## CreateRoleAssignment `client.Groups.RoleAssignments.New(ctx, body) (*GroupRoleAssignmentNewResponse, error)` **post** `/gitpod.v1.GroupService/CreateRoleAssignment` Creates a role assignment for a group on a resource. Use this method to: - Assign specific roles to groups on runners, projects, or environments - Grant group-based access to resources ### Examples - Assign admin role on a runner: Grants the group admin access to a runner. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" resourceType: RESOURCE_TYPE_RUNNER resourceId: "f53d2330-3795-4c5d-a1f3-453121af9c60" resourceRole: RESOURCE_ROLE_RUNNER_ADMIN ``` - Assign user role on a project: Grants the group user access to a project. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" resourceType: RESOURCE_TYPE_PROJECT resourceId: "a1b2c3d4-5678-90ab-cdef-1234567890ab" resourceRole: RESOURCE_ROLE_PROJECT_USER ``` ### Authorization Requires admin role on the specific resource. ### Parameters - `body GroupRoleAssignmentNewParams` - `GroupID param.Field[string]` - `ResourceID param.Field[string]` - `ResourceRole param.Field[ResourceRole]` ResourceRole represents roles that can be assigned to groups on resources These map directly to the roles defined in backend/db/rule/rbac/role/role.go - `ResourceType param.Field[ResourceType]` ### Returns - `type GroupRoleAssignmentNewResponse struct{…}` - `Assignment RoleAssignment` RoleAssignment represents a role assigned to a group on a specific resource - `ID string` Unique identifier for the role assignment - `DerivedFromOrgRole ResourceRole` The org-level role that created this assignment, if any. RESOURCE_ROLE_UNSPECIFIED means this is a direct share (manually created). Non-zero (e.g., ORG_PROJECTS_ADMIN, ORG_RUNNERS_ADMIN) means this assignment was derived from an org-level role. - `const ResourceRoleUnspecified ResourceRole = "RESOURCE_ROLE_UNSPECIFIED"` - `const ResourceRoleOrgAdmin ResourceRole = "RESOURCE_ROLE_ORG_ADMIN"` - `const ResourceRoleOrgMember ResourceRole = "RESOURCE_ROLE_ORG_MEMBER"` - `const ResourceRoleOrgRunnersAdmin ResourceRole = "RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `const ResourceRoleOrgProjectsAdmin ResourceRole = "RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `const ResourceRoleOrgAutomationsAdmin ResourceRole = "RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `const ResourceRoleOrgGroupsAdmin ResourceRole = "RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `const ResourceRoleOrgAuditLogReader ResourceRole = "RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `const ResourceRoleGroupAdmin ResourceRole = "RESOURCE_ROLE_GROUP_ADMIN"` - `const ResourceRoleGroupViewer ResourceRole = "RESOURCE_ROLE_GROUP_VIEWER"` - `const ResourceRoleUserIdentity ResourceRole = "RESOURCE_ROLE_USER_IDENTITY"` - `const ResourceRoleUserViewer ResourceRole = "RESOURCE_ROLE_USER_VIEWER"` - `const ResourceRoleUserAdmin ResourceRole = "RESOURCE_ROLE_USER_ADMIN"` - `const ResourceRoleEnvironmentIdentity ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `const ResourceRoleEnvironmentAdmin ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `const ResourceRoleEnvironmentUser ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_USER"` - `const ResourceRoleEnvironmentViewer ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `const ResourceRoleEnvironmentRunner ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `const ResourceRoleRunnerIdentity ResourceRole = "RESOURCE_ROLE_RUNNER_IDENTITY"` - `const ResourceRoleRunnerAdmin ResourceRole = "RESOURCE_ROLE_RUNNER_ADMIN"` - `const ResourceRoleRunnerLocalAdmin ResourceRole = "RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `const ResourceRoleRunnerManagedAdmin ResourceRole = "RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `const ResourceRoleRunnerUser ResourceRole = "RESOURCE_ROLE_RUNNER_USER"` - `const ResourceRoleRunnerConfigurationReader ResourceRole = "RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `const ResourceRoleHostAuthenticationTokenAdmin ResourceRole = "RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `const ResourceRoleHostAuthenticationTokenUpdater ResourceRole = "RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `const ResourceRoleProjectAdmin ResourceRole = "RESOURCE_ROLE_PROJECT_ADMIN"` - `const ResourceRoleProjectUser ResourceRole = "RESOURCE_ROLE_PROJECT_USER"` - `const ResourceRoleProjectEditor