
          in: path
          type: string
          description: Enter the roleId for the role to be granted.
          required: true
        - name: memberType
          in: path
          type: string
          description: Enter the value for memberType, to specify a user or a user group.
          required: true
        - name: memberName
          in: path
          type: string
          description: Enter the value for memberName. This can be a username or group name depending upon the value of memberType
            above.
          required: true
    - name: api-v2-roleMemberships-ownerType-roles
      path: /api/v2/roleMemberships/{ownerType}/roles
      operations:
      - name: getbulkrolemembershipsglobalorrepositorycontainer
        method: GET
        description: Use this method to retrieve all role memberships for global or repository container context with full
          details including role names, descriptions, and member information.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the value for ownerType.
          required: true
    - name: api-v2-roleMemberships-ownerType-internalOwnerId
      path: /api/v2/roleMemberships/{ownerType}/{internalOwnerId}
      operations:
      - name: getrolemembershipsapplicationororganization
        method: GET
        description: Use this method to retrieve the users, user groups and the corresponding role Ids.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the ownerType for which you want to retrieve users and their role Ids.
          required: true
        - name: internalOwnerId
          in: path
          type: string
          description: Enter the corresponding id for the ownerType specified above.
          required: true
    - name: api-v2-roleMemberships-ownerType-internalOwnerId-role-roleId-members
      path: /api/v2/roleMemberships/{ownerType}/{internalOwnerId}/role/{roleId}/members
      operations:
      - name: setbulkrolemembersnonglobal
        method: PUT
        description: Use this method to set all members for a specific role. This operation atomically replaces all existing
          members for the role with the provided list.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the ownerType for which you want to set role members.
          required: true
        - name: internalOwnerId
          in: path
          type: string
          description: Enter the id associated with the ownerType specified above. For applications, use the public ID. For
            organizations, repositories, and repository managers, use t
          required: true
        - name: roleId
          in: path
          type: string
          description: Enter the roleId for the role whose members should be set.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v2-roleMemberships-ownerType-internalOwnerId-role-roleId-memberType-memberNa
      path: /api/v2/roleMemberships/{ownerType}/{internalOwnerId}/role/{roleId}/{memberType}/{memberName}
      operations:
      - name: revokerolemembershipapplicationororganization
        method: DELETE
        description: Use this method to revoke a role from a user or user group, on a specific application or organization.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the value for the ownerType for which you want to revoke the role. Using `global` will revoke
            the administrator role.
          required: true
        - name: internalOwnerId
          in: path
          type: string
          description: Enter the internalId associated with the ownerType specified above.
          required: true
        - name: roleId
          in: path
          type: string
          description: Enter the roleId for the role to be revoked.
          required: true
        - name: memberType
          in: path
          type: string
          description: Enter the value for memberType, to specify a user or a user group.
          required: true
        - name: memberName
          in: path
          type: string
          description: Enter the value for memberName. This can be a username or group name depending upon the value of memberType
            above.
          required: true
      - name: grantrolemembershipapplicationororganization
        method: PUT
        description: Use this method to grant a role to a user or user group for the specified application or organization.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the value for the ownerType for which you want to grant the role.
          required: true
        - name: internalOwnerId
          in: path
          type: string
          description: Enter the value for the internalId associated with the ownerType specified above.
          required: true
        - name: roleId
          in: path
          type: string
          description: Enter the roleId for the role to be granted.
          required: true
        - name: memberType
          in: path
          type: string
          description: Enter the value for memberType, to specify a user or a user group.
          required: true
        - name: memberName
          in: path
          type: string
          description: Enter the value for memberName. This can be a username or group name depending upon the value of memberType
            above.
          required: true
        - name: validateMember
          in: query
          type: boolean
          description: If true, attempts to validate if the specified user or group exists before assigning the role.
    - name: api-v2-roleMemberships-ownerType-internalOwnerId-roles
      path: /api/v2/roleMemberships/{ownerType}/{internalOwnerId}/roles
      operations:
      - name: getbulkrolemembershipsnonglobal
        method: GET
        description: Use this method to retrieve all role memberships with full details including role names, descriptions,
          and member information organized by owner (for inheritance display).
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: ownerType
          in: path
          type: string
          description: Enter the ownerType for which you want to retrieve role memberships.
          required: true
        - name: internalOwnerId
          in: path
          type: string
          description: Enter the corresponding id for the ownerType specified above. For applications, use the public ID.
