Create Application Role Assignments
POST {{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignmentsYou can manage the roles assigned to specific applications. When you assign a role to an application, you provide the attribute values required to identify the role and designate the role assignment scope for this application.
Use the POST {{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments operation to create the role assignment for the application in the specified environment resource.
The request URL identifies the environment ID and application ID. The request body specifies the role ID and the scope attribute values. The scope attribute provides the resource ID and resource type to designate the role assignment scope associated with this application. In this sample, the scope type is ORGANIZATION and the specific organization to which the role assignment scope applies is specified in the id value.
Prerequisites
-
Refer to Application Role Assignments for important overview information.
-
Create an application to get an
appID. Refer to Application Operations. -
Read all roles to get a
roleID. Refer to Read All Built-in Admin Roles.
Request Model
Refer to the Applications role assignments data model for complete descriptions.
| Property | Type | Required? |
|---|---|---|
|
Boolean |
Optional |
|
String |
Required |
|
String |
Required |
|
String |
Required |
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""role"": {" + "\n" +
@" ""id"": ""{{roleID}}""" + "\n" +
@" }," + "\n" +
@" ""scope"": {" + "\n" +
@" ""id"": ""{{orgID}}""," + "\n" +
@" ""type"": ""ORGANIZATION""" + "\n" +
@" }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments"
method := "POST"
payload := strings.NewReader(`{
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/applications/{{appID}}/roleAssignments HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"role\": {\n \"id\": \"{{roleID}}\"\n },\n \"scope\": {\n \"id\": \"{{orgID}}\",\n \"type\": \"ORGANIZATION\"\n }\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments"
payload = json.dumps({
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "role": {\n "id": "{{roleID}}"\n },\n "scope": {\n "id": "{{orgID}}",\n "type": "ORGANIZATION"\n }\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"role\": {\n \"id\": \"{{roleID}}\"\n },\n \"scope\": {\n \"id\": \"{{orgID}}\",\n \"type\": \"ORGANIZATION\"\n }\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/roleAssignments")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/47feeb48-9c5a-42c3-9a1f-8a87313eb279/roleAssignments/1e75ff7c-12a9-4727-a5a6-e58ad21bb104"
},
"application": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/47feeb48-9c5a-42c3-9a1f-8a87313eb279"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
}
},
"id": "1e75ff7c-12a9-4727-a5a6-e58ad21bb104",
"scope": {
"id": "ba8d2258-ec3f-4129-bc56-ed624558dd0e",
"type": "ORGANIZATION"
},
"role": {
"id": "1813bc13-8d13-4e88-a825-d40bfe82777b"
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"readOnly": false,
"application": {
"id": "47feeb48-9c5a-42c3-9a1f-8a87313eb279"
}
}