filter on protected groups

devksingh4 · devksingh4 · commit 3476631783b0 · 2025-06-29T17:08:07.000-05:00
diff --git a/src/api/routes/iam.ts b/src/api/routes/iam.ts
@@ -591,10 +591,13 @@ No action is required from you at this time.
         request.log.debug("Got manageable groups from Redis cache.");
         return reply.status(200).send(redisResponse);
       }
-      const freshData = await getServicePrincipalOwnedGroups(
-        entraIdToken,
-        fastify.environmentConfig.EntraServicePrincipalId,
-      );
+      // get groups, but don't show protected groups as manageable
+      const freshData = (
+        await getServicePrincipalOwnedGroups(
+          entraIdToken,
+          fastify.environmentConfig.EntraServicePrincipalId,
+        )
+      ).filter((x) => !genericConfig.ProtectedEntraIDGroups.includes(x.id));
       request.log.debug(
         "Got manageable groups from Entra ID, setting to cache.",
       );
