Grant an approle to a user

POST {{stripeUrl}}/admin/v1/Grants

A Grant of an AppRole specifies as the granted App the App that defines the AppRole, and specifies the AppRole as an entitlement. You must specify the AppRole in the payload after app when granting an AppRole to a user

Fulfillment of a Grant of an AppRole to a User doesn't require an Identity Connector Framework Connector (ICF). Because Oracle Identity Cloud Service maintains internally the members of each AppRole, fulfillment simply adds that User as a member of the AppRole. If that User is already a member of that AppRole, this is a NO-OP.

A Grant says that someone (the grantor) says that someone (a grantee) should have something (access to an App, and optionally an entitlement within that App).

The grantor is typically an administrator (but could also be some component of the system).
The grantee is typically a User, but could also be a Group or another App.
The granted App may be accompanied by an entitlement defined by that App.
- In general, an entitlement can be any specific value of any specific attribute of the App-specific identity. (A ManagedApp has its own identity-repository, so it defines the attributes for its own identities.)
- One special case of an entitlement is membership in an AppRole defined by the App. (Granting an AppRole defined by the App necessarily grants access to the App.)

See https://docs.oracle.com/en/cloud/paas/identity-cloud/rest-api/appmgmtrelationships.html for more information on understanding application management relationships between Apps, AppRoles, Users, and Groups.

Request Body

{"grantee"=>{"type"=>"User", "value"=>"{{userid}}"}, "app"=>{"value"=>"{{appid}}"}, "entitlement"=>{"attributeName"=>"appRoles", "attributeValue"=>"{{approleid}}"}, "grantMechanism"=>"ADMINISTRATOR_TO_USER", "schemas"=>["urn:ietf:params:scim:schemas:oracle:idcs:Grant"]}

HEADERS

Key	Datatype	Required	Description
`Authorization`	string
`Date`	string
`Content-Type`	string
`x-content-sha256`	string