            For organizations, repositories, and repository managers, use
          required: true
    authentication:
      type: bearer
      token: '{{env.SONATYPE_API_KEY}}'
  exposes:
  - type: rest
    namespace: lifecycle-role-memberships-rest
    port: 8080
    description: REST adapter for Sonatype Lifecycle Public REST API — Role Memberships. One Spectral-compliant resource per
      consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/v2/rolememberships/{ownertype}
      name: api-v2-rolememberships-ownertype
      description: REST surface for api-v2-roleMemberships-ownerType.
      operations:
      - method: GET
        name: getrolemembershipsglobalorrepositorycontainer
        description: Use this method to retrieve all users and roles globally or for all repositories.
        call: lifecycle-role-memberships.getrolemembershipsglobalorrepositorycontainer
        with:
          ownerType: rest.ownerType
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/rolememberships/{ownertype}/role/{roleid}/members
      name: api-v2-rolememberships-ownertype-role-roleid-members
      description: REST surface for api-v2-roleMemberships-ownerType-role-roleId-members.
      operations:
      - method: PUT
        name: setbulkrolemembersglobalorrepositorycontainer
        description: Use this method to set all members for a specific role in the global or repository container context.
          This operation atomically replaces all existing members for the role with the provided list.
        call: lifecycle-role-memberships.setbulkrolemembersglobalorrepositorycontainer
        with:
          ownerType: rest.ownerType
          roleId: rest.roleId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/rolememberships/{ownertype}/role/{roleid}/{membertype}/{membername}
      name: api-v2-rolememberships-ownertype-role-roleid-membertype-membername
      description: REST surface for api-v2-roleMemberships-ownerType-role-roleId-memberType-memberName.
      operations:
      - method: DELETE
        name: revokerolemembershipglobalorrepositorycontainer
        description: Use this method to revoke roles globally or on all repositories.
        call: lifecycle-role-memberships.revokerolemembershipglobalorrepositorycontainer
        with:
          ownerType: rest.ownerType
          roleId: rest.roleId
          memberType: rest.memberType
          memberName: rest.memberName
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: grantrolemembershipglobalorrepositorycontainer
        description: Use this method to grant a role to a user or user group globally or on all repositories.
        call: lifecycle-role-memberships.grantrolemembershipglobalorrepositorycontainer
        with:
          ownerType: rest.ownerType
          roleId: rest.roleId
          memberType: rest.memberType
          memberName: rest.memberName
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/rolememberships/{ownertype}/roles
      name: api-v2-rolememberships-ownertype-roles
      description: REST surface for api-v2-roleMemberships-ownerType-roles.
      operations:
      - method: GET
        name: getbulkrolemembershipsglobalorrepositorycontainer
        description: Use this method to retrieve all role memberships for global or repository container context with full
          details including role names, descriptions, and member information.
        call: lifecycle-role-memberships.getbulkrolemembershipsglobalorrepositorycontainer
        with:
          ownerType: rest.ownerType
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/rolememberships/{ownertype}/{internalownerid}
      name: api-v2-rolememberships-ownertype-internalownerid
      description: REST surface for api-v2-roleMemberships-ownerType-internalOwnerId.
      operations:
      - method: GET
        name: getrolemembershipsapplicationororganization
        description: Use this method to retrieve the users, user groups and the corresponding role Ids.
        call: lifecycle-role-memberships.getrolemembershipsapplicationororganization
        with:
          ownerType: rest.ownerType
          internalOwnerId: rest.internalOwnerId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/rolememberships/{ownertype}/{internalownerid}/role/{roleid}/members
      name: api-v2-rolememberships-ownertype-internalownerid-role-roleid-members
      description: REST surface for api-v2-roleMemberships-ownerType-internalOwnerId-role-roleId-members.
      operations:
      - method: PUT
        name: setbulkrolemembersnonglobal
        description: Use this method to set all members for a specific role. This operation atomically replaces all existing
          members for the role with the provided list.
        call: lifecycle-role-memberships.setbulkrolemembersnonglobal
        with:
          ownerType: rest.ownerType
          internalOwnerId: rest.internalOwnerId
          roleId: rest.roleId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/rolememberships/{ownertype}/{internalownerid}/role/{roleid}/{membertype}/{membername}
      name: api-v2-rolememberships-ownertype-internalownerid-role-roleid-membertype-memberna
      description: REST surface for api-v2-roleMemberships-ownerType-internalOwnerId-role-roleId-memberType-memberNa.
      operations:
      - method: DELETE
        name: revokerolemembershipapplicationororganization
        description: Use this method to revoke a role from a user or user group, on a specific application or organization.
