## CreateRoleAssignment `groups.role_assignments.create(RoleAssignmentCreateParams**kwargs) -> RoleAssignmentCreateResponse` **post** `/gitpod.v1.GroupService/CreateRoleAssignment` Creates a role assignment for a group on a resource. Use this method to: - Assign specific roles to groups on runners, projects, or environments - Grant group-based access to resources ### Examples - Assign admin role on a runner: Grants the group admin access to a runner. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" resourceType: RESOURCE_TYPE_RUNNER resourceId: "f53d2330-3795-4c5d-a1f3-453121af9c60" resourceRole: RESOURCE_ROLE_RUNNER_ADMIN ``` - Assign user role on a project: Grants the group user access to a project. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" resourceType: RESOURCE_TYPE_PROJECT resourceId: "a1b2c3d4-5678-90ab-cdef-1234567890ab" resourceRole: RESOURCE_ROLE_PROJECT_USER ``` ### Authorization Requires admin role on the specific resource. ### Parameters - `group_id: Optional[str]` - `resource_id: Optional[str]` - `resource_role: Optional[ResourceRole]` ResourceRole represents roles that can be assigned to groups on resources These map directly to the roles defined in backend/db/rule/rbac/role/role.go - `"RESOURCE_ROLE_UNSPECIFIED"` - `"RESOURCE_ROLE_ORG_ADMIN"` - `"RESOURCE_ROLE_ORG_MEMBER"` - `"RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `"RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `"RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `"RESOURCE_ROLE_GROUP_ADMIN"` - `"RESOURCE_ROLE_GROUP_VIEWER"` - `"RESOURCE_ROLE_USER_IDENTITY"` - `"RESOURCE_ROLE_USER_VIEWER"` - `"RESOURCE_ROLE_USER_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `"RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `"RESOURCE_ROLE_RUNNER_IDENTITY"` - `"RESOURCE_ROLE_RUNNER_ADMIN"` - `"RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `"RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `"RESOURCE_ROLE_RUNNER_USER"` - `"RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `"RESOURCE_ROLE_PROJECT_ADMIN"` - `"RESOURCE_ROLE_PROJECT_USER"` - `"RESOURCE_ROLE_PROJECT_EDITOR"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `"RESOURCE_ROLE_AGENT_ADMIN"` - `"RESOURCE_ROLE_AGENT_VIEWER"` - `"RESOURCE_ROLE_AGENT_EXECUTOR"` - `"RESOURCE_ROLE_WORKFLOW_ADMIN"` - `"RESOURCE_ROLE_WORKFLOW_USER"` - `"RESOURCE_ROLE_WORKFLOW_VIEWER"` - `"RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `"RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `"RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `"RESOURCE_ROLE_WEBHOOK_ADMIN"` - `"RESOURCE_ROLE_WEBHOOK_VIEWER"` - `"RESOURCE_ROLE_WARMPOOL_RUNNER"` - `"RESOURCE_ROLE_WARMPOOL_ADMIN"` - `"RESOURCE_ROLE_WARMPOOL_VIEWER"` - `"RESOURCE_ROLE_SESSION_ADMIN"` - `"RESOURCE_ROLE_SESSION_USER"` - `"RESOURCE_ROLE_TEAM_ADMIN"` - `"RESOURCE_ROLE_TEAM_VIEWER"` - `resource_type: Optional[ResourceType]` - `"RESOURCE_TYPE_UNSPECIFIED"` - `"RESOURCE_TYPE_ENVIRONMENT"` - `"RESOURCE_TYPE_RUNNER"` - `"RESOURCE_TYPE_PROJECT"` - `"RESOURCE_TYPE_TASK"` - `"RESOURCE_TYPE_TASK_EXECUTION"` - `"RESOURCE_TYPE_SERVICE"` - `"RESOURCE_TYPE_ORGANIZATION"` - `"RESOURCE_TYPE_USER"` - `"RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `"RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `"RESOURCE_TYPE_GROUP"` - `"RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `"RESOURCE_TYPE_USER_PREFERENCE"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT"` - `"RESOURCE_TYPE_SECRET"` - `"RESOURCE_TYPE_SSO_CONFIG"` - `"RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `"RESOURCE_TYPE_AGENT_EXECUTION"` - `"RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `"RESOURCE_TYPE_AGENT"` - `"RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `"RESOURCE_TYPE_USER_SECRET"` - `"RESOURCE_TYPE_ORGANIZATION_POLICY"` - `"RESOURCE_TYPE_ORGANIZATION_SECRET"` - `"RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_BILLING"` - `"RESOURCE_TYPE_PROMPT"` - `"RESOURCE_TYPE_COUPON"` - `"RESOURCE_TYPE_COUPON_REDEMPTION"` - `"RESOURCE_TYPE_ACCOUNT"` - `"RESOURCE_TYPE_INTEGRATION"` - `"RESOURCE_TYPE_WORKFLOW"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `"RESOURCE_TYPE_SNAPSHOT"` - `"RESOURCE_TYPE_PREBUILD"` - `"RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `"RESOURCE_TYPE_CUSTOM_DOMAIN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `"RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `"RESOURCE_TYPE_WEBHOOK"` - `"RESOURCE_TYPE_SCIM_CONFIGURATION"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `"RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `"RESOURCE_TYPE_WARM_POOL"` - `"RESOURCE_TYPE_NOTIFICATION"` ### Returns - `class RoleAssignmentCreateResponse: …` - `assignment: Optional[RoleAssignment]` RoleAssignment represents a role assigned to a group on a specific resource - `id: Optional[str]` Unique identifier for the role assignment - `derived_from_org_role: Optional[ResourceRole]` The org-level role that created this assignment, if any. RESOURCE_ROLE_UNSPECIFIED means this is a direct share (manually created). Non-zero (e.g., ORG_PROJECTS_ADMIN, ORG_RUNNERS_ADMIN) means this assignment was derived from an org-level role. - `"RESOURCE_ROLE_UNSPECIFIED"` - `"RESOURCE_ROLE_ORG_ADMIN"` - `"RESOURCE_ROLE_ORG_MEMBER"` - `"RESOURCE_ROLE_ORG_RUNNERS_ADMIN"` - `"RESOURCE_ROLE_ORG_PROJECTS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"` - `"RESOURCE_ROLE_ORG_GROUPS_ADMIN"` - `"RESOURCE_ROLE_ORG_AUDIT_LOG_READER"` - `"RESOURCE_ROLE_GROUP_ADMIN"` - `"RESOURCE_ROLE_GROUP_VIEWER"` - `"RESOURCE_ROLE_USER_IDENTITY"` - `"RESOURCE_ROLE_USER_VIEWER"` - `"RESOURCE_ROLE_USER_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_IDENTITY"` - `"RESOURCE_ROLE_ENVIRONMENT_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_RUNNER"` - `"RESOURCE_ROLE_RUNNER_IDENTITY"` - `"RESOURCE_ROLE_RUNNER_ADMIN"` - `"RESOURCE_ROLE_RUNNER_LOCAL_ADMIN"` - `"RESOURCE_ROLE_RUNNER_MANAGED_ADMIN"` - `"RESOURCE_ROLE_RUNNER_USER"` - `"RESOURCE_ROLE_RUNNER_CONFIGURATION_READER"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_ADMIN"` - `"RESOURCE_ROLE_HOST_AUTHENTICATION_TOKEN_UPDATER"` - `"RESOURCE_ROLE_PROJECT_ADMIN"` - `"RESOURCE_ROLE_PROJECT_USER"` - `"RESOURCE_ROLE_PROJECT_EDITOR"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_SERVICE_ENV"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ADMIN"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_VIEWER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_USER"` - `"RESOURCE_ROLE_ENVIRONMENT_TASK_ENV"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_IDENTITY"` - `"RESOURCE_ROLE_SERVICE_ACCOUNT_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_USER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_ADMIN"` - `"RESOURCE_ROLE_AGENT_EXECUTION_RUNNER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_OUTPUTS_REPORTER"` - `"RESOURCE_ROLE_AGENT_EXECUTION_VIEWER"` - `"RESOURCE_ROLE_AGENT_ADMIN"` - `"RESOURCE_ROLE_AGENT_VIEWER"` - `"RESOURCE_ROLE_AGENT_EXECUTOR"` - `"RESOURCE_ROLE_WORKFLOW_ADMIN"` - `"RESOURCE_ROLE_WORKFLOW_USER"` - `"RESOURCE_ROLE_WORKFLOW_VIEWER"` - `"RESOURCE_ROLE_WORKFLOW_EXECUTOR"` - `"RESOURCE_ROLE_SNAPSHOT_ADMIN"` - `"RESOURCE_ROLE_SNAPSHOT_RUNNER"` - `"RESOURCE_ROLE_WEBHOOK_ADMIN"` - `"RESOURCE_ROLE_WEBHOOK_VIEWER"` - `"RESOURCE_ROLE_WARMPOOL_RUNNER"` - `"RESOURCE_ROLE_WARMPOOL_ADMIN"` - `"RESOURCE_ROLE_WARMPOOL_VIEWER"` - `"RESOURCE_ROLE_SESSION_ADMIN"` - `"RESOURCE_ROLE_SESSION_USER"` - `"RESOURCE_ROLE_TEAM_ADMIN"` - `"RESOURCE_ROLE_TEAM_VIEWER"` - `group_id: Optional[str]` Group identifier - `organization_id: Optional[str]` Organization identifier - `resource_id: Optional[str]` Resource identifier - `resource_role: Optional[ResourceRole]` Role assigned to the group on this resource - `resource_type: Optional[ResourceType]` Type of resource (runner, project, environment, etc.) - `"RESOURCE_TYPE_UNSPECIFIED"` - `"RESOURCE_TYPE_ENVIRONMENT"` - `"RESOURCE_TYPE_RUNNER"` - `"RESOURCE_TYPE_PROJECT"` - `"RESOURCE_TYPE_TASK"` - `"RESOURCE_TYPE_TASK_EXECUTION"` - `"RESOURCE_TYPE_SERVICE"` - `"RESOURCE_TYPE_ORGANIZATION"` - `"RESOURCE_TYPE_USER"` - `"RESOURCE_TYPE_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_RUNNER_SCM_INTEGRATION"` - `"RESOURCE_TYPE_HOST_AUTHENTICATION_TOKEN"` - `"RESOURCE_TYPE_GROUP"` - `"RESOURCE_TYPE_PERSONAL_ACCESS_TOKEN"` - `"RESOURCE_TYPE_USER_PREFERENCE"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT"` - `"RESOURCE_TYPE_SECRET"` - `"RESOURCE_TYPE_SSO_CONFIG"` - `"RESOURCE_TYPE_DOMAIN_VERIFICATION"` - `"RESOURCE_TYPE_AGENT_EXECUTION"` - `"RESOURCE_TYPE_RUNNER_LLM_INTEGRATION"` - `"RESOURCE_TYPE_AGENT"` - `"RESOURCE_TYPE_ENVIRONMENT_SESSION"` - `"RESOURCE_TYPE_USER_SECRET"` - `"RESOURCE_TYPE_ORGANIZATION_POLICY"` - `"RESOURCE_TYPE_ORGANIZATION_SECRET"` - `"RESOURCE_TYPE_PROJECT_ENVIRONMENT_CLASS"` - `"RESOURCE_TYPE_BILLING"` - `"RESOURCE_TYPE_PROMPT"` - `"RESOURCE_TYPE_COUPON"` - `"RESOURCE_TYPE_COUPON_REDEMPTION"` - `"RESOURCE_TYPE_ACCOUNT"` - `"RESOURCE_TYPE_INTEGRATION"` - `"RESOURCE_TYPE_WORKFLOW"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION"` - `"RESOURCE_TYPE_WORKFLOW_EXECUTION_ACTION"` - `"RESOURCE_TYPE_SNAPSHOT"` - `"RESOURCE_TYPE_PREBUILD"` - `"RESOURCE_TYPE_ORGANIZATION_LLM_INTEGRATION"` - `"RESOURCE_TYPE_CUSTOM_DOMAIN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT_CHANGED"` - `"RESOURCE_TYPE_GROUP_MEMBERSHIP_CHANGED"` - `"RESOURCE_TYPE_WEBHOOK"` - `"RESOURCE_TYPE_SCIM_CONFIGURATION"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_SECRET"` - `"RESOURCE_TYPE_ANNOUNCEMENT_BANNER"` - `"RESOURCE_TYPE_SERVICE_ACCOUNT_TOKEN"` - `"RESOURCE_TYPE_ROLE_ASSIGNMENT"` - `"RESOURCE_TYPE_WARM_POOL"` - `"RESOURCE_TYPE_NOTIFICATION"` ### Example ```python import os from gitpod import Gitpod client = Gitpod( bearer_token=os.environ.get("GITPOD_API_KEY"), # This is the default and can be omitted ) role_assignment = client.groups.role_assignments.create( group_id="d2c94c27-3b76-4a42-b88c-95a85e392c68", resource_id="f53d2330-3795-4c5d-a1f3-453121af9c60", resource_role="RESOURCE_ROLE_RUNNER_ADMIN", resource_type="RESOURCE_TYPE_RUNNER", ) print(role_assignment.assignment) ``` #### Response ```json { "assignment": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "derivedFromOrgRole": "RESOURCE_ROLE_UNSPECIFIED", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "resourceId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "resourceRole": "RESOURCE_ROLE_UNSPECIFIED", "resourceType": "RESOURCE_TYPE_UNSPECIFIED" } } ```