Role Assignments

This contains APIs for CRUD on role assignments

Create Role Assignment

Creates role assignment within the specified scope.

SecurityApiKey
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:

These are details for the role assignment to create.

identifier
string
resourceGroupIdentifier
string
roleIdentifier
string
object (AuthzPrincipal)
disabled
boolean
managed
boolean
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

These are details of the created role assignment.

post/authz/api/roleassignments
Request samples
{
  • "identifier": "string",
  • "resourceGroupIdentifier": "string",
  • "roleIdentifier": "string",
  • "principal": {
    },
  • "disabled": true,
  • "managed": true
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Create Role Assignments

Create multiple role assignments in a scope. Returns all successfully created role assignments. Ignores failures and duplicates.

SecurityApiKey
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:

List of role assignments to create

required
Array of objects (RoleAssignment)
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Successfully created role assignments

post/authz/api/roleassignments/multi
Request samples
{
  • "roleAssignments": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Delete Role Assignment

Delete an existing role assignment by identifier

SecurityApiKey
Request
path Parameters
identifier
required
string

Identifier for role assignment

query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Deleted role assignment

delete/authz/api/roleassignments/{identifier}
Request samples
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List Aggregated Role Assignments by filter

List role assignments in the scope according to the given filter with added metadata

SecurityApiKey
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:

Filter role assignments based on multiple parameters.

resourceGroupFilter
Array of strings unique

Filter role assignments based on resource group identifiers

roleFilter
Array of strings unique

Filter role assignments based on role identifiers

principalTypeFilter
Array of strings unique

Filter role assignments based on principal type

Items Enum: "USER" "USER_GROUP" "SERVICE" "API_KEY" "SERVICE_ACCOUNT"
principalScopeLevelFilter
Array of strings unique

Filter role assignments based on principal scope level

Array of objects (AuthzPrincipal) unique

Filter role assignments based on principals

harnessManagedFilter
Array of booleans unique

Filter role assignments based on role assignments being harness managed

disabledFilter
Array of booleans unique

Filter role assignments based on whether they are enabled or disabled

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the scope according to the given filter with added metadata.

post/authz/api/roleassignments/aggregate
Request samples
{
  • "resourceGroupFilter": [
    ],
  • "roleFilter": [
    ],
  • "principalTypeFilter": [
    ],
  • "principalScopeLevelFilter": [
    ],
  • "principalFilter": [
    ],
  • "harnessManagedFilter": [
    ],
  • "disabledFilter": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List Role Assignments

List role assignments in the given scope

SecurityApiKey
Request
query Parameters
pageIndex
integer <int32>
Default: 0

Page Index of the results to fetch.Default Value: 0

pageSize
integer <int32> <= 100
Default: 50

Results per page(max 100)Default Value: 50

Array of objects (SortOrder)

Sort criteria for the elements.

accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the given scope

get/authz/api/roleassignments
Request samples
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List Role Assignments by filter

List role assignments in the scope according to the given filter

SecurityApiKey
Request
query Parameters
pageIndex
integer <int32>
Default: 0

Page Index of the results to fetch.Default Value: 0

pageSize
integer <int32> <= 100
Default: 50

Results per page(max 100)Default Value: 50

Array of objects (SortOrder)

Sort criteria for the elements.

accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:

Filter role assignments based on multiple parameters.

resourceGroupFilter
Array of strings unique

Filter role assignments based on resource group identifiers

roleFilter
Array of strings unique

Filter role assignments based on role identifiers

principalTypeFilter
Array of strings unique

Filter role assignments based on principal type

Items Enum: "USER" "USER_GROUP" "SERVICE" "API_KEY" "SERVICE_ACCOUNT"
principalScopeLevelFilter
Array of strings unique

Filter role assignments based on principal scope level

Array of objects (AuthzPrincipal) unique

Filter role assignments based on principals

harnessManagedFilter
Array of booleans unique

Filter role assignments based on role assignments being harness managed

disabledFilter
Array of booleans unique

Filter role assignments based on whether they are enabled or disabled

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the scope according to the given filter

post/authz/api/roleassignments/filter
Request samples
{
  • "resourceGroupFilter": [
    ],
  • "roleFilter": [
    ],
  • "principalTypeFilter": [
    ],
  • "principalScopeLevelFilter": [
    ],
  • "principalFilter": [
    ],
  • "harnessManagedFilter": [
    ],
  • "disabledFilter": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Validate Role Assignment

Check whether a proposed role assignment is valid.

SecurityApiKey
Request
query Parameters
accountIdentifier
required
string

Account Identifier for the Entity.

orgIdentifier
string

Organization Identifier for the Entity.

projectIdentifier
string

Project Identifier for the Entity.

Request Body schema:

This is the details of the role assignment for validation.

required
object (RoleAssignment)

Role Assignment to validate

validatePrincipal
boolean

Set it to true if the principal needs to be validated

validateRole
boolean

Set it to true if the role needs to be validated

validateResourceGroup
boolean

Set it to true if the resource group needs to be validated

Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

This is the result of the role assignment validation request.

post/authz/api/roleassignments/validate
Request samples
{
  • "roleAssignment": {
    },
  • "validatePrincipal": true,
  • "validateRole": true,
  • "validateResourceGroup": true
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}