Assign Users to Application Roles or Granular Roles

Assigns users to application roles or granular roles using either a CSV file upload (v1) or request payload (v2). These APIs can be used to assign users, including the user executing the API, to application roles or to assign granular roles to users..

To assign a user to a granular role, the user must already be assigned to the required application role.

Both APIs provide details about successful and failed assignments, including failure reasons and counts of passed and failed records.

The v1 API requires an ANSI or UTF-8 encoded CSV file containing user information. Role names that contain spaces must be enclosed in double quotation marks in the CSV file. Before running the API, the file must be uploaded to the environment using the Upload REST API, and the file should be deleted after the API executes. The v1 API is asynchronous and returns a Job ID that can be used to monitor the status of the role assignment operation.

Use double quotation marks to enclose role names that contain space characters in the CSV file. Before using this API, use the Upload REST API to upload files to the environment. The file should be deleted after the API executes.

The v2 API accepts all parameters directly in the request payload. This topic describes the simplified v2 version of the REST API. This version does not require URL encoding while calling the REST APIs, which makes the v2 API easier to use. The v2 API is synchronous and returns the outcome of the operation directly in the response.

In v1, a response status of -1 indicates that the assignment process is still in progress. Any non-zero status value indicates failure of assigning users to roles.

Required Roles

For application roles:

Service Administrator, or Identity Domain Administrator and any application role (Power User, User, or Viewer)

For granular roles:

Service Administrator or any application role and the Access Control - Manage granular role