Create User Role Assignment
POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignmentsYou can manage the roles assigned to specific users. When you assign a role to a user, you provide the attribute values required to identify the role and designate the role assignment scope for this user.
The sample shows the POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments operation to create the role assignment for the user in the specified environment resource.
The request URL identifies the environment ID and user ID. The request body specifies the role.id and the scope attribute values. Refer to Roles for the types of roles available, and how to get the associated role IDs. For example, if you want to assign an admin user one or more of PingOne’s built-in admin roles, call Read All Built-in Admin Roles, and search the response for the Built-in Admin Role you want to assign.
The scope attribute provides the resource ID and resource type to designate the role assignment scope associated with this actor. In this sample, the scope type is ENVIRONMENT and the specific environment to which the role assignment scope applies is specified in {{envID}}.
When scope.type is POPULATION, the maximum number of roles you can assign is 250.
Prerequisites
-
Refer to User Operations and User Role Assignments for important overview information.
-
Create a user to get a
userID. Refer to Create User. Run Read User or Users to find an existing user. -
Run Read User by ID to find a
roleID.
Request Model
| Property | Type | Required? |
|---|---|---|
|
String |
Required |
|
String |
Required |
|
String |
Required |
Refer to the Users role assignments data model for full property descriptions.
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{envID}}",
"type": "ENVIRONMENT"
}
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""role"": {" + "\n" +
@" ""id"": ""{{roleID}}""" + "\n" +
@" }," + "\n" +
@" ""scope"": {" + "\n" +
@" ""id"": ""{{envID}}""," + "\n" +
@" ""type"": ""ENVIRONMENT""" + "\n" +
@" }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments"
method := "POST"
payload := strings.NewReader(`{
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{envID}}",
"type": "ENVIRONMENT"
}
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/users/{{userID}}/roleAssignments HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{envID}}",
"type": "ENVIRONMENT"
}
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"role\": {\n \"id\": \"{{roleID}}\"\n },\n \"scope\": {\n \"id\": \"{{envID}}\",\n \"type\": \"ENVIRONMENT\"\n }\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{envID}}",
"type": "ENVIRONMENT"
}
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{envID}}",
"type": "ENVIRONMENT"
}
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments"
payload = json.dumps({
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{envID}}",
"type": "ENVIRONMENT"
}
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "role": {\n "id": "{{roleID}}"\n },\n "scope": {\n "id": "{{envID}}",\n "type": "ENVIRONMENT"\n }\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"role": {
"id": "{{roleID}}"
},
"scope": {
"id": "{{envID}}",
"type": "ENVIRONMENT"
}
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"role\": {\n \"id\": \"{{roleID}}\"\n },\n \"scope\": {\n \"id\": \"{{envID}}\",\n \"type\": \"ENVIRONMENT\"\n }\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8ce55f02-2077-4493-9a6d-0385df1f0772/roleAssignments/d9b890bc-e8a8-4fd4-8650-a39c046fe5aa"
},
"user": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8ce55f02-2077-4493-9a6d-0385df1f0772"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
}
},
"id": "d9b890bc-e8a8-4fd4-8650-a39c046fe5aa",
"scope": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6",
"type": "ENVIRONMENT"
},
"role": {
"id": "0bd9c966-7664-4ac1-b059-0ff9293908e2"
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"readOnly": false,
"user": {
"id": "8ce55f02-2077-4493-9a6d-0385df1f0772"
}
}