The role assignments endpoint implements functions to create, read, and delete the role assignments associated with applications resources. For more information about roles and the permissions associated with each role, see Roles.

Role assignments are defined by the role itself, and at a more granular level by the scope attribute associated with the role assignment. The role assignment scope identifies the type of platform resource that defines the scope, and the id of the specific resource to which the scope applies. The following sample shows the scope attribute, which includes the resource type and id attributes. In this case, the scope is restricted to the environment resource identified by its id.

{
  "scope": {
   "id": "d928aa51-c194-4333-9cf5-0fd0c9b7d62f",
   "type": "ENVIRONMENT"
   }
}

Role assignment scope types include:

Applications role assignments data model {#applications-role-assignment-data-model}

Property Type Required? Mutable? Description
application.id String Required Read only The application resource ID associated with the role assignment.
environment.id String Required Read only The environment associated with the application role assignment.
id String Required Read only The application role assignment ID.
readOnly Boolean Optional Mutable Indicates whether this role assignment can be deleted by the current actor.
role.id String Required Mutable The role ID.
scope.id String Required Mutable The role assignment scope ID.
scope.type String Required Mutable The type of resource defining the scope of the Role assignment. Options are ORGANIZATION, ENVIRONMENT, and POPULATION.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
401 You do not have access to this resource.
404 The requested resource was not found.