        call: lifecycle-role-memberships.revokerolemembershipapplicationororganization
        with:
          ownerType: rest.ownerType
          internalOwnerId: rest.internalOwnerId
          roleId: rest.roleId
          memberType: rest.memberType
          memberName: rest.memberName
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: grantrolemembershipapplicationororganization
        description: Use this method to grant a role to a user or user group for the specified application or organization.
        call: lifecycle-role-memberships.grantrolemembershipapplicationororganization
        with:
          ownerType: rest.ownerType
          internalOwnerId: rest.internalOwnerId
          roleId: rest.roleId
          memberType: rest.memberType
          memberName: rest.memberName
          validateMember: rest.validateMember
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/rolememberships/{ownertype}/{internalownerid}/roles
      name: api-v2-rolememberships-ownertype-internalownerid-roles
      description: REST surface for api-v2-roleMemberships-ownerType-internalOwnerId-roles.
      operations:
      - method: GET
        name: getbulkrolemembershipsnonglobal
        description: Use this method to retrieve all role memberships with full details including role names, descriptions,
          and member information organized by owner (for inheritance display).
        call: lifecycle-role-memberships.getbulkrolemembershipsnonglobal
        with:
          ownerType: rest.ownerType
          internalOwnerId: rest.internalOwnerId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: lifecycle-role-memberships-mcp
    port: 9090
    transport: http
    description: MCP adapter for Sonatype Lifecycle Public REST API — Role Memberships. One tool per consumed operation, routed
      inline through this capability's consumes block.
    tools:
    - name: use-this-method-retrieve-all
      description: Use this method to retrieve all users and roles globally or for all repositories.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-role-memberships.getrolemembershipsglobalorrepositorycontainer
      with:
        ownerType: tools.ownerType
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-set-all
      description: Use this method to set all members for a specific role in the global or repository container context. This
        operation atomically replaces all existing members for the role with the provided list.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: lifecycle-role-memberships.setbulkrolemembersglobalorrepositorycontainer
      with:
        ownerType: tools.ownerType
        roleId: tools.roleId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-revoke-roles
      description: Use this method to revoke roles globally or on all repositories.
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: lifecycle-role-memberships.revokerolemembershipglobalorrepositorycontainer
      with:
        ownerType: tools.ownerType
        roleId: tools.roleId
        memberType: tools.memberType
        memberName: tools.memberName
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-grant-role
      description: Use this method to grant a role to a user or user group globally or on all repositories.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: lifecycle-role-memberships.grantrolemembershipglobalorrepositorycontainer
      with:
        ownerType: tools.ownerType
        roleId: tools.roleId
        memberType: tools.memberType
        memberName: tools.memberName
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-retrieve-all-2
      description: Use this method to retrieve all role memberships for global or repository container context with full details
        including role names, descriptions, and member information.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-role-memberships.getbulkrolemembershipsglobalorrepositorycontainer
      with:
        ownerType: tools.ownerType
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-retrieve-users
      description: Use this method to retrieve the users, user groups and the corresponding role Ids.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-role-memberships.getrolemembershipsapplicationororganization
      with:
        ownerType: tools.ownerType
        internalOwnerId: tools.internalOwnerId
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-set-all-2
      description: Use this method to set all members for a specific role. This operation atomically replaces all existing
        members for the role with the provided list.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: lifecycle-role-memberships.setbulkrolemembersnonglobal
      with:
        ownerType: tools.ownerType
        internalOwnerId: tools.internalOwnerId
        roleId: tools.roleId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-revoke-role
      description: Use this method to revoke a role from a user or user group, on a specific application or organization.
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: lifecycle-role-memberships.revokerolemembershipapplicationororganization
      with:
        ownerType: tools.ownerType
        internalOwnerId: tools.internalOwnerId
        roleId: tools.roleId
        memberType: tools.memberType
        memberName: tools.memberName
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-grant-role-2
      description: Use this method to grant a role to a user or user group for the specified application or organization.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: lifecycle-role-memberships.grantrolemembershipapplicationororganization
      with:
        ownerType: tools.ownerType
        internalOwnerId: tools.internalOwnerId
        roleId: tools.roleId
        memberType: tools.memberType
        memberName: tools.memberName
        validateMember: tools.validateMember
      outputParameters:
      - type: object
        mapping: $.
    - name: use-this-method-retrieve-all-3
      description: Use this method to retrieve all role memberships with full details including role names, descriptions,
        and member information organized by owner (for inheritance display).
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lifecycle-role-memberships.getbulkrolemembershipsnonglobal
      with:
        ownerType: tools.ownerType
        internalOwnerId: tools.internalOwnerId
      outputParameters:
      - type: object
        mapping: $.