Add Role Assignments

POST /users/{user_id}/role_assignments

Adds a set of RoleAssignments to the specified User. Currently unavailable in self-hosted ECE.

Path parameters

  • user_id string Required

    Identifier for the user; include realm name and id if required

Body Required

The Role Assignments to add

  • platform array[object]

    Assignments for roles with platform scope.

    Hide platform attribute Show platform attribute object
    • role_id string Required

      The ID of the role that is assigned.

  • organization array[object]

    Assignments for roles with organization scope.

    Hide organization attributes Show organization attributes object
    • role_id string Required

      The ID of the role that is assigned.

    • organization_id string Required

      The ID of the organization the role is scoped to.

  • deployment array[object]

    Assignments for roles with deployment scope.

    Hide deployment attributes Show deployment attributes object
    • role_id string Required

      The ID of the role that is assigned.

    • organization_id string Required

      The ID of the organization the role is scoped to.

    • all boolean

      When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.

    • deployment_ids array[string]

      The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.

    • application_roles array[string]

      If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.

  • project object

    Assignments for roles with project scope.

    Additional properties are allowed.

    Hide project attributes Show project attributes object
    • elasticsearch array[object]

      The Elasticsearch project-scoped role assignments to set

      Hide elasticsearch attributes Show elasticsearch attributes object
      • role_id string Required

        The ID of the role that is assigned.

      • organization_id string Required

        The ID of the organization the role is scoped to.

      • all boolean

        When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

      • project_ids array[string]

        The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

      • application_roles array[string]

        If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

    • observability array[object]

      The Observability project-scoped role assignments to set

      Hide observability attributes Show observability attributes object
      • role_id string Required

        The ID of the role that is assigned.

      • organization_id string Required

        The ID of the organization the role is scoped to.

      • all boolean

        When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

      • project_ids array[string]

        The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

      • application_roles array[string]

        If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

    • security array[object]

      The Security project-scoped role assignments to set

      Hide security attributes Show security attributes object
      • role_id string Required

        The ID of the role that is assigned.

      • organization_id string Required

        The ID of the organization the role is scoped to.

      • all boolean

        When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.

      • project_ids array[string]

        The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.

      • application_roles array[string]

        If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

Responses

  • 200

    Role Assignments were successfully added to the target User

    Additional properties are allowed.
  • 400

    The target user Id is invalid. (code: role_assignments.invalid_target_user_id)

    Hide headers attribute Show headers attribute
    • x-cloud-error-codes string

      The error codes associated with the response

      Value is role_assignments.invalid_target_user_id.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields
  • 401

    Credentials were invalid. (code: root.unauthorized)

    Hide headers attribute Show headers attribute
    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields
  • 403

    You are not authorised to add the specified RoleAssignments. (code: role_assignments.unauthorized_role_assignments)

    Hide headers attribute Show headers attribute
    • x-cloud-error-codes string

      The error codes associated with the response

      Value is role_assignments.unauthorized_role_assignments.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields
POST /users/{user_id}/role_assignments 
curl \
 -X POST https://api.elastic-cloud.com/api/v1/users/{user_id}/role_assignments \
 -d '{"platform":[{"role_id":"string"}],"organization":[{"role_id":"string","organization_id":"string"}],"deployment":[{"role_id":"string","organization_id":"string","all":true,"deployment_ids":["string"],"application_roles":["string"]}],"project":{"elasticsearch":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"observability":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"security":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}]}}'
Request examples 
{
  "platform": [
    {
      "role_id": "string"
    }
  ],
  "organization": [
    {
      "role_id": "string",
      "organization_id": "string"
    }
  ],
  "deployment": [
    {
      "role_id": "string",
      "organization_id": "string",
      "all": true,
      "deployment_ids": [
        "string"
      ],
      "application_roles": [
        "string"
      ]
    }
  ],
  "project": {
    "elasticsearch": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "project_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "observability": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "project_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "security": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "project_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ]
  }
}
Response examples (200) 
{}
Response examples (400) 
# Headers
x-cloud-error-codes: role_assignments.invalid_target_user_id

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (401) 
# Headers
x-cloud-error-codes: root.unauthorized

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}
Response examples (403) 
# Headers
x-cloud-error-codes: role_assignments.unauthorized_role_assignments

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}