Add Role Assignments

POST /users/{user_id}/role_assignments

Adds a set of RoleAssignments to the specified User. Currently unavailable in self-hosted ECE.

Path parameters

user_id string Required

Identifier for the user; include realm name and id if required

Body Required

The roles that will be assigned to users once they accept the invitation. Currently unavailable in self-hosted ECE.

platform array[object]

Assignments for roles with platform scope.
Hide platform attribute Show platform attribute object
Assignment for a role with platform scope.
- role_id string Required
  
  The ID of the role that is assigned.
organization array[object]

Assignments for roles with organization scope.
Hide organization attributes Show organization attributes object
Assignment for a role with organization scope.
- role_id string Required
  
  The ID of the role that is assigned.
- organization_id string Required
  
  The ID of the organization the role is scoped to.
deployment array[object]

Assignments for roles with deployment scope.
Hide deployment attributes Show deployment attributes object
Assignment for a role with deployment scope.
- role_id string Required
  
  The ID of the role that is assigned.
- organization_id string Required
  
  The ID of the organization the role is scoped to.
- all boolean
  
  When true, the role applies to all deployments in the organization, otherwise the role is scoped to the deployments specified in deployment_ids.
- deployment_ids array[string]
  
  The IDs of the deployments the role is scoped to. Must be absent if all is true, and present if all is false.
- application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the deployment(s) specified in the role assignment.
project object

Assignments for roles with project scope.
Hide project attributes Show project attributes object
- elasticsearch array[object]
  
  The Elasticsearch project-scoped role assignments to set
  Hide elasticsearch attributes Show elasticsearch attributes object
  
  Assignment for a role with project scope.
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
- observability array[object]
  
  The Observability project-scoped role assignments to set
  Hide observability attributes Show observability attributes object
  
  Assignment for a role with project scope.
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.
- security array[object]
  
  The Security project-scoped role assignments to set
  Hide security attributes Show security attributes object
  
  Assignment for a role with project scope.
  
  role_id string Required
  
  The ID of the role that is assigned.
  
  organization_id string Required
  
  The ID of the organization the role is scoped to.
  
  all boolean
  
  When true, the role applies to all projects in the organization, otherwise the role is scoped to the projects specified in project_ids.
  
  project_ids array[string]
  
  The IDs of the projects the role is scoped to. Must be absent if all is true, and present if all is false.
  
  application_roles array[string]
  
  If provided, the user assigned this role assignment will be granted this application role when signing in to the project(s) specified in the role assignment.

Responses

200

Role Assignments were successfully added to the target User
400

The target user Id is invalid. (code: role_assignments.invalid_target_user_id)
Hide headers attribute Show headers attribute
- x-cloud-error-codes string
  
  The error codes associated with the response
  
  Value is role_assignments.invalid_target_user_id.
Hide response attribute Show response attribute object
- errors array[object] Required
  
  A list of errors that occurred in the failing request
  
  Hide errors attributes Show errors attributes object
  
  code string Required
  
  A structured code representing the error type that occurred
  
  message string Required
  
  A human readable message describing the error that occurred
  
  fields array[string]
  
  If the error can be tied to a specific field or fields in the user request, this lists those fields
401

Credentials were invalid. (code: root.unauthorized)
Hide headers attribute Show headers attribute
- x-cloud-error-codes string
  
  The error codes associated with the response
  
  Value is root.unauthorized.
Hide response attribute Show response attribute object
- errors array[object] Required
  
  A list of errors that occurred in the failing request
  
  Hide errors attributes Show errors attributes object
  
  code string Required
  
  A structured code representing the error type that occurred
  
  message string Required
  
  A human readable message describing the error that occurred
  
  fields array[string]
  
  If the error can be tied to a specific field or fields in the user request, this lists those fields
403

You are not authorised to add the specified RoleAssignments. (code: role_assignments.unauthorized_role_assignments)
Hide headers attribute Show headers attribute
- x-cloud-error-codes string
  
  The error codes associated with the response
  
  Value is role_assignments.unauthorized_role_assignments.
Hide response attribute Show response attribute object
- errors array[object] Required
  
  A list of errors that occurred in the failing request
  
  Hide errors attributes Show errors attributes object
  
  code string Required
  
  A structured code representing the error type that occurred
  
  message string Required
  
  A human readable message describing the error that occurred
  
  fields array[string]
  
  If the error can be tied to a specific field or fields in the user request, this lists those fields

POST /users/{user_id}/role_assignments

curl \
 -X POST https://api.elastic-cloud.com/api/v1/users/{user_id}/role_assignments \
 -d '{"platform":[{"role_id":"string"}],"organization":[{"role_id":"string","organization_id":"string"}],"deployment":[{"role_id":"string","organization_id":"string","all":true,"deployment_ids":["string"],"application_roles":["string"]}],"project":{"elasticsearch":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"observability":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}],"security":[{"role_id":"string","organization_id":"string","all":true,"project_ids":["string"],"application_roles":["string"]}]}}'

Request examples

{
  "platform": [
    {
      "role_id": "string"
    }
  ],
  "organization": [
    {
      "role_id": "string",
      "organization_id": "string"
    }
  ],
  "deployment": [
    {
      "role_id": "string",
      "organization_id": "string",
      "all": true,
      "deployment_ids": [
        "string"
      ],
      "application_roles": [
        "string"
      ]
    }
  ],
  "project": {
    "elasticsearch": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "project_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "observability": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "project_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ],
    "security": [
      {
        "role_id": "string",
        "organization_id": "string",
        "all": true,
        "project_ids": [
          "string"
        ],
        "application_roles": [
          "string"
        ]
      }
    ]
  }
}

Response examples (200)

{}

Response examples (400)

# Headers
x-cloud-error-codes: role_assignments.invalid_target_user_id

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Response examples (401)

# Headers
x-cloud-error-codes: root.unauthorized

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}

Response examples (403)

# Headers
x-cloud-error-codes: role_assignments.unauthorized_role_assignments

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}