Skip to main content
POST
/
v1
/
role-bindings
Assign role
curl --request POST \
  --url https://api.truthlocks.com/v1/role-bindings \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "role_id": "<string>",
  "principal_id": "<string>",
  "principal_type": "user",
  "scope": "<string>"
}
'
{
  "id": "<string>",
  "role_id": "<string>",
  "principal_id": "<string>",
  "created_at": "<string>"
}
Assigns a role to a user by creating a role binding. You can scope the binding to the entire tenant or to a specific organization within the tenant.

Parameters

user_id
uuid
required
The ID of the user to assign the role to.
role_id
uuid
required
The ID of the role to assign. Use the list roles endpoint to find available role IDs.
scope_type
string
The scope of the assignment. Defaults to "TENANT" if omitted. Use "ORG" to restrict the role to a single organization.
org_id
uuid
The organization to scope the assignment to. Required when scope_type is "ORG".

Responses

Authorizations

X-API-Key
string
header
required

API key for machine-to-machine authentication

Body

application/json
role_id
string
required

Role identifier to assign

principal_id
string
required

User or service account identifier

principal_type
enum<string>
default:user
Available options:
user,
service_account
scope
string

Optional scope restriction

Response

Role binding created

id
string
role_id
string
principal_id
string
created_at
string