--- title: Gateway Role Assignments description: The gateway role assignments service provides functionality to assign role assignments to a gateway so that the gateway can access the PingOne services it needs. Only gateway resources with a type property value of PING_FEDERATE can have assigned built-in roles. component: pingone-api page_id: pingone-api:platform:gateway-management/gateway-role-assignments canonical_url: https://developer.pingidentity.com/pingone-api/platform/gateway-management/gateway-role-assignments.html section_ids: gateway-role-assignments-data-model: Gateway role assignments data model response-codes: Response codes --- # Gateway Role Assignments The gateway role assignments service provides functionality to assign role assignments to a gateway so that the gateway can access the PingOne services it needs. Only gateway resources with a `type` property value of `PING_FEDERATE` can have assigned built-in roles. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If the actor creating the `PING_FEDERATE` gateway has the Environment Admin, Identity Data Admin, or both roles in the environment associated with the gateway, then the gateway is given the corresponding role or roles for that environment. Otherwise, the gateway is created without any role assignments. | Use these data models and requests to manage gateway role assignments. For more information, refer to [Roles](../roles.html). Role assignment scopes can be: * Organization * Environment * Population * Application ## Gateway role assignments data model | Property | Type | Required? | Mutable? | Description | | ---------------- | ------ | --------- | --------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `gateway.id` | String | Required | Immutable | The UUID for the gateway. | | `environment.id` | String | Required | Immutable | The environment associated with the gateway. | | `id` | String | N/A | Read-only | The gateway role assignment ID. | | `role.id` | String | Required | Immutable | The role ID. | | `scope.id` | String | Required | Immutable | The role assignment scope ID. When this is an application ID, because an application ID is guarenteed to be globally unique (across all environments), the application ID here eliminates the need to also specify the application environment ID. | | `scope.type` | String | Required | Immutable | The type of resource defining the scope of the Role assignment. Options are `ORGANIZATION`, `ENVIRONMENT`, and `POPULATION`, `APPLICATION`. | ## Response codes | Code | Message | | ---- | ---------------------------------------- | | 200 | Successful operation. | | 201 | Successfully created. | | 204 | Successfully removed. No content. | | 400 | The request could not be completed. | | 401 | You do not have access to this resource. | | 404 | The requested resource was not found. |