Creates the given role assignment policy. If the upsert
query param is set to true
then, instead of performing a create, the API will switch to performing an upsert. The following fields are required:
Required Fields:
ownerType
ownerId
When performing an upsert, the above fields will be used to determine whether the role assignment policy resource already exists. If the role assignment policy already exists, a partial update will be performed; otherwise, a new role assignment policy entity will be created.
In the response of an upsert request, if a create was performed, then a 201
response code will be returned; otherwise, if an update was performed, then a 200
will be returned.
Required Permissions
Below is the list of required permissions needed to interact with this API. For each permission, the allowed permission boundaries are also specified.
Permission | Boundary | Description |
---|---|---|
role-assignment-policy:write | Application | The subject can create role assignment policies under the application that the subject belongs to. |
Tenant | The subject can create role assignment policies for the tenant to which the subject belongs. | |
Tenant Inclusion List | The subject can create role assignment policies for tenants specified in the tenant inclusion list. | |
Tenant Exclusion List | The subject can create role assignment policies for tenants in the subject's application that are not on the tenant exclusion list. |