ResourceRole = "RESOURCE_ROLE_PROJECT_EDITOR"` - `const ResourceRoleEnvironmentServiceAdmin ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `const ResourceRoleEnvironmentServiceViewer ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `const ResourceRoleEnvironmentServiceUser ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `const ResourceRoleEnvironmentServiceEnv ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `const ResourceRoleEnvironmentTaskAdmin ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `const ResourceRoleEnvironmentTaskViewer ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `const ResourceRoleEnvironmentTaskUser ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `const ResourceRoleEnvironmentTaskEnv ResourceRole = "RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `const ResourceRoleServiceAccountIdentity ResourceRole = "RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `const ResourceRoleServiceAccountAdmin ResourceRole = "RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `const ResourceRoleAgentExecutionUser ResourceRole = "RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `const ResourceRoleAgentExecutionAdmin ResourceRole = "RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `const ResourceRoleAgentExecutionRunner ResourceRole = "RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `const ResourceRoleAgentExecutionOutputsReporter ResourceRole = "RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `const ResourceRoleAgentExecutionViewer ResourceRole = "RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `const ResourceRoleAgentAdmin ResourceRole = "RESOURCE_ROLE_AGENT_ADMIN"` - `const ResourceRoleAgentViewer ResourceRole = "RESOURCE_ROLE_AGENT_VIEWER"` - `const ResourceRoleAgentExecutor ResourceRole = "RESOURCE_ROLE_AGENT_EXECUTOR"` - `const ResourceRoleWorkflowAdmin ResourceRole = "RESOURCE_ROLE_WORKFLOW_ADMIN"` - `const ResourceRoleWorkflowUser ResourceRole = "RESOURCE_ROLE_WORKFLOW_USER"` - `const ResourceRoleWorkflowViewer ResourceRole = "RESOURCE_ROLE_WORKFLOW_VIEWER"` - `const ResourceRoleWorkflowExecutor ResourceRole = "RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `const ResourceRoleSnapshotAdmin ResourceRole = "RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `const ResourceRoleSnapshotRunner ResourceRole = "RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `const ResourceRoleWebhookAdmin ResourceRole = "RESOURCE_ROLE_WEBHOOK_ADMIN"` - `const ResourceRoleWebhookViewer ResourceRole = "RESOURCE_ROLE_WEBHOOK_VIEWER"` - `const ResourceRoleWarmpoolRunner ResourceRole = "RESOURCE_ROLE_WARMPOOL_RUNNER"` - `const ResourceRoleWarmpoolAdmin ResourceRole = "RESOURCE_ROLE_WARMPOOL_ADMIN"` - `const ResourceRoleWarmpoolViewer ResourceRole = "RESOURCE_ROLE_WARMPOOL_VIEWER"` - `const ResourceRoleSessionAdmin ResourceRole = "RESOURCE_ROLE_SESSION_ADMIN"` - `const ResourceRoleSessionUser ResourceRole = "RESOURCE_ROLE_SESSION_USER"` - `const ResourceRoleTeamAdmin ResourceRole = "RESOURCE_ROLE_TEAM_ADMIN"` - `const ResourceRoleTeamViewer ResourceRole = "RESOURCE_ROLE_TEAM_VIEWER"` - `GroupID string` Group identifier - `OrganizationID string` Organization identifier - `ResourceID string` Resource identifier - `ResourceRole ResourceRole` Role assigned to the group on this resource - `ResourceType ResourceType` Type of resource (runner, project, environment, etc.) - `const ResourceTypeUnspecified ResourceType = "RESOURCE_TYPE_UNSPECIFIED"` - `const ResourceTypeEnvironment ResourceType = "RESOURCE_TYPE_ENVIRONMENT"` - `const ResourceTypeRunner ResourceType = "RESOURCE_TYPE_RUNNER"` - `const ResourceTypeProject ResourceType = "RESOURCE_TYPE_PROJECT"` - `const ResourceTypeTask ResourceType = "RESOURCE_TYPE_TASK"` - `const ResourceTypeTaskExecution ResourceType = "RESOURCE_TYPE_TASK_EXECUTION"` - `const ResourceTypeService ResourceType = "RESOURCE_TYPE_SERVICE"` - `const ResourceTypeOrganization ResourceType = "RESOURCE_TYPE_ORGANIZATION"` - `const ResourceTypeUser ResourceType = "RESOURCE_TYPE_USER"` - `const ResourceTypeEnvironmentClass ResourceType = "RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `const ResourceTypeRunnerScmIntegration ResourceType = "RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `const ResourceTypeHostAuthenticationToken ResourceType = "RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `const ResourceTypeGroup ResourceType = "RESOURCE_TYPE_GROUP"` - `const ResourceTypePersonalAccessToken ResourceType = "RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `const ResourceTypeUserPreference ResourceType = "RESOURCE_TYPE_USER_PREFERENCE"` - `const ResourceTypeServiceAccount ResourceType = "RESOURCE_TYPE_SERVICE_ACCOUNT"` - `const ResourceTypeSecret ResourceType = "RESOURCE_TYPE_SECRET"` - `const ResourceTypeSSOConfig ResourceType = "RESOURCE_TYPE_SSO_CONFIG"` - `const ResourceTypeDomainVerification ResourceType = "RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `const ResourceTypeAgentExecution ResourceType = "RESOURCE_TYPE_AGENT_EXECUTION"` - `const ResourceTypeRunnerLlmIntegration ResourceType = "RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `const ResourceTypeAgent ResourceType = "RESOURCE_TYPE_AGENT"` - `const ResourceTypeEnvironmentSession ResourceType = "RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `const ResourceTypeUserSecret ResourceType = "RESOURCE_TYPE_USER_SECRET"` - `const ResourceTypeOrganizationPolicy ResourceType = "RESOURCE_TYPE_ORGANIZATION_POLICY"` - `const ResourceTypeOrganizationSecret ResourceType = "RESOURCE_TYPE_ORGANIZATION_SECRET"` - `const ResourceTypeProjectEnvironmentClass ResourceType = "RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `const ResourceTypeBilling ResourceType = "RESOURCE_TYPE_BILLING"` - `const ResourceTypePrompt ResourceType = "RESOURCE_TYPE_PROMPT"` - `const ResourceTypeCoupon ResourceType = "RESOURCE_TYPE_COUPON"` - `const ResourceTypeCouponRedemption ResourceType = "RESOURCE_TYPE_COUPON_REDEMPTION"` - `const ResourceTypeAccount ResourceType = "RESOURCE_TYPE_ACCOUNT"` - `const ResourceTypeIntegration ResourceType = "RESOURCE_TYPE_INTEGRATION"` - `const ResourceTypeWorkflow ResourceType = "RESOURCE_TYPE_WORKFLOW"` - `const ResourceTypeWorkflowExecution ResourceType = "RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `const ResourceTypeWorkflowExecutionAction ResourceType = "RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `const ResourceTypeSnapshot ResourceType = "RESOURCE_TYPE_SNAPSHOT"` - `const ResourceTypePrebuild ResourceType = "RESOURCE_TYPE_PREBUILD"` - `const ResourceTypeOrganizationLlmIntegration ResourceType = "RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `const ResourceTypeCustomDomain ResourceType = "RESOURCE_TYPE_CUSTOM_DOMAIN"` - `const ResourceTypeRoleAssignmentChanged ResourceType = "RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `const ResourceTypeGroupMembershipChanged ResourceType = "RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `const ResourceTypeWebhook ResourceType = "RESOURCE_TYPE_WEBHOOK"` - `const ResourceTypeScimConfiguration ResourceType = "RESOURCE_TYPE_SCIM_CONFIGURATION"` - `const ResourceTypeServiceAccountSecret ResourceType = "RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `const ResourceTypeAnnouncementBanner ResourceType = "RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `const ResourceTypeServiceAccountToken ResourceType = "RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `const ResourceTypeRoleAssignment ResourceType = "RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `const ResourceTypeWarmPool ResourceType = "RESOURCE_TYPE_WARM_POOL"` - `const ResourceTypeNotification ResourceType = "RESOURCE_TYPE_NOTIFICATION"` ### Example ```go package main import ( "context" "fmt" "github.com/gitpod-io/gitpod-sdk-go" "github.com/gitpod-io/gitpod-sdk-go/option" "github.com/gitpod-io/gitpod-sdk-go/shared" ) func main() { client := gitpod.NewClient( option.WithBearerToken("My Bearer Token"), ) roleAssignment, err := client.Groups.RoleAssignments.New(context.TODO(), gitpod.GroupRoleAssignmentNewParams{ GroupID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"), ResourceID: gitpod.F("f53d2330-3795-4c5d-a1f3-453121af9c60"), ResourceRole: gitpod.F(shared.ResourceRoleRunnerAdmin), ResourceType: gitpod.F(shared.ResourceTypeRunner), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", roleAssignment.Assignment) } ``` #### Response ```json { "assignment": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "derivedFromOrgRole": "RESOURCE_ROLE_UNSPECIFIED", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "resourceId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "resourceRole": "RESOURCE_ROLE_UNSPECIFIED", "resourceType": "RESOURCE_TYPE_UNSPECIFIED" } } ```