Assign a Role to a User
Number of APIs: 3
Roles determine what actions a user can perform. For example, to generate a client secret, a user must be assigned the Environment Admin role.
The PingOne roles are:
| Role | Icon |
|---|---|
| Organization Admin |  |
| Environment Admin |  |
| Identity Data Admin |  |
| Client Application Developer |  |
| Identity Data Read-Only Admin |  |
| Configuration Read-Only Admin |  |
For permissions associated with each role, see PingOne Role Permissions.
Prerequisites
Get an access token from the worker application that you created in Getting Started with the PingOne APIs. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, see GET a Worker Application Access Token.
An existing user to assign the role to.
Workflow order of operations
To assign a role to a user, complete the following tasks:
Make a
GETrequest to{{apiPath}}/environments/{{envID}}/usersto get the ID of the user.Make a
GETrequest to{{apiPath}}/rolesto get the ID of the role to assign.Make a
POSTrequest to{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignmentsto create the user role assignment.
-
Step 1: Get the user ID GET {{apiPath}}/environments/{{envID}}/users
-
Step 2: Get the role ID GET {{apiPath}}/roles
-
Step 3: Create the user role assignment POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments