Assign User to Role
Add a user to a role. The user will inherit access to all resources assigned to this role and be subject to the role's session duration limits.
Request
POST https://api.entryguard.io/api/v1/roles/{id}/users/{userId}
Authentication
Requires a valid Bearer JWT token with ORG_ADMIN role.
Authorization: Bearer <access_token>
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | The unique identifier of the role |
userId | UUID | Yes | The unique identifier of the user to assign |
Request Body
No request body is required.
Response
Success Response
Status Code: 200 OK
{
"message": "User assigned to role successfully"
}
Error Responses
| Status Code | Description |
|---|---|
400 Bad Request | User is already assigned to this role |
401 Unauthorized | Missing or invalid authentication token |
403 Forbidden | User does not have ORG_ADMIN role |
404 Not Found | Role or user with the specified ID does not exist in this organization |
429 Too Many Requests | Rate limit exceeded |
500 Internal Server Error | Server error occurred |
Error Response Examples:
{
"timestamp": "2026-02-18T10:30:00Z",
"status": 404,
"error": "Not Found",
"message": "Role not found with id: 550e8400-e29b-41d4-a716-446655440000",
"path": "/api/v1/roles/550e8400-e29b-41d4-a716-446655440000/users/770e8400-e29b-41d4-a716-446655440003"
}
{
"timestamp": "2026-02-18T10:30:00Z",
"status": 404,
"error": "Not Found",
"message": "User not found with id: 770e8400-e29b-41d4-a716-446655440003",
"path": "/api/v1/roles/550e8400-e29b-41d4-a716-446655440000/users/770e8400-e29b-41d4-a716-446655440003"
}
{
"timestamp": "2026-02-18T10:30:00Z",
"status": 400,
"error": "Bad Request",
"message": "User already assigned to this role",
"path": "/api/v1/roles/550e8400-e29b-41d4-a716-446655440000/users/770e8400-e29b-41d4-a716-446655440003"
}
Example
Request
curl -X POST https://api.entryguard.io/api/v1/roles/550e8400-e29b-41d4-a716-446655440000/users/770e8400-e29b-41d4-a716-446655440003 \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Response
{
"message": "User assigned to role successfully"
}
Notes
- Users can be assigned to multiple roles
- Users inherit access to all resources from all their assigned roles
- If multiple roles have different
maxSessionDurationHours, the maximum value applies - Changes take effect immediately
- Existing active sessions are not affected