# 7. Groups

BayunSDK provides public APIs for secure group-based data-access and basic group-management. Every group has its own secret-key that is unique for the group, and is accessible only to the members of that group. This shared group-key is used to encrypt the messages that are locked with encryption-policy of group, and also authenticate members, and control access to group resources. Since nobody other than group-members have access to the group's secret-key, only those belonging to the group will be able to access data encrypted with group-policy tied to that specific groupId.

Note that the main purpose of Groups functionality in Bayun framework is to enable enforcement of arbitrary data-access policies that are cryptographically tied to the data, and without burdening the developer with the headaches of key-management for the same. The framework provides only basic group-management functions for creating, modifying, and deleting a group in such a way that the developer can optionally create stricter access-control mechanisms for group-management if so desired, depending on the use-case at hand. For example, the Bayun framework treats every existing member of the group equally for group-management privileges, including the ability to add/remove other members, or delete the group. The developer can always build, or enforce, finer-grained group-management functionality on top of this, e.g. by introducing the notion of group-owner or group-admins with privileged access-rights etc.

## Group Types

Group type is defined when creating a new group. GroupType is an enum type and has following values:

**`PUBLIC`** : The group is public to the organization. Any employee of the organization can join this group, and hence get access to the shared group-key. The group's secret-key is kept encrypted in every member's own lockbox as well as kept encrypted with company's own secret-key, so that nobody outside the company can get access to it. An existing member, who already has access to the group-key, can add any other members to the group (even those outside the company).

**`PRIVATE`** : The group is private and accessible only to the existing members of the group. The group's secret-key is kept encrypted in every member's own lockbox only. An existing member can add anyone else to the member-list of the group, irrespective of whether they belong to the same company or not.

## Group APIs

{% content-ref url="groups/create-group" %}
[create-group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/create-group)
{% endcontent-ref %}

{% content-ref url="groups/get-my-groups" %}
[get-my-groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-my-groups)
{% endcontent-ref %}

{% content-ref url="groups/get-unjoined-public-groups" %}
[get-unjoined-public-groups](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-unjoined-public-groups)
{% endcontent-ref %}

{% content-ref url="groups/join-public-group" %}
[join-public-group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/join-public-group)
{% endcontent-ref %}

{% content-ref url="groups/get-group-by-id" %}
[get-group-by-id](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/get-group-by-id)
{% endcontent-ref %}

{% content-ref url="groups/add-group-member" %}
[add-group-member](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/add-group-member)
{% endcontent-ref %}

{% content-ref url="groups/add-group-members" %}
[add-group-members](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/add-group-members)
{% endcontent-ref %}

{% content-ref url="groups/remove-group-member" %}
[remove-group-member](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/remove-group-member)
{% endcontent-ref %}

{% content-ref url="groups/7.9-remove-group-members" %}
[7.9-remove-group-members](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/7.9-remove-group-members)
{% endcontent-ref %}

{% content-ref url="groups/7.10-remove-group-members-except-list" %}
[7.10-remove-group-members-except-list](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/7.10-remove-group-members-except-list)
{% endcontent-ref %}

{% content-ref url="groups/leave-group" %}
[leave-group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/leave-group)
{% endcontent-ref %}

{% content-ref url="groups/delete-group" %}
[delete-group](https://bayun.gitbook.io/bayuncoresdk-javascript-programming-guide/groups/delete-group)
{% endcontent-ref %}