Creates the given role assignment policy. If the upsert query param is set to true then, instead of performing a create, the API will switch to performing an upsert. The following fields are required:

Required Fields:

ownerType
ownerId

When performing an upsert, the above fields will be used to determine whether the role assignment policy resource already exists. If the role assignment policy already exists, a partial update will be performed; otherwise, a new role assignment policy entity will be created.

In the response of an upsert request, if a create was performed, then a 201 response code will be returned; otherwise, if an update was performed, then a 200 will be returned.

Required Permissions

Below is the list of required permissions needed to interact with this API. For each permission, the allowed permission boundaries are also specified.

Permission	Boundary	Description
role-assignment-policy:write	Application	The subject can create role assignment policies under the application that the subject belongs to.
	Tenant	The subject can create role assignment policies for the tenant to which the subject belongs.
	Tenant Inclusion List	The subject can create role assignment policies for tenants specified in the tenant inclusion list.
	Tenant Exclusion List	The subject can create role assignment policies for tenants in the subject's application that are not on the tenant exclusion list.