Creates the given role assignment policy. If the upsert query param is set to true then instead of performing a create the API will switch to performing an upsert. The following fields are required:
Required Fields:
ownerTypeownerId
When performing an upsert, the above fields will be used to determine if the role assignment policy resource already exists or not. If the role assignment policy already exists then a partial update will be performed on the existing role assignment policy; otherwise a new role assignment policy entity will be created.
In the response of an upsert request, if a create was performed then a 201 response code will be returned; otherwise, if an update was performed then a 200 will be returned.
Required Permissions
Below is the list of required permissions needed to interact with this API. For each permission the allowed permission boundaries are also specified.
| Permission | Boundary | Description |
|---|---|---|
| role-assignment-policy:write | Application | The subject can create role assignment policies under the application that the subject belongs to. |
| Tenant | The subject can create role assignment policies associated to the tenant that the subject belongs to. | |
| Tenant Inclusion List | The subject can create role assignment policies for tenants specified in the tenant inclusion list. | |
| Tenant Exclusion List | The subject can create role assignment policies for tenants that belong to the subject's application but are not included in the tenant exclusion list. |