roleAssignments

This contains APIs for CRUD on role assignments

Check whether a proposed role assignment is valid.

Request
Security:
ApiKey (readwrite)
query Parameters
accountIdentifier
string
orgIdentifier
string
projectIdentifier
string
Request Body schema:
required
object (RoleAssignmentDTO)
validatePrincipal
boolean
validateRole
boolean
validateResourceGroup
boolean
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Role Assignment validation result

post/authz/api/roleassignments/validate
Request samples
{
  • "roleAssignment": {
    },
  • "validatePrincipal": true,
  • "validateRole": true,
  • "validateResourceGroup": true
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List role assignments in the scope according to the given filter with added metadata

Request
Security:
ApiKey (readwrite)
query Parameters
accountIdentifier
string
orgIdentifier
string
projectIdentifier
string
Request Body schema:

Filter role assignments based on multiple parameters.

resourceGroupFilter
Array of strings unique
roleFilter
Array of strings unique
principalTypeFilter
Array of strings unique
Items Enum: "USER" "USER_GROUP" "SERVICE" "API_KEY" "SERVICE_ACCOUNT"
Array of objects (PrincipalDTO) unique
harnessManagedFilter
Array of booleans unique
disabledFilter
Array of booleans unique
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the scope according to the given filter with added metadata.

post/authz/api/roleassignments/aggregate
Request samples
{
  • "resourceGroupFilter": [
    ],
  • "roleFilter": [
    ],
  • "principalTypeFilter": [
    ],
  • "principalFilter": [
    ],
  • "harnessManagedFilter": [
    ],
  • "disabledFilter": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List role assignments in the scope according to the given filter

Request
Security:
ApiKey (readwrite)
query Parameters
pageIndex
integer <int32>
Default: 0
pageSize
integer <int32>
Default: 50
Array of objects (SortOrder)
accountIdentifier
string
orgIdentifier
string
projectIdentifier
string
Request Body schema:

Filter role assignments based on multiple parameters.

resourceGroupFilter
Array of strings unique
roleFilter
Array of strings unique
principalTypeFilter
Array of strings unique
Items Enum: "USER" "USER_GROUP" "SERVICE" "API_KEY" "SERVICE_ACCOUNT"
Array of objects (PrincipalDTO) unique
harnessManagedFilter
Array of booleans unique
disabledFilter
Array of booleans unique
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the scope according to the given filter

post/authz/api/roleassignments/filter
Request samples
{
  • "resourceGroupFilter": [
    ],
  • "roleFilter": [
    ],
  • "principalTypeFilter": [
    ],
  • "principalFilter": [
    ],
  • "harnessManagedFilter": [
    ],
  • "disabledFilter": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

List role assignments in the given scope

Request
Security:
ApiKey (readwrite)
query Parameters
pageIndex
integer <int32>
Default: 0
pageSize
integer <int32>
Default: 50
Array of objects (SortOrder)
accountIdentifier
string
orgIdentifier
string
projectIdentifier
string
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Paginated list of role assignments in the given scope

get/authz/api/roleassignments
Request samples
curl -i -X GET \
  'https://app.harness.io/gateway/authz/api/roleassignments?pageIndex=0&pageSize=50&sortOrders=%5Bobject%20Object%5D&accountIdentifier=string&orgIdentifier=string&projectIdentifier=string' \
  -H 'x-api-key: YOUR_API_KEY_HERE'
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Create role assignment in the given scope

Request
Security:
ApiKey (readwrite)
query Parameters
accountIdentifier
string
orgIdentifier
string
projectIdentifier
string
Request Body schema:
identifier
string
resourceGroupIdentifier
string
roleIdentifier
string
object (PrincipalDTO)
disabled
boolean
managed
boolean
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Created role assignment

post/authz/api/roleassignments
Request samples
{
  • "identifier": "string",
  • "resourceGroupIdentifier": "string",
  • "roleIdentifier": "string",
  • "principal": {
    },
  • "disabled": true,
  • "managed": true
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Update existing role assignment by identifier and scope. Only changing the disabled/enabled state is allowed.

Request
Security:
ApiKey (readwrite)
path Parameters
identifier
required
string
query Parameters
accountIdentifier
string
orgIdentifier
string
projectIdentifier
string
Request Body schema:
identifier
string
resourceGroupIdentifier
string
roleIdentifier
string
object (PrincipalDTO)
disabled
boolean
managed
boolean
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Updated role assignment

put/authz/api/roleassignments/{identifier}
Request samples
{
  • "identifier": "string",
  • "resourceGroupIdentifier": "string",
  • "roleIdentifier": "string",
  • "principal": {
    },
  • "disabled": true,
  • "managed": true
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Delete an existing role assignment by identifier

Request
Security:
ApiKey (readwrite)
path Parameters
identifier
required
string
query Parameters
accountIdentifier
string
orgIdentifier
string
projectIdentifier
string
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Deleted role assignment

delete/authz/api/roleassignments/{identifier}
Request samples
curl -i -X DELETE \
  'https://app.harness.io/gateway/authz/api/roleassignments/:identifier?accountIdentifier=string&orgIdentifier=string&projectIdentifier=string' \
  -H 'x-api-key: YOUR_API_KEY_HERE'
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}

Create multiple role assignments in a scope. Returns all successfully created role assignments. Ignores failures and duplicates.

Request
Security:
ApiKey (readwrite)
query Parameters
accountIdentifier
string
orgIdentifier
string
projectIdentifier
string
Request Body schema:
Array of objects (RoleAssignmentDTO)
Responses
400

Bad Request

403

Unauthorized

500

Internal server error

default

Successfully created role assignments

post/authz/api/roleassignments/multi
Request samples
{
  • "roleAssignments": [
    ]
}
Response samples
{
  • "status": "SUCCESS",
  • "code": "DEFAULT_ERROR_CODE",
  • "message": "string",
  • "correlationId": "string",
  • "errors": [
    ]
}