# Role Assignments ## CreateRoleAssignment `groups.role_assignments.create(RoleAssignmentCreateParams**kwargs) -> RoleAssignmentCreateResponse` **post** `/gitpod.v1.GroupService/CreateRoleAssignment` Creates a role assignment for a group on a resource. Use this method to: - Assign specific roles to groups on runners, projects, or environments - Grant group-based access to resources ### Examples - Assign admin role on a runner: Grants the group admin access to a runner. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" resourceType: RESOURCE_TYPE_RUNNER resourceId: "f53d2330-3795-4c5d-a1f3-453121af9c60" resourceRole: RESOURCE_ROLE_RUNNER_ADMIN ``` - Assign user role on a project: Grants the group user access to a project. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" resourceType: RESOURCE_TYPE_PROJECT resourceId: "a1b2c3d4-5678-90ab-cdef-1234567890ab" resourceRole: RESOURCE_ROLE_PROJECT_USER ``` ### Authorization Requires admin role on the specific resource. ### Parameters - `group_id: Optional[str]` - `resource_id: Optional[str]` - `resource_role: Optional[ResourceRole]` ResourceRole represents roles that can be assigned to groups on resources These map directly to the roles defined in backend/db/rule/rbac/role/role.go - `"RESOURCE_ROLE_UNSPECIFIED"` - `"RESOURCE_ROLE_ORG_ADMIN"` - `"RESOURCE_ROLE_ORG_MEMBER"` - `"RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `"RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `"RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `"RESOURCE_ROLE_GROUP_ADMIN"` - `"RESOURCE_ROLE_GROUP_VIEWER"` - `"RESOURCE_ROLE_USER_IDENTITY"` - `"RESOURCE_ROLE_USER_VIEWER"` - `"RESOURCE_ROLE_USER_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `"RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `"RESOURCE_ROLE_RUNNER_IDENTITY"` - `"RESOURCE_ROLE_RUNNER_ADMIN"` - `"RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `"RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `"RESOURCE_ROLE_RUNNER_USER"` - `"RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `"RESOURCE_ROLE_PROJECT_ADMIN"` - `"RESOURCE_ROLE_PROJECT_USER"` - `"RESOURCE_ROLE_PROJECT_EDITOR"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `"RESOURCE_ROLE_AGENT_ADMIN"` - `"RESOURCE_ROLE_AGENT_VIEWER"` - `"RESOURCE_ROLE_AGENT_EXECUTOR"` - `"RESOURCE_ROLE_WORKFLOW_ADMIN"` - `"RESOURCE_ROLE_WORKFLOW_USER"` - `"RESOURCE_ROLE_WORKFLOW_VIEWER"` - `"RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `"RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `"RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `"RESOURCE_ROLE_WEBHOOK_ADMIN"` - `"RESOURCE_ROLE_WEBHOOK_VIEWER"` - `"RESOURCE_ROLE_WARMPOOL_RUNNER"` - `"RESOURCE_ROLE_WARMPOOL_ADMIN"` - `"RESOURCE_ROLE_WARMPOOL_VIEWER"` - `"RESOURCE_ROLE_SESSION_ADMIN"` - `"RESOURCE_ROLE_SESSION_USER"` - `"RESOURCE_ROLE_TEAM_ADMIN"` - `"RESOURCE_ROLE_TEAM_VIEWER"` - `resource_type: Optional[ResourceType]` - `"RESOURCE_TYPE_UNSPECIFIED"` - `"RESOURCE_TYPE_ENVIRONMENT"` - `"RESOURCE_TYPE_RUNNER"` - `"RESOURCE_TYPE_PROJECT"` - `"RESOURCE_TYPE_TASK"` - `"RESOURCE_TYPE_TASK_EXECUTION"` - `"RESOURCE_TYPE_SERVICE"` - `"RESOURCE_TYPE_ORGANIZATION"` - `"RESOURCE_TYPE_USER"` - `"RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `"RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `"RESOURCE_TYPE_GROUP"` - `"RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `"RESOURCE_TYPE_USER_PREFERENCE"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT"` - `"RESOURCE_TYPE_SECRET"` - `"RESOURCE_TYPE_SSO_CONFIG"` - `"RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `"RESOURCE_TYPE_AGENT_EXECUTION"` - `"RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `"RESOURCE_TYPE_AGENT"` - `"RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `"RESOURCE_TYPE_USER_SECRET"` - `"RESOURCE_TYPE_ORGANIZATION_POLICY"` - `"RESOURCE_TYPE_ORGANIZATION_SECRET"` - `"RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_BILLING"` - `"RESOURCE_TYPE_PROMPT"` - `"RESOURCE_TYPE_COUPON"` - `"RESOURCE_TYPE_COUPON_REDEMPTION"` - `"RESOURCE_TYPE_ACCOUNT"` - `"RESOURCE_TYPE_INTEGRATION"` - `"RESOURCE_TYPE_WORKFLOW"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `"RESOURCE_TYPE_SNAPSHOT"` - `"RESOURCE_TYPE_PREBUILD"` - `"RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `"RESOURCE_TYPE_CUSTOM_DOMAIN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `"RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `"RESOURCE_TYPE_WEBHOOK"` - `"RESOURCE_TYPE_SCIM_CONFIGURATION"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `"RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `"RESOURCE_TYPE_WARM_POOL"` - `"RESOURCE_TYPE_NOTIFICATION"` ### Returns - `class RoleAssignmentCreateResponse: …` - `assignment: Optional[RoleAssignment]` RoleAssignment represents a role assigned to a group on a specific resource - `id: Optional[str]` Unique identifier for the role assignment - `derived_from_org_role: Optional[ResourceRole]` The org-level role that created this assignment, if any. RESOURCE_ROLE_UNSPECIFIED means this is a direct share (manually created). Non-zero (e.g., ORG_PROJECTS_ADMIN, ORG_RUNNERS_ADMIN) means this assignment was derived from an org-level role. - `"RESOURCE_ROLE_UNSPECIFIED"` - `"RESOURCE_ROLE_ORG_ADMIN"` - `"RESOURCE_ROLE_ORG_MEMBER"` - `"RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `"RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `"RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `"RESOURCE_ROLE_GROUP_ADMIN"` - `"RESOURCE_ROLE_GROUP_VIEWER"` - `"RESOURCE_ROLE_USER_IDENTITY"` - `"RESOURCE_ROLE_USER_VIEWER"` - `"RESOURCE_ROLE_USER_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `"RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `"RESOURCE_ROLE_RUNNER_IDENTITY"` - `"RESOURCE_ROLE_RUNNER_ADMIN"` - `"RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `"RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `"RESOURCE_ROLE_RUNNER_USER"` - `"RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `"RESOURCE_ROLE_PROJECT_ADMIN"` - `"RESOURCE_ROLE_PROJECT_USER"` - `"RESOURCE_ROLE_PROJECT_EDITOR"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `"RESOURCE_ROLE_AGENT_ADMIN"` - `"RESOURCE_ROLE_AGENT_VIEWER"` - `"RESOURCE_ROLE_AGENT_EXECUTOR"` - `"RESOURCE_ROLE_WORKFLOW_ADMIN"` - `"RESOURCE_ROLE_WORKFLOW_USER"` - `"RESOURCE_ROLE_WORKFLOW_VIEWER"` - `"RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `"RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `"RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `"RESOURCE_ROLE_WEBHOOK_ADMIN"` - `"RESOURCE_ROLE_WEBHOOK_VIEWER"` - `"RESOURCE_ROLE_WARMPOOL_RUNNER"` - `"RESOURCE_ROLE_WARMPOOL_ADMIN"` - `"RESOURCE_ROLE_WARMPOOL_VIEWER"` - `"RESOURCE_ROLE_SESSION_ADMIN"` - `"RESOURCE_ROLE_SESSION_USER"` - `"RESOURCE_ROLE_TEAM_ADMIN"` - `"RESOURCE_ROLE_TEAM_VIEWER"` - `group_id: Optional[str]` Group identifier - `organization_id: Optional[str]` Organization identifier - `resource_id: Optional[str]` Resource identifier - `resource_role: Optional[ResourceRole]` Role assigned to the group on this resource - `resource_type: Optional[ResourceType]` Type of resource (runner, project, environment, etc.) - `"RESOURCE_TYPE_UNSPECIFIED"` - `"RESOURCE_TYPE_ENVIRONMENT"` - `"RESOURCE_TYPE_RUNNER"` - `"RESOURCE_TYPE_PROJECT"` - `"RESOURCE_TYPE_TASK"` - `"RESOURCE_TYPE_TASK_EXECUTION"` - `"RESOURCE_TYPE_SERVICE"` - `"RESOURCE_TYPE_ORGANIZATION"` - `"RESOURCE_TYPE_USER"` - `"RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `"RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `"RESOURCE_TYPE_GROUP"` - `"RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `"RESOURCE_TYPE_USER_PREFERENCE"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT"` - `"RESOURCE_TYPE_SECRET"` - `"RESOURCE_TYPE_SSO_CONFIG"` - `"RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `"RESOURCE_TYPE_AGENT_EXECUTION"` - `"RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `"RESOURCE_TYPE_AGENT"` - `"RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `"RESOURCE_TYPE_USER_SECRET"` - `"RESOURCE_TYPE_ORGANIZATION_POLICY"` - `"RESOURCE_TYPE_ORGANIZATION_SECRET"` - `"RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_BILLING"` - `"RESOURCE_TYPE_PROMPT"` - `"RESOURCE_TYPE_COUPON"` - `"RESOURCE_TYPE_COUPON_REDEMPTION"` - `"RESOURCE_TYPE_ACCOUNT"` - `"RESOURCE_TYPE_INTEGRATION"` - `"RESOURCE_TYPE_WORKFLOW"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `"RESOURCE_TYPE_SNAPSHOT"` - `"RESOURCE_TYPE_PREBUILD"` - `"RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `"RESOURCE_TYPE_CUSTOM_DOMAIN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `"RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `"RESOURCE_TYPE_WEBHOOK"` - `"RESOURCE_TYPE_SCIM_CONFIGURATION"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `"RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `"RESOURCE_TYPE_WARM_POOL"` - `"RESOURCE_TYPE_NOTIFICATION"` ### Example ```python import os from gitpod import Gitpod client = Gitpod( bearer_token=os.environ.get("GITPOD_API_KEY"), # This is the default and can be omitted ) role_assignment = client.groups.role_assignments.create( group_id="d2c94c27-3b76-4a42-b88c-95a85e392c68", resource_id="f53d2330-3795-4c5d-a1f3-453121af9c60", resource_role="RESOURCE_ROLE_RUNNER_ADMIN", resource_type="RESOURCE_TYPE_RUNNER", ) print(role_assignment.assignment) ``` #### Response ```json { "assignment": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "derivedFromOrgRole": "RESOURCE_ROLE_UNSPECIFIED", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "resourceId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "resourceRole": "RESOURCE_ROLE_UNSPECIFIED", "resourceType": "RESOURCE_TYPE_UNSPECIFIED" } } ``` ## DeleteRoleAssignment `groups.role_assignments.delete(RoleAssignmentDeleteParams**kwargs) -> object` **post** `/gitpod.v1.GroupService/DeleteRoleAssignment` Deletes a role assignment. Use this method to: - Remove group access to resources - Revoke role-based permissions ### Examples - Delete a role assignment: Removes a role assignment by its ID. ```yaml assignmentId: "a1b2c3d4-5678-90ab-cdef-1234567890ab" ``` ### Authorization Requires admin role on the specific resource. ### Parameters - `assignment_id: Optional[str]` ### Returns - `object` ### Example ```python import os from gitpod import Gitpod client = Gitpod( bearer_token=os.environ.get("GITPOD_API_KEY"), # This is the default and can be omitted ) role_assignment = client.groups.role_assignments.delete( assignment_id="a1b2c3d4-5678-90ab-cdef-1234567890ab", ) print(role_assignment) ``` #### Response ```json {} ``` ## ListRoleAssignments `groups.role_assignments.list(RoleAssignmentListParams**kwargs) -> SyncAssignmentsPage[RoleAssignment]` **post** `/gitpod.v1.GroupService/ListRoleAssignments` Lists role assignments for a group or resource. Use this method to: - View all role assignments for a group - Audit resource access - Check which groups have access to resources ### Examples - List role assignments for a group: Shows all role assignments for a specific group. ```yaml filter: groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" pagination: pageSize: 20 ``` - List role assignments by resource type: Shows all role assignments for runners. ```yaml filter: resourceTypes: - RESOURCE_TYPE_RUNNER pagination: pageSize: 20 ``` ### Authorization All organization members can view role assignments (transparency model). ### Parameters - `token: Optional[str]` - `page_size: Optional[int]` - `filter: Optional[Filter]` Filter parameters - `group_id: Optional[str]` group_id filters the response to only role assignments for this specific group Empty string is allowed and means no filtering by group - `resource_id: Optional[str]` Filters by a single resource. Non-admin callers with :grant permission on the resource can see role assignments from groups they don't belong to. Mutually exclusive with resource_ids. - `resource_ids: Optional[Sequence[str]]` Filters by multiple resources in a single request. Non-admin callers with :grant permission on a resource can see all role assignments for that resource, even from groups they don't belong to. The :grant check is applied per-resource within the batch. Mutually exclusive with resource_id. - `resource_roles: Optional[List[ResourceRole]]` resource_roles filters the response to only role assignments with these specific roles - `"RESOURCE_ROLE_UNSPECIFIED"` - `"RESOURCE_ROLE_ORG_ADMIN"` - `"RESOURCE_ROLE_ORG_MEMBER"` - `"RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `"RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `"RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `"RESOURCE_ROLE_GROUP_ADMIN"` - `"RESOURCE_ROLE_GROUP_VIEWER"` - `"RESOURCE_ROLE_USER_IDENTITY"` - `"RESOURCE_ROLE_USER_VIEWER"` - `"RESOURCE_ROLE_USER_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `"RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `"RESOURCE_ROLE_RUNNER_IDENTITY"` - `"RESOURCE_ROLE_RUNNER_ADMIN"` - `"RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `"RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `"RESOURCE_ROLE_RUNNER_USER"` - `"RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `"RESOURCE_ROLE_PROJECT_ADMIN"` - `"RESOURCE_ROLE_PROJECT_USER"` - `"RESOURCE_ROLE_PROJECT_EDITOR"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `"RESOURCE_ROLE_AGENT_ADMIN"` - `"RESOURCE_ROLE_AGENT_VIEWER"` - `"RESOURCE_ROLE_AGENT_EXECUTOR"` - `"RESOURCE_ROLE_WORKFLOW_ADMIN"` - `"RESOURCE_ROLE_WORKFLOW_USER"` - `"RESOURCE_ROLE_WORKFLOW_VIEWER"` - `"RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `"RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `"RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `"RESOURCE_ROLE_WEBHOOK_ADMIN"` - `"RESOURCE_ROLE_WEBHOOK_VIEWER"` - `"RESOURCE_ROLE_WARMPOOL_RUNNER"` - `"RESOURCE_ROLE_WARMPOOL_ADMIN"` - `"RESOURCE_ROLE_WARMPOOL_VIEWER"` - `"RESOURCE_ROLE_SESSION_ADMIN"` - `"RESOURCE_ROLE_SESSION_USER"` - `"RESOURCE_ROLE_TEAM_ADMIN"` - `"RESOURCE_ROLE_TEAM_VIEWER"` - `resource_types: Optional[List[ResourceType]]` resource_types filters the response to only role assignments for these resource types - `"RESOURCE_TYPE_UNSPECIFIED"` - `"RESOURCE_TYPE_ENVIRONMENT"` - `"RESOURCE_TYPE_RUNNER"` - `"RESOURCE_TYPE_PROJECT"` - `"RESOURCE_TYPE_TASK"` - `"RESOURCE_TYPE_TASK_EXECUTION"` - `"RESOURCE_TYPE_SERVICE"` - `"RESOURCE_TYPE_ORGANIZATION"` - `"RESOURCE_TYPE_USER"` - `"RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `"RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `"RESOURCE_TYPE_GROUP"` - `"RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `"RESOURCE_TYPE_USER_PREFERENCE"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT"` - `"RESOURCE_TYPE_SECRET"` - `"RESOURCE_TYPE_SSO_CONFIG"` - `"RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `"RESOURCE_TYPE_AGENT_EXECUTION"` - `"RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `"RESOURCE_TYPE_AGENT"` - `"RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `"RESOURCE_TYPE_USER_SECRET"` - `"RESOURCE_TYPE_ORGANIZATION_POLICY"` - `"RESOURCE_TYPE_ORGANIZATION_SECRET"` - `"RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_BILLING"` - `"RESOURCE_TYPE_PROMPT"` - `"RESOURCE_TYPE_COUPON"` - `"RESOURCE_TYPE_COUPON_REDEMPTION"` - `"RESOURCE_TYPE_ACCOUNT"` - `"RESOURCE_TYPE_INTEGRATION"` - `"RESOURCE_TYPE_WORKFLOW"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `"RESOURCE_TYPE_SNAPSHOT"` - `"RESOURCE_TYPE_PREBUILD"` - `"RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `"RESOURCE_TYPE_CUSTOM_DOMAIN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `"RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `"RESOURCE_TYPE_WEBHOOK"` - `"RESOURCE_TYPE_SCIM_CONFIGURATION"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `"RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `"RESOURCE_TYPE_WARM_POOL"` - `"RESOURCE_TYPE_NOTIFICATION"` - `user_id: Optional[str]` user_id filters the response to only role assignments for groups that this user is a member of Empty string is allowed and means no filtering by user - `pagination: Optional[Pagination]` Pagination parameters - `token: Optional[str]` Token for the next set of results that was returned as next_token of a PaginationResponse - `page_size: Optional[int]` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `class RoleAssignment: …` RoleAssignment represents a role assigned to a group on a specific resource - `id: Optional[str]` Unique identifier for the role assignment - `derived_from_org_role: Optional[ResourceRole]` The org-level role that created this assignment, if any. RESOURCE_ROLE_UNSPECIFIED means this is a direct share (manually created). Non-zero (e.g., ORG_PROJECTS_ADMIN, ORG_RUNNERS_ADMIN) means this assignment was derived from an org-level role. - `"RESOURCE_ROLE_UNSPECIFIED"` - `"RESOURCE_ROLE_ORG_ADMIN"` - `"RESOURCE_ROLE_ORG_MEMBER"` - `"RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `"RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `"RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `"RESOURCE_ROLE_GROUP_ADMIN"` - `"RESOURCE_ROLE_GROUP_VIEWER"` - `"RESOURCE_ROLE_USER_IDENTITY"` - `"RESOURCE_ROLE_USER_VIEWER"` - `"RESOURCE_ROLE_USER_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `"RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `"RESOURCE_ROLE_RUNNER_IDENTITY"` - `"RESOURCE_ROLE_RUNNER_ADMIN"` - `"RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `"RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `"RESOURCE_ROLE_RUNNER_USER"` - `"RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `"RESOURCE_ROLE_PROJECT_ADMIN"` - `"RESOURCE_ROLE_PROJECT_USER"` - `"RESOURCE_ROLE_PROJECT_EDITOR"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `"RESOURCE_ROLE_AGENT_ADMIN"` - `"RESOURCE_ROLE_AGENT_VIEWER"` - `"RESOURCE_ROLE_AGENT_EXECUTOR"` - `"RESOURCE_ROLE_WORKFLOW_ADMIN"` - `"RESOURCE_ROLE_WORKFLOW_USER"` - `"RESOURCE_ROLE_WORKFLOW_VIEWER"` - `"RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `"RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `"RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `"RESOURCE_ROLE_WEBHOOK_ADMIN"` - `"RESOURCE_ROLE_WEBHOOK_VIEWER"` - `"RESOURCE_ROLE_WARMPOOL_RUNNER"` - `"RESOURCE_ROLE_WARMPOOL_ADMIN"` - `"RESOURCE_ROLE_WARMPOOL_VIEWER"` - `"RESOURCE_ROLE_SESSION_ADMIN"` - `"RESOURCE_ROLE_SESSION_USER"` - `"RESOURCE_ROLE_TEAM_ADMIN"` - `"RESOURCE_ROLE_TEAM_VIEWER"` - `group_id: Optional[str]` Group identifier - `organization_id: Optional[str]` Organization identifier - `resource_id: Optional[str]` Resource identifier - `resource_role: Optional[ResourceRole]` Role assigned to the group on this resource - `resource_type: Optional[ResourceType]` Type of resource (runner, project, environment, etc.) - `"RESOURCE_TYPE_UNSPECIFIED"` - `"RESOURCE_TYPE_ENVIRONMENT"` - `"RESOURCE_TYPE_RUNNER"` - `"RESOURCE_TYPE_PROJECT"` - `"RESOURCE_TYPE_TASK"` - `"RESOURCE_TYPE_TASK_EXECUTION"` - `"RESOURCE_TYPE_SERVICE"` - `"RESOURCE_TYPE_ORGANIZATION"` - `"RESOURCE_TYPE_USER"` - `"RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `"RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `"RESOURCE_TYPE_GROUP"` - `"RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `"RESOURCE_TYPE_USER_PREFERENCE"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT"` - `"RESOURCE_TYPE_SECRET"` - `"RESOURCE_TYPE_SSO_CONFIG"` - `"RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `"RESOURCE_TYPE_AGENT_EXECUTION"` - `"RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `"RESOURCE_TYPE_AGENT"` - `"RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `"RESOURCE_TYPE_USER_SECRET"` - `"RESOURCE_TYPE_ORGANIZATION_POLICY"` - `"RESOURCE_TYPE_ORGANIZATION_SECRET"` - `"RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_BILLING"` - `"RESOURCE_TYPE_PROMPT"` - `"RESOURCE_TYPE_COUPON"` - `"RESOURCE_TYPE_COUPON_REDEMPTION"` - `"RESOURCE_TYPE_ACCOUNT"` - `"RESOURCE_TYPE_INTEGRATION"` - `"RESOURCE_TYPE_WORKFLOW"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `"RESOURCE_TYPE_SNAPSHOT"` - `"RESOURCE_TYPE_PREBUILD"` - `"RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `"RESOURCE_TYPE_CUSTOM_DOMAIN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `"RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `"RESOURCE_TYPE_WEBHOOK"` - `"RESOURCE_TYPE_SCIM_CONFIGURATION"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `"RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `"RESOURCE_TYPE_WARM_POOL"` - `"RESOURCE_TYPE_NOTIFICATION"` ### Example ```python import os from gitpod import Gitpod client = Gitpod( bearer_token=os.environ.get("GITPOD_API_KEY"), # This is the default and can be omitted ) page = client.groups.role_assignments.list( filter={ "resource_types": ["RESOURCE_TYPE_RUNNER"] }, pagination={ "page_size": 20 }, ) page = page.assignments[0] print(page.id) ``` #### Response ```json { "assignments": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "derivedFromOrgRole": "RESOURCE_ROLE_UNSPECIFIED", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "resourceId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "resourceRole": "RESOURCE_ROLE_UNSPECIFIED", "resourceType": "RESOURCE_TYPE_UNSPECIFIED" } ], "pagination": { "nextToken": "nextToken" } } ``` ## Domain Types ### Role Assignment - `class RoleAssignment: …` RoleAssignment represents a role assigned to a group on a specific resource - `id: Optional[str]` Unique identifier for the role assignment - `derived_from_org_role: Optional[ResourceRole]` The org-level role that created this assignment, if any. RESOURCE_ROLE_UNSPECIFIED means this is a direct share (manually created). Non-zero (e.g., ORG_PROJECTS_ADMIN, ORG_RUNNERS_ADMIN) means this assignment was derived from an org-level role. - `"RESOURCE_ROLE_UNSPECIFIED"` - `"RESOURCE_ROLE_ORG_ADMIN"` - `"RESOURCE_ROLE_ORG_MEMBER"` - `"RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `"RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `"RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `"RESOURCE_ROLE_GROUP_ADMIN"` - `"RESOURCE_ROLE_GROUP_VIEWER"` - `"RESOURCE_ROLE_USER_IDENTITY"` - `"RESOURCE_ROLE_USER_VIEWER"` - `"RESOURCE_ROLE_USER_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `"RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `"RESOURCE_ROLE_RUNNER_IDENTITY"` - `"RESOURCE_ROLE_RUNNER_ADMIN"` - `"RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `"RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `"RESOURCE_ROLE_RUNNER_USER"` - `"RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `"RESOURCE_ROLE_PROJECT_ADMIN"` - `"RESOURCE_ROLE_PROJECT_USER"` - `"RESOURCE_ROLE_PROJECT_EDITOR"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `"RESOURCE_ROLE_AGENT_ADMIN"` - `"RESOURCE_ROLE_AGENT_VIEWER"` - `"RESOURCE_ROLE_AGENT_EXECUTOR"` - `"RESOURCE_ROLE_WORKFLOW_ADMIN"` - `"RESOURCE_ROLE_WORKFLOW_USER"` - `"RESOURCE_ROLE_WORKFLOW_VIEWER"` - `"RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `"RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `"RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `"RESOURCE_ROLE_WEBHOOK_ADMIN"` - `"RESOURCE_ROLE_WEBHOOK_VIEWER"` - `"RESOURCE_ROLE_WARMPOOL_RUNNER"` - `"RESOURCE_ROLE_WARMPOOL_ADMIN"` - `"RESOURCE_ROLE_WARMPOOL_VIEWER"` - `"RESOURCE_ROLE_SESSION_ADMIN"` - `"RESOURCE_ROLE_SESSION_USER"` - `"RESOURCE_ROLE_TEAM_ADMIN"` - `"RESOURCE_ROLE_TEAM_VIEWER"` - `group_id: Optional[str]` Group identifier - `organization_id: Optional[str]` Organization identifier - `resource_id: Optional[str]` Resource identifier - `resource_role: Optional[ResourceRole]` Role assigned to the group on this resource - `resource_type: Optional[ResourceType]` Type of resource (runner, project, environment, etc.) - `"RESOURCE_TYPE_UNSPECIFIED"` - `"RESOURCE_TYPE_ENVIRONMENT"` - `"RESOURCE_TYPE_RUNNER"` - `"RESOURCE_TYPE_PROJECT"` - `"RESOURCE_TYPE_TASK"` - `"RESOURCE_TYPE_TASK_EXECUTION"` - `"RESOURCE_TYPE_SERVICE"` - `"RESOURCE_TYPE_ORGANIZATION"` - `"RESOURCE_TYPE_USER"` - `"RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `"RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `"RESOURCE_TYPE_GROUP"` - `"RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `"RESOURCE_TYPE_USER_PREFERENCE"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT"` - `"RESOURCE_TYPE_SECRET"` - `"RESOURCE_TYPE_SSO_CONFIG"` - `"RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `"RESOURCE_TYPE_AGENT_EXECUTION"` - `"RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `"RESOURCE_TYPE_AGENT"` - `"RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `"RESOURCE_TYPE_USER_SECRET"` - `"RESOURCE_TYPE_ORGANIZATION_POLICY"` - `"RESOURCE_TYPE_ORGANIZATION_SECRET"` - `"RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_BILLING"` - `"RESOURCE_TYPE_PROMPT"` - `"RESOURCE_TYPE_COUPON"` - `"RESOURCE_TYPE_COUPON_REDEMPTION"` - `"RESOURCE_TYPE_ACCOUNT"` - `"RESOURCE_TYPE_INTEGRATION"` - `"RESOURCE_TYPE_WORKFLOW"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `"RESOURCE_TYPE_SNAPSHOT"` - `"RESOURCE_TYPE_PREBUILD"` - `"RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `"RESOURCE_TYPE_CUSTOM_DOMAIN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `"RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `"RESOURCE_TYPE_WEBHOOK"` - `"RESOURCE_TYPE_SCIM_CONFIGURATION"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `"RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `"RESOURCE_TYPE_WARM_POOL"` - `"RESOURCE_TYPE_NOTIFICATION"` ### Role Assignment Create Response - `class RoleAssignmentCreateResponse: …` - `assignment: Optional[RoleAssignment]` RoleAssignment represents a role assigned to a group on a specific resource - `id: Optional[str]` Unique identifier for the role assignment - `derived_from_org_role: Optional[ResourceRole]` The org-level role that created this assignment, if any. RESOURCE_ROLE_UNSPECIFIED means this is a direct share (manually created). Non-zero (e.g., ORG_PROJECTS_ADMIN, ORG_RUNNERS_ADMIN) means this assignment was derived from an org-level role. - `"RESOURCE_ROLE_UNSPECIFIED"` - `"RESOURCE_ROLE_ORG_ADMIN"` - `"RESOURCE_ROLE_ORG_MEMBER"` - `"RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `"RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `"RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `"RESOURCE_ROLE_GROUP_ADMIN"` - `"RESOURCE_ROLE_GROUP_VIEWER"` - `"RESOURCE_ROLE_USER_IDENTITY"` - `"RESOURCE_ROLE_USER_VIEWER"` - `"RESOURCE_ROLE_USER_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `"RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `"RESOURCE_ROLE_RUNNER_IDENTITY"` - `"RESOURCE_ROLE_RUNNER_ADMIN"` - `"RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `"RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `"RESOURCE_ROLE_RUNNER_USER"` - `"RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `"RESOURCE_ROLE_PROJECT_ADMIN"` - `"RESOURCE_ROLE_PROJECT_USER"` - `"RESOURCE_ROLE_PROJECT_EDITOR"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `"RESOURCE_ROLE_AGENT_ADMIN"` - `"RESOURCE_ROLE_AGENT_VIEWER"` - `"RESOURCE_ROLE_AGENT_EXECUTOR"` - `"RESOURCE_ROLE_WORKFLOW_ADMIN"` - `"RESOURCE_ROLE_WORKFLOW_USER"` - `"RESOURCE_ROLE_WORKFLOW_VIEWER"` - `"RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `"RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `"RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `"RESOURCE_ROLE_WEBHOOK_ADMIN"` - `"RESOURCE_ROLE_WEBHOOK_VIEWER"` - `"RESOURCE_ROLE_WARMPOOL_RUNNER"` - `"RESOURCE_ROLE_WARMPOOL_ADMIN"` - `"RESOURCE_ROLE_WARMPOOL_VIEWER"` - `"RESOURCE_ROLE_SESSION_ADMIN"` - `"RESOURCE_ROLE_SESSION_USER"` - `"RESOURCE_ROLE_TEAM_ADMIN"` - `"RESOURCE_ROLE_TEAM_VIEWER"` - `group_id: Optional[str]` Group identifier - `organization_id: Optional[str]` Organization identifier - `resource_id: Optional[str]` Resource identifier - `resource_role: Optional[ResourceRole]` Role assigned to the group on this resource - `resource_type: Optional[ResourceType]` Type of resource (runner, project, environment, etc.) - `"RESOURCE_TYPE_UNSPECIFIED"` - `"RESOURCE_TYPE_ENVIRONMENT"` - `"RESOURCE_TYPE_RUNNER"` - `"RESOURCE_TYPE_PROJECT"` - `"RESOURCE_TYPE_TASK"` - `"RESOURCE_TYPE_TASK_EXECUTION"` - `"RESOURCE_TYPE_SERVICE"` - `"RESOURCE_TYPE_ORGANIZATION"` - `"RESOURCE_TYPE_USER"` - `"RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `"RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `"RESOURCE_TYPE_GROUP"` - `"RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `"RESOURCE_TYPE_USER_PREFERENCE"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT"` - `"RESOURCE_TYPE_SECRET"` - `"RESOURCE_TYPE_SSO_CONFIG"` - `"RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `"RESOURCE_TYPE_AGENT_EXECUTION"` - `"RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `"RESOURCE_TYPE_AGENT"` - `"RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `"RESOURCE_TYPE_USER_SECRET"` - `"RESOURCE_TYPE_ORGANIZATION_POLICY"` - `"RESOURCE_TYPE_ORGANIZATION_SECRET"` - `"RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_BILLING"` - `"RESOURCE_TYPE_PROMPT"` - `"RESOURCE_TYPE_COUPON"` - `"RESOURCE_TYPE_COUPON_REDEMPTION"` - `"RESOURCE_TYPE_ACCOUNT"` - `"RESOURCE_TYPE_INTEGRATION"` - `"RESOURCE_TYPE_WORKFLOW"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `"RESOURCE_TYPE_SNAPSHOT"` - `"RESOURCE_TYPE_PREBUILD"` - `"RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `"RESOURCE_TYPE_CUSTOM_DOMAIN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `"RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `"RESOURCE_TYPE_WEBHOOK"` - `"RESOURCE_TYPE_SCIM_CONFIGURATION"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `"RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `"RESOURCE_TYPE_WARM_POOL"` - `"RESOURCE_TYPE_NOTIFICATION"`