---
title: Group Role Assignments
description: The Group Role Assignment service allows you to assign administrative roles to a group of users, rather than having to assign roles to each user individually.
component: pingone-api
page_id: pingone-api:platform:group-role-assignments/group-role-assignments
canonical_url: https://developer.pingidentity.com/pingone-api/platform/group-role-assignments/group-role-assignments.html
section_ids:
  group-role-assignment-data-model: Group Role Assignment data model
---

# Group Role Assignments

The Group Role Assignment service allows you to assign administrative roles to a group of users, rather than having to assign roles to each user individually.

For more information about user groups, refer to [Groups](../groups.html).

For more information about administrative roles, refer to [Roles](../roles.html).

|   |                                                                        |
| - | ---------------------------------------------------------------------- |
|   | An admin can only assign a role to a group if the admin has that role. |

Role assignment scopes can be:

* Organization

* Environment

* Population

* Application

## Group Role Assignment data model

| Property         | Type    | Required? | Mutable?  | Description                                                                                                                                                                                                                                        |
| ---------------- | ------- | --------- | --------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `environment.id` | String  | N/A       | Read-only | The UUID of the environment to which this group belongs.                                                                                                                                                                                           |
| `group.id`       | String  | Required  | Mutable   | The UUID of the user group.                                                                                                                                                                                                                        |
| `readOnly`       | Boolean | Required  | Mutable   | Whether the admin roles have write permissions appropriate to their roles.                                                                                                                                                                         |
| `role.id`        | String  | Required  | Immutable | The UUID of the role assigned to a group.                                                                                                                                                                                                          |
| `scope.id`       | String  | Required  | Immutable | The role assignment scope ID. When this is an application ID, because an application ID is guarenteed to be globally unique (across all environments), the application ID here eliminates the need to also specify the application environment ID. |
| `scope.type`     | String  | Required  | Mutable   | The type of resource defining the scope of the Role assignment. Options are `ORGANIZATION`, `ENVIRONMENT`, and `POPULATION`, `APPLICATION`.                                                                                                        |