Authorization
in package
Table of Contents
Properties
Methods
- __construct() : mixed
- addEnvironmentRolePermission() : Role
- Add a permission to an environment role
- addOrganizationRolePermission() : Role
- Add a permission to a custom role
- assignRole() : RoleAssignment
- Assign a role
- check() : AuthorizationCheck
- Check authorization
- createEnvironmentRole() : Role
- Create an environment role
- createOrganizationRole() : Role
- Create a custom role
- createPermission() : Permission
- Create a permission
- createResource() : AuthorizationResource
- Create an authorization resource
- deleteOrganizationRole() : void
- Delete a custom role
- deletePermission() : void
- Delete a permission
- deleteResource() : void
- Delete an authorization resource
- deleteResourceByExternalId() : void
- Delete an authorization resource by external ID
- getEnvironmentRole() : Role
- Get an environment role
- getOrganizationRole() : Role
- Get a custom role
- getPermission() : AuthorizationPermission
- Get a permission
- getResource() : AuthorizationResource
- Get a resource
- getResourceByExternalId() : AuthorizationResource
- Get a resource by external ID
- listEffectivePermissions() : PaginatedResponse<string|int, AuthorizationPermission>
- List effective permissions for an organization membership on a resource
- listEffectivePermissionsByExternalId() : PaginatedResponse<string|int, AuthorizationPermission>
- List effective permissions for an organization membership on a resource by external ID
- listEnvironmentRoles() : RoleList
- List environment roles
- listMembershipsForResource() : PaginatedResponse<string|int, UserOrganizationMembershipBaseListData>
- List organization memberships for resource
- listMembershipsForResourceByExternalId() : PaginatedResponse<string|int, UserOrganizationMembershipBaseListData>
- List memberships for a resource by external ID
- listOrganizationRoles() : RoleList
- List custom roles
- listPermissions() : PaginatedResponse<string|int, AuthorizationPermission>
- List permissions
- listResources() : PaginatedResponse<string|int, AuthorizationResource>
- List resources
- listResourcesForMembership() : PaginatedResponse<string|int, AuthorizationResource>
- List resources for organization membership
- listRoleAssignments() : PaginatedResponse<string|int, RoleAssignment>
- List role assignments
- removeOrganizationRolePermission() : void
- Remove a permission from a custom role
- removeRole() : void
- Remove a role assignment
- removeRoleAssignment() : void
- Remove a role assignment by ID
- setEnvironmentRolePermissions() : Role
- Set permissions for an environment role
- setOrganizationRolePermissions() : Role
- Set permissions for a custom role
- updateEnvironmentRole() : Role
- Update an environment role
- updateOrganizationRole() : Role
- Update a custom role
- updatePermission() : AuthorizationPermission
- Update a permission
- updateResource() : AuthorizationResource
- Update a resource
- updateResourceByExternalId() : AuthorizationResource
- Update a resource by external ID
Properties
$client read-only
private
HttpClient
$client
Methods
__construct()
public
__construct(HttpClient $client) : mixed
Parameters
- $client : HttpClient
addEnvironmentRolePermission()
Add a permission to an environment role
public
addEnvironmentRolePermission(string $slug, string $bodySlug[, RequestOptions|null $options = null ]) : Role
Add a single permission to an environment role. If the permission is already assigned to the role, this operation has no effect.
Parameters
- $slug : string
-
The slug of the environment role.
- $bodySlug : string
-
The slug of the permission to add to the role.
- $options : RequestOptions|null = null
Tags
Return values
RoleaddOrganizationRolePermission()
Add a permission to a custom role
public
addOrganizationRolePermission(string $organizationId, string $slug, string $bodySlug[, RequestOptions|null $options = null ]) : Role
Add a single permission to a custom role. If the permission is already assigned to the role, this operation has no effect.
Parameters
- $organizationId : string
-
The ID of the organization.
- $slug : string
-
The slug of the role.
- $bodySlug : string
-
The slug of the permission to add to the role.
- $options : RequestOptions|null = null
Tags
Return values
RoleassignRole()
Assign a role
public
assignRole(string $organizationMembershipId, string $roleSlug, ResourceTargetById|ResourceTargetByExternalId $resourceTarget[, RequestOptions|null $options = null ]) : RoleAssignment
Assign a role to an organization membership on a specific resource.
Parameters
- $organizationMembershipId : string
-
The ID of the organization membership.
- $roleSlug : string
-
The slug of the role to assign.
- $resourceTarget : ResourceTargetById|ResourceTargetByExternalId
- $options : RequestOptions|null = null
Tags
Return values
RoleAssignmentcheck()
Check authorization
public
check(string $organizationMembershipId, string $permissionSlug, ResourceTargetById|ResourceTargetByExternalId $resourceTarget[, RequestOptions|null $options = null ]) : AuthorizationCheck
Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug.
Parameters
- $organizationMembershipId : string
-
The ID of the organization membership to check.
- $permissionSlug : string
-
The slug of the permission to check.
- $resourceTarget : ResourceTargetById|ResourceTargetByExternalId
- $options : RequestOptions|null = null
Tags
Return values
AuthorizationCheckcreateEnvironmentRole()
Create an environment role
public
createEnvironmentRole(string $slug, string $name[, string|null $description = null ][, string|null $resourceTypeSlug = null ][, RequestOptions|null $options = null ]) : Role
Create a new environment role.
Parameters
- $slug : string
-
A unique slug for the role.
- $name : string
-
A descriptive name for the role.
- $description : string|null = null
-
An optional description of the role.
- $resourceTypeSlug : string|null = null
-
The slug of the resource type the role is scoped to.
- $options : RequestOptions|null = null
Tags
Return values
RolecreateOrganizationRole()
Create a custom role
public
createOrganizationRole(string $organizationId, string $name[, string|null $slug = null ][, string|null $description = null ][, string|null $resourceTypeSlug = null ][, RequestOptions|null $options = null ]) : Role
Create a new custom role for this organization.
Parameters
- $organizationId : string
-
The ID of the organization.
- $name : string
-
A descriptive name for the role.
- $slug : string|null = null
-
A unique identifier for the role within the organization. When provided, must begin with 'org-' and contain only lowercase letters, numbers, hyphens, and underscores. When omitted, a slug is auto-generated from the role name and a random suffix.
- $description : string|null = null
-
An optional description of the role's purpose.
- $resourceTypeSlug : string|null = null
-
The slug of the resource type the role is scoped to.
- $options : RequestOptions|null = null
Tags
Return values
RolecreatePermission()
Create a permission
public
createPermission(string $slug, string $name[, string|null $description = null ][, string|null $resourceTypeSlug = null ][, RequestOptions|null $options = null ]) : Permission
Create a new permission in your WorkOS environment. The permission can then be assigned to environment roles and custom roles.
Parameters
- $slug : string
-
A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
- $name : string
-
A descriptive name for the Permission.
- $description : string|null = null
-
An optional description of the Permission.
- $resourceTypeSlug : string|null = null
-
The slug of the resource type this permission is scoped to.
- $options : RequestOptions|null = null
Tags
Return values
PermissioncreateResource()
Create an authorization resource
public
createResource(string $externalId, string $name, string $resourceTypeSlug, string $organizationId[, string|null $description = null ][, null|ParentResourceById|ParentResourceByExternalId $parentResource = null ][, RequestOptions|null $options = null ]) : AuthorizationResource
Create a new authorization resource.
Parameters
- $externalId : string
-
An external identifier for the resource.
- $name : string
-
A display name for the resource.
- $resourceTypeSlug : string
-
The slug of the resource type.
- $organizationId : string
-
The ID of the organization this resource belongs to.
- $description : string|null = null
-
An optional description of the resource.
- $parentResource : null|ParentResourceById|ParentResourceByExternalId = null
- $options : RequestOptions|null = null
Tags
Return values
AuthorizationResourcedeleteOrganizationRole()
Delete a custom role
public
deleteOrganizationRole(string $organizationId, string $slug[, RequestOptions|null $options = null ]) : void
Delete an existing custom role.
Parameters
- $organizationId : string
-
The ID of the organization.
- $slug : string
-
The slug of the role.
- $options : RequestOptions|null = null
Tags
deletePermission()
Delete a permission
public
deletePermission(string $slug[, RequestOptions|null $options = null ]) : void
Delete an existing permission. System permissions cannot be deleted.
Parameters
- $slug : string
-
A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
- $options : RequestOptions|null = null
Tags
deleteResource()
Delete an authorization resource
public
deleteResource(string $resourceId[, bool|null $cascadeDelete = null ][, RequestOptions|null $options = null ]) : void
Delete an authorization resource and all its descendants.
Parameters
- $resourceId : string
-
The ID of the authorization resource.
- $cascadeDelete : bool|null = null
-
If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail. Defaults to false.
- $options : RequestOptions|null = null
Tags
deleteResourceByExternalId()
Delete an authorization resource by external ID
public
deleteResourceByExternalId(string $organizationId, string $resourceTypeSlug, string $externalId[, bool|null $cascadeDelete = null ][, RequestOptions|null $options = null ]) : void
Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources.
Parameters
- $organizationId : string
-
The ID of the organization that owns the resource.
- $resourceTypeSlug : string
-
The slug of the resource type.
- $externalId : string
-
An identifier you provide to reference the resource in your system.
- $cascadeDelete : bool|null = null
-
If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail. Defaults to false.
- $options : RequestOptions|null = null
Tags
getEnvironmentRole()
Get an environment role
public
getEnvironmentRole(string $slug[, RequestOptions|null $options = null ]) : Role
Get an environment role by its slug.
Parameters
- $slug : string
-
The slug of the environment role.
- $options : RequestOptions|null = null
Tags
Return values
RolegetOrganizationRole()
Get a custom role
public
getOrganizationRole(string $organizationId, string $slug[, RequestOptions|null $options = null ]) : Role
Retrieve a role that applies to an organization by its slug. This can return either an environment role or a custom role.
Parameters
- $organizationId : string
-
The ID of the organization.
- $slug : string
-
The slug of the role.
- $options : RequestOptions|null = null
Tags
Return values
RolegetPermission()
Get a permission
public
getPermission(string $slug[, RequestOptions|null $options = null ]) : AuthorizationPermission
Retrieve a permission by its unique slug.
Parameters
- $slug : string
-
A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
- $options : RequestOptions|null = null
Tags
Return values
AuthorizationPermissiongetResource()
Get a resource
public
getResource(string $resourceId[, RequestOptions|null $options = null ]) : AuthorizationResource
Retrieve the details of an authorization resource by its ID.
Parameters
- $resourceId : string
-
The ID of the authorization resource.
- $options : RequestOptions|null = null
Tags
Return values
AuthorizationResourcegetResourceByExternalId()
Get a resource by external ID
public
getResourceByExternalId(string $organizationId, string $resourceTypeSlug, string $externalId[, RequestOptions|null $options = null ]) : AuthorizationResource
Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details.
Parameters
- $organizationId : string
-
The ID of the organization that owns the resource.
- $resourceTypeSlug : string
-
The slug of the resource type.
- $externalId : string
-
An identifier you provide to reference the resource in your system.
- $options : RequestOptions|null = null
Tags
Return values
AuthorizationResourcelistEffectivePermissions()
List effective permissions for an organization membership on a resource
public
listEffectivePermissions(string $organizationMembershipId, string $resourceId[, string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, AuthorizationPermission>
Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources.
Parameters
- $organizationMembershipId : string
-
The ID of the organization membership.
- $resourceId : string
-
The ID of the authorization resource.
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includebefore="obj_123"to fetch a new batch of objects before"obj_123". - $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includeafter="obj_123"to fetch a new batch of objects after"obj_123". - $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Supported values are
"asc"(ascending),"desc"(descending), and"normal"(descending with reversed cursor semantics wherebeforefetches older records andafterfetches newer records). Defaults to descending. Defaults to "desc". - $options : RequestOptions|null = null
Tags
Return values
PaginatedResponse<string|int, AuthorizationPermission>listEffectivePermissionsByExternalId()
List effective permissions for an organization membership on a resource by external ID
public
listEffectivePermissionsByExternalId(string $organizationMembershipId, string $resourceTypeSlug, string $externalId[, string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, AuthorizationPermission>
Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources.
Parameters
- $organizationMembershipId : string
-
The ID of the organization membership.
- $resourceTypeSlug : string
-
The slug of the resource type.
- $externalId : string
-
An identifier you provide to reference the resource in your system.
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includebefore="obj_123"to fetch a new batch of objects before"obj_123". - $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includeafter="obj_123"to fetch a new batch of objects after"obj_123". - $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Supported values are
"asc"(ascending),"desc"(descending), and"normal"(descending with reversed cursor semantics wherebeforefetches older records andafterfetches newer records). Defaults to descending. Defaults to "desc". - $options : RequestOptions|null = null
Tags
Return values
PaginatedResponse<string|int, AuthorizationPermission>listEnvironmentRoles()
List environment roles
public
listEnvironmentRoles([RequestOptions|null $options = null ]) : RoleList
List all environment roles in priority order.
Parameters
- $options : RequestOptions|null = null
Tags
Return values
RoleListlistMembershipsForResource()
List organization memberships for resource
public
listMembershipsForResource(string $resourceId, string $permissionSlug[, string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, AuthorizationAssignment|null $assignment = null ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, UserOrganizationMembershipBaseListData>
Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?".
Parameters
- $resourceId : string
-
The ID of the authorization resource.
- $permissionSlug : string
-
The permission slug to filter by. Only users with this permission on the resource are returned.
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includebefore="obj_123"to fetch a new batch of objects before"obj_123". - $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includeafter="obj_123"to fetch a new batch of objects after"obj_123". - $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Supported values are
"asc"(ascending),"desc"(descending), and"normal"(descending with reversed cursor semantics wherebeforefetches older records andafterfetches newer records). Defaults to descending. Defaults to "desc". - $assignment : AuthorizationAssignment|null = null
-
Filter by assignment type. Use
directfor direct assignments only, orindirectto include inherited assignments. - $options : RequestOptions|null = null
Tags
Return values
PaginatedResponse<string|int, UserOrganizationMembershipBaseListData>listMembershipsForResourceByExternalId()
List memberships for a resource by external ID
public
listMembershipsForResourceByExternalId(string $organizationId, string $resourceTypeSlug, string $externalId, string $permissionSlug[, string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, AuthorizationAssignment|null $assignment = null ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, UserOrganizationMembershipBaseListData>
Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID.
Parameters
- $organizationId : string
-
The ID of the organization that owns the resource.
- $resourceTypeSlug : string
-
The slug of the resource type this resource belongs to.
- $externalId : string
-
An identifier you provide to reference the resource in your system.
- $permissionSlug : string
-
The permission slug to filter by. Only users with this permission on the resource are returned.
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includebefore="obj_123"to fetch a new batch of objects before"obj_123". - $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includeafter="obj_123"to fetch a new batch of objects after"obj_123". - $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Supported values are
"asc"(ascending),"desc"(descending), and"normal"(descending with reversed cursor semantics wherebeforefetches older records andafterfetches newer records). Defaults to descending. Defaults to "desc". - $assignment : AuthorizationAssignment|null = null
-
Filter by assignment type. Use "direct" for direct assignments only, or "indirect" to include inherited assignments.
- $options : RequestOptions|null = null
Tags
Return values
PaginatedResponse<string|int, UserOrganizationMembershipBaseListData>listOrganizationRoles()
List custom roles
public
listOrganizationRoles(string $organizationId[, RequestOptions|null $options = null ]) : RoleList
Get a list of all roles that apply to an organization. This includes both environment roles and custom roles, returned in priority order.
Parameters
- $organizationId : string
-
The ID of the organization.
- $options : RequestOptions|null = null
Tags
Return values
RoleListlistPermissions()
List permissions
public
listPermissions([string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, AuthorizationPermission>
Get a list of all permissions in your WorkOS environment.
Parameters
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includebefore="obj_123"to fetch a new batch of objects before"obj_123". - $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includeafter="obj_123"to fetch a new batch of objects after"obj_123". - $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Supported values are
"asc"(ascending),"desc"(descending), and"normal"(descending with reversed cursor semantics wherebeforefetches older records andafterfetches newer records). Defaults to descending. Defaults to "desc". - $options : RequestOptions|null = null
Tags
Return values
PaginatedResponse<string|int, AuