--- title: Application Role Assignments description: The role assignments endpoint implements functions to create, read, and delete the role assignments associated with applications resources. For more information about roles and the permissions associated with each role, refer to Roles. component: pingone-api page_id: pingone-api:platform:applications/application-role-assignments canonical_url: https://developer.pingidentity.com/pingone-api/platform/applications/application-role-assignments.html section_ids: applications-role-assignment-data-model: Applications role assignments data model response-codes: Response codes --- # Application Role Assignments The role assignments endpoint implements functions to create, read, and delete the role assignments associated with applications resources. For more information about roles and the permissions associated with each role, refer to [Roles](../roles.html). Role assignments are defined by the role itself, and at a more granular level by the `scope` attribute associated with the role assignment. The role assignment scope identifies the type of platform resource that defines the scope, and the `id` of the specific resource to which the scope applies. The following sample shows the `scope` attribute, which includes the resource `type` and `id` attributes. In this case, the scope is restricted to the environment resource identified by its `id`. ```json { "scope": { "id": "d928aa51-c194-4333-9cf5-0fd0c9b7d62f", "type": "ENVIRONMENT" } } ``` Role assignment scopes can be: * Organization * Environment * Population * Application ## Applications role assignments data model | Property | Type | Required? | Mutable? | Description | | ---------------- | ------- | --------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `application.id` | String | Required | Read only | The application resource ID associated with the role assignment. | | `environment.id` | String | Required | Read only | The environment associated with the application role assignment. | | `id` | String | Required | Read only | The application role assignment ID. | | `readOnly` | Boolean | Optional | Mutable | Indicates whether this role assignment can be deleted by the current actor. Varies depending on the actor accessing the role assignment and is only `true` under the following conditions: The actor is the target, or the actor does not have the role (or a role that can assign the role) for the scope or an ancestor of the scope. | | `role.id` | String | Required | Mutable | The role ID. | | `scope.id` | String | Required | Mutable | The role assignment scope ID. When this is an application ID, because an application ID is guaranteed to be globally unique (across all environments), the application ID here eliminates the need to also specify the application environment ID. | | `scope.type` | String | Required | Mutable | The type of resource defining the scope of the Role assignment. Options are `ORGANIZATION`, `ENVIRONMENT`, and `POPULATION`, `APPLICATION`. | ## Response codes | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The `/environments/{{envID}}/applications/{{appID}}/roleAssignments` endpoint returns a `404 NOT FOUND` on `GET`, `POST`, `PUT`, and `DELETE` operations if the application's `type` property is not set to `WORKER`. | | Code | Message | | ---- | ---------------------------------------- | | 200 | Successful operation. | | 201 | Successfully created. | | 204 | Successfully removed. No content. | | 400 | The request could not be completed. | | 401 | You do not have access to this resource. | | 404 | The requested resource was not found. | > **Collapse: Related topics** > > * [Administrator permissions and role assignments](../../foundations/pingone-roles-scopes-and-permissions/administrator-permissions-and-role-assignments.html)