Roleassignments - Set Role Assignment
Set role assignment on a resource
PUT https://dev.azure.com/{organization}/_apis/securityroles/scopes/{scopeId}/roleassignments/resources/{resourceId}/{identityId}?api-version=7.1-preview.1URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
identity
|
path | True |
string (uuid) |
|
|
resource
|
path | True |
string |
Id of the resource on which the role is to be assigned |
|
scope
|
path | True |
string |
Id of the assigned scope |
|
organization
|
path |
string |
The name of the Azure DevOps organization. |
|
|
api-version
|
query | True |
string |
Version of the API to use. This should be set to '7.1-preview.1' to use this version of the api. |
Request Body
| Name | Type | Description |
|---|---|---|
| roleName |
string |
The name of the role assigned. |
| uniqueName |
string |
Identifier of the user given the role assignment. |
| userId |
string (uuid) |
Unique id of the user given the role assignment. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
successful operation |
Security
oauth2
Type:
oauth2
Flow:
accessCode
Authorization URL:
https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
Token URL:
https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
Scopes
| Name | Description |
|---|---|
| vso.security_manage | Grants the ability to read, write, and manage security permissions. |
Definitions
| Name | Description |
|---|---|
|
Identity |
|
|
Reference |
The class to represent a collection of REST reference links. |
|
Role |
Designates the role as explicitly assigned or inherited. |
|
Role |
|
|
Security |
|
|
User |
IdentityRef
| Name | Type | Description |
|---|---|---|
| _links |
This field contains zero or more interesting links about the graph subject. These links may be invoked to obtain additional relationships or more detailed information about this graph subject. |
|
| descriptor |
string |
The descriptor is the primary way to reference the graph subject while the system is running. This field will uniquely identify the same graph subject across both Accounts and Organizations. |
| directoryAlias |
string |
Deprecated - Can be retrieved by querying the Graph user referenced in the "self" entry of the IdentityRef "_links" dictionary |
| displayName |
string |
This is the non-unique display name of the graph subject. To change this field, you must alter its value in the source provider. |
| id |
string |
|
| imageUrl |
string |
Deprecated - Available in the "avatar" entry of the IdentityRef "_links" dictionary |
| inactive |
boolean |
Deprecated - Can be retrieved by querying the Graph membership state referenced in the "membershipState" entry of the GraphUser "_links" dictionary |
| isAadIdentity |
boolean |
Deprecated - Can be inferred from the subject type of the descriptor (Descriptor.IsAadUserType/Descriptor.IsAadGroupType) |
| isContainer |
boolean |
Deprecated - Can be inferred from the subject type of the descriptor (Descriptor.IsGroupType) |
| isDeletedInOrigin |
boolean |
|
| profileUrl |
string |
Deprecated - not in use in most preexisting implementations of ToIdentityRef |
| uniqueName |
string |
Deprecated - use Domain+PrincipalName instead |
| url |
string |
This url is the full route to the source resource of this graph subject. |
ReferenceLinks
The class to represent a collection of REST reference links.
| Name | Type | Description |
|---|---|---|
| links |
object |
The readonly view of the links. Because Reference links are readonly, we only want to expose them as read only. |
RoleAccess
Designates the role as explicitly assigned or inherited.
| Value | Description |
|---|---|
| assigned |
Access has been explicitly set. |
| inherited |
Access has been inherited from a higher scope. |
RoleAssignment
| Name | Type | Description |
|---|---|---|
| access |
Designates the role as explicitly assigned or inherited. |
|
| accessDisplayName |
string |
User friendly description of access assignment. |
| identity |
The user to whom the role is assigned. |
|
| role |
The role assigned to the user. |
SecurityRole
| Name | Type | Description |
|---|---|---|
| allowPermissions |
integer (int32) |
Permissions the role is allowed. |
| denyPermissions |
integer (int32) |
Permissions the role is denied. |
| description |
string |
Description of user access defined by the role |
| displayName |
string |
User friendly name of the role. |
| identifier |
string |
Globally unique identifier for the role. |
| name |
string |
Unique name of the role in the scope. |
| scope |
string |
Returns the id of the ParentScope. |
UserRoleAssignmentRef
| Name | Type | Description |
|---|---|---|
| roleName |
string |
The name of the role assigned. |
| uniqueName |
string |
Identifier of the user given the role assignment. |
| userId |
string (uuid) |
Unique id of the user given the role assignment. |