Creates the given role assignment policy. If the upsert query param is set to true then, instead of performing a create, the API will switch to performing an upsert. The following fields are required:
Required Fields:
ownerTypeownerId
When performing an upsert, the above fields will be used to determine whether the role assignment policy resource already exists. If the role assignment policy already exists, a partial update will be performed; otherwise, a new role assignment policy entity will be created.
In the response of an upsert request, if a create was performed, then a 201 response code will be returned; otherwise, if an update was performed, then a 200 will be returned.
Required Permissions
Below is the list of required permissions needed to interact with this API. For each permission, the allowed permission boundaries are also specified.
| Permission | Boundary | Description |
|---|---|---|
| role-assignment-policy:write | Application | The subject can create role assignment policies under the application that the subject belongs to. |
| Tenant | The subject can create role assignment policies for the tenant to which the subject belongs. | |
| Tenant Inclusion List | The subject can create role assignment policies for tenants specified in the tenant inclusion list. | |
| Tenant Exclusion List | The subject can create role assignment policies for tenants in the subject's application that are not on the tenant exclusion list. |