# Create a role assignment

Create a role assignment

Endpoint: POST /v1/orgs/{org}/role-assignments
Version: 1.0
Security: x-api-key

## Path parameters:

  - `org` (string, required)
    Organization identifier

## Header parameters:

  - `Harness-Account` (string)
    Identifier field of the account the resource is scoped to. This is required for Authorization methods other than the x-api-key header. If you are using the x-api-key header, this can be skipped.

## Request fields (application/json):

  - `identifier` (string, required)
    Role assignment identifier

  - `resource_group` (string, required)
    Resource group name

  - `role` (string, required)
    Role identifier

  - `roleReference` (object)
    Role referenced in role assignment

  - `roleReference.scope_level` (string, required)
    Role scope level

  - `roleReference.identifier` (string, required)
    Role identifier

  - `principal` (object, required)
    Role assignment principal

  - `principal.scope_level` (string)
    Principal scope level

  - `principal.identifier` (string, required)
    Principal identifier

  - `principal.type` (string, required)
    Principal type
    Enum: "USER", "USER_GROUP", "SERVICE_ACCOUNT"

  - `disabled` (boolean)
    Role assignment is disabled or not

  - `managed` (boolean)
    Role assignment is managed or not

## Response 201 fields (application/json):

  - `role-assignment` (object)
    Role assignment request model

  - `role-assignment.identifier` (string, required)
    Role assignment identifier

  - `role-assignment.resource_group` (string, required)
    Resource group name

  - `role-assignment.role` (string, required)
    Role identifier

  - `role-assignment.roleReference` (object)
    Role referenced in role assignment

  - `role-assignment.roleReference.scope_level` (string, required)
    Role scope level

  - `role-assignment.roleReference.identifier` (string, required)
    Role identifier

  - `role-assignment.principal` (object, required)
    Role assignment principal

  - `role-assignment.principal.scope_level` (string)
    Principal scope level

  - `role-assignment.principal.identifier` (string, required)
    Principal identifier

  - `role-assignment.principal.type` (string, required)
    Principal type
    Enum: "USER", "USER_GROUP", "SERVICE_ACCOUNT"

  - `role-assignment.disabled` (boolean)
    Role assignment is disabled or not

  - `role-assignment.managed` (boolean)
    Role assignment is managed or not

  - `created` (integer)
    Creation timestamp for Role.

  - `updated` (integer)
    Last modification timestamp for Role.

  - `harness_managed` (boolean)
    Is harness managed