# Add Role Assignment POST / #### Description Adds a new role assignment for a user on an object. Endpoint: POST / Version: 1.0 Security: oauth2 ## Request fields (application/json): - `roleKind` (string, required) The user's role kind on an object. Manager has full administrative permissions. Contributor has full edit permissions. Viewer has read-only access to the object and its details. Auditor has read-only access specifically for compliance review purposes. Enum: "manager", "contributor", "auditor", "viewer" - `principalId` (string, required) The unique identifier of the user or group to assign the role to. Must be an active user identifier or group identifier that matches the principalType. Example: "456e7890-e89b-12d3-a456-426614174000" - `principalType` (string, required) The type of the object. Enum: "audit", "connection", "control", "controlScope", "domain", "freshnessHistory", "exportFile", "label", "organization", "organizationUser", "policy", "program", "proof", "request", "requirement", "risk", "riskRegister", "section", "task", "scope", "template", "user" - `targetObjectId` (string, required) The unique identifier of the target object to assign the role on Example: "321e0987-e89b-12d3-a456-426614174000" - `targetObjectType` (string, required) The type of the object. Enum: "audit", "connection", "control", "controlScope", "domain", "freshnessHistory", "exportFile", "label", "organization", "organizationUser", "policy", "program", "proof", "request", "requirement", "risk", "riskRegister", "section", "task", "scope", "template", "user" - `message` (string,null) Optional message to include with the role assignment notification Example: "Adding you as control manager" ## Response 201 fields (application/json): - `id` (string, required) The unique identifier for the role assignment Example: "123e4567-e89b-12d3-a456-426614174000" - `roleId` (string, required) The unique identifier of the role being assigned Example: "987e6543-e21b-12d3-a456-426614174000" - `roleKind` (string, required) The user's role kind on an object. Manager has full administrative permissions. Contributor has full edit permissions. Viewer has read-only access to the object and its details. Auditor has read-only access specifically for compliance review purposes. Enum: "manager", "contributor", "auditor", "viewer" - `principalId` (string, required) The unique identifier of the user being assigned the role Example: "456e7890-e89b-12d3-a456-426614174000" - `principalType` (string, required) The type of the object. Enum: "audit", "connection", "control", "controlScope", "domain", "freshnessHistory", "exportFile", "label", "organization", "organizationUser", "policy", "program", "proof", "request", "requirement", "risk", "riskRegister", "section", "task", "scope", "template", "user" - `principalOrgId` (string) The unique identifier of the organization of the principal user Example: "789e0123-e89b-12d3-a456-426614174000" - `targetObjectId` (string, required) The unique identifier of the object the role is assigned on Example: "321e0987-e89b-12d3-a456-426614174000" - `targetObjectType` (string, required) The type of the object. Enum: "audit", "connection", "control", "controlScope", "domain", "freshnessHistory", "exportFile", "label", "organization", "organizationUser", "policy", "program", "proof", "request", "requirement", "risk", "riskRegister", "section", "task", "scope", "template", "user" - `targetOrgId` (string) The unique identifier of the organization of the target object Example: "789e0123-e89b-12d3-a456-426614174000" - `sourceObjectId` (string,null) The unique identifier of the source object if the role assignment on the target object is inherited Example: "555e6666-e89b-12d3-a456-426614174000" - `sourceObjectType` (string,null) The type of the object. Enum: "audit", "connection", "control", "controlScope", "domain", "freshnessHistory", "exportFile", "label", "organization", "organizationUser", "policy", "program", "proof", "request", "requirement", "risk", "riskRegister", "section", "task", "scope", "template", "user" - `groupId` (string,null) The unique identifier of the group if this is a group role assignment - `groupName` (string,null) The name of the group if this is a group role assignment - `groupRoleAssignmentId` (string,null) The unique identifier of the group role assignment if inherited from group - `createdBy` (string) The unique identifier of the user who created the role assignment Example: "111e2222-e89b-12d3-a456-426614174000" - `createdOn` (string) The date the role assignment was created (ISO-8601 format) Example: "2024-01-15T10:30:00Z" - `updatedBy` (string) The unique identifier of the user who last updated the role assignment Example: "111e2222-e89b-12d3-a456-426614174000" - `updatedOn` (string) The date the role assignment was updated (ISO-8601 format) Example: "2024-01-15T10:30:00Z"