Application Role Assignments

The role assignments endpoint implements functions to create, read, and delete the role assignments associated with applications resources. For more information about roles and the permissions associated with each role, refer to Roles.

Role assignments are defined by the role itself, and at a more granular level by the scope attribute associated with the role assignment. The role assignment scope identifies the type of platform resource that defines the scope, and the id of the specific resource to which the scope applies. The following sample shows the scope attribute, which includes the resource type and id attributes. In this case, the scope is restricted to the environment resource identified by its id.

{
  "scope": {
   "id": "d928aa51-c194-4333-9cf5-0fd0c9b7d62f",
   "type": "ENVIRONMENT"
   }
}

Role assignment scopes can be:

Organization
Environment
Population
Application

Applications role assignments data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`application.id`	String	Required	Read only	The application resource ID associated with the role assignment.
`environment.id`	String	Required	Read only	The environment associated with the application role assignment.
`id`	String	Required	Read only	The application role assignment ID.
`readOnly`	Boolean	Optional	Mutable	Indicates whether this role assignment can be deleted by the current actor. Varies depending on the actor accessing the role assignment and is only `true` under the following conditions: The actor is the target, or the actor does not have the role (or a role that can assign the role) for the scope or an ancestor of the scope.
`role.id`	String	Required	Mutable	The role ID.
`scope.id`	String	Required	Mutable	The role assignment scope ID. When this is an application ID, because an application ID is guaranteed to be globally unique (across all environments), the application ID here eliminates the need to also specify the application environment ID.
`scope.type`	String	Required	Mutable	The type of resource defining the scope of the Role assignment. Options are `ORGANIZATION`, `ENVIRONMENT`, and `POPULATION`, `APPLICATION`.

application.id

String

Required

Read only

The application resource ID associated with the role assignment.

environment.id

String

Required

Read only

The environment associated with the application role assignment.

id

String

Required

Read only

The application role assignment ID.

readOnly

Boolean

Optional

Mutable

Indicates whether this role assignment can be deleted by the current actor. Varies depending on the actor accessing the role assignment and is only true under the following conditions: The actor is the target, or the actor does not have the role (or a role that can assign the role) for the scope or an ancestor of the scope.

role.id

String

Required

Mutable

The role ID.

scope.id

String

Required

Mutable

The role assignment scope ID. When this is an application ID, because an application ID is guaranteed to be globally unique (across all environments), the application ID here eliminates the need to also specify the application environment ID.

scope.type

String

Required

Mutable

The type of resource defining the scope of the Role assignment. Options are ORGANIZATION, ENVIRONMENT, and POPULATION, APPLICATION.

Response codes

The /environments/{{envID}}/applications/{{appID}}/roleAssignments endpoint returns a 404 NOT FOUND on GET, POST, PUT, and DELETE operations if the application’s type property is not set to WORKER.

Code	Message
200	Successful operation.
201	Successfully created.
204	Successfully removed. No content.
400	The request could not be completed.
401	You do not have access to this resource.
404	The requested resource was not found.

PingOne Platform APIs

Application Role Assignments

Applications role assignments data model

Response codes