--- title: Create User Role Assignment description: You can manage the roles assigned to specific users. When you assign a role to a user, you provide the attribute values required to identify the role and designate the role assignment scope for this user. component: pingone-api page_id: pingone-api:platform:users/user-role-assignments/create-user-role-assignment canonical_url: https://developer.pingidentity.com/pingone-api/platform/users/user-role-assignments/create-user-role-assignment.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create User Role Assignment ## ```none POST {{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments ``` You can manage the roles assigned to specific users. When you assign a role to a user, you provide the attribute values required to identify the role and designate the role assignment scope for this user. The sample shows the `POST {{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments` operation to create the role assignment for the user in the specified environment resource. The request URL identifies the environment ID and user ID. The request body specifies the `role.id` and the `scope` attribute values. Refer to [Roles](../../roles.html) for the types of roles available, and how to get the associated role IDs. For example, if you want to assign an admin user one or more of PingOne's built-in admin roles, call [Read All Built-in Admin Roles](../../roles/predefined-roles/read-all-roles.html), and search the response for the [Built-in Admin Role](../../roles/predefined-roles.html#built-in-admin-roles) you want to assign. The `scope` attribute provides the resource ID and resource type to designate the role assignment scope associated with this actor. In this sample, the scope `type` is `ENVIRONMENT` and the specific environment to which the role assignment scope applies is specified in `{{envID}}`. When `scope.type` is `POPULATION`, the maximum number of roles you can assign is 250. ### Prerequisites * Refer to [User Operations](../users-1.html) and [User Role Assignments](../user-role-assignments.html) for important overview information. * Create a user to get a `userID`. Refer to [Create User](../users-1/create-user.html). Run [Read User or Users](../users-1/read-all-users.html) to find an existing user. * Run [Read User by ID](../users-1/read-one-user.html) to find a `roleID`. > **Collapse: Request Model** > > | Property | Type | Required? | > | ------------ | ------ | --------- | > | `role.id` | String | Required | > | `scope.id` | String | Required | > | `scope.type` | String | Required | > > Refer to the [Users role assignments data model](../user-role-assignments.html#users-role-assignments-data-model) for full property descriptions. ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "role": { "id": "{{roleID}}" }, "scope": { "id": "{{envID}}", "type": "ENVIRONMENT" } } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "role": { "id": "{{roleID}}" }, "scope": { "id": "{{envID}}", "type": "ENVIRONMENT" } }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""role"": {" + "\n" + @" ""id"": ""{{roleID}}""" + "\n" + @" }," + "\n" + @" ""scope"": {" + "\n" + @" ""id"": ""{{envID}}""," + "\n" + @" ""type"": ""ENVIRONMENT""" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments" method := "POST" payload := strings.NewReader(`{ "role": { "id": "{{roleID}}" }, "scope": { "id": "{{envID}}", "type": "ENVIRONMENT" } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/users/{{userID}}/roleAssignments HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "role": { "id": "{{roleID}}" }, "scope": { "id": "{{envID}}", "type": "ENVIRONMENT" } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"role\": {\n \"id\": \"{{roleID}}\"\n },\n \"scope\": {\n \"id\": \"{{envID}}\",\n \"type\": \"ENVIRONMENT\"\n }\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "role": { "id": "{{roleID}}" }, "scope": { "id": "{{envID}}", "type": "ENVIRONMENT" } }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "role": { "id": "{{roleID}}" }, "scope": { "id": "{{envID}}", "type": "ENVIRONMENT" } }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments" payload = json.dumps({ "role": { "id": "{{roleID}}" }, "scope": { "id": "{{envID}}", "type": "ENVIRONMENT" } }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "role": {\n "id": "{{roleID}}"\n },\n "scope": {\n "id": "{{envID}}",\n "type": "ENVIRONMENT"\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "role": { "id": "{{roleID}}" }, "scope": { "id": "{{envID}}", "type": "ENVIRONMENT" } }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"role\": {\n \"id\": \"{{roleID}}\"\n },\n \"scope\": {\n \"id\": \"{{envID}}\",\n \"type\": \"ENVIRONMENT\"\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/roleAssignments")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8ce55f02-2077-4493-9a6d-0385df1f0772/roleAssignments/d9b890bc-e8a8-4fd4-8650-a39c046fe5aa" }, "user": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8ce55f02-2077-4493-9a6d-0385df1f0772" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" } }, "id": "d9b890bc-e8a8-4fd4-8650-a39c046fe5aa", "scope": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6", "type": "ENVIRONMENT" }, "role": { "id": "0bd9c966-7664-4ac1-b059-0ff9293908e2" }, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "readOnly": false, "user": { "id": "8ce55f02-2077-4493-9a6d-0385df1f0772" } } ```