After retrieving all the platform role IDs from the GET /roles request, you can use the POST /environments/{{envID}}/users/{{userID}}/roleAssignments operation to assign the Environment Admin role to the new user (actor). The request URL specifies the actor’s environment ID, actor type, and actor ID.

In the request body, the role attribute specifies the ID of the role assigned to the actor. In this case, the assigned role is the Environment Admin role. The scope attribute provides the resource ID and resource type to designate the role assignment scope associated with this actor. In this case, the role type is ENVIRONMENT and the id attribute specifies the ID of the scope resource.

To assign this actor the Identity Data Admin role so that the new administrator can add and manage user resources within the scope of this environment, you can perform the same operation, but in this request you specify the ID for the Identity Data Admin role. The scope attribute is exactly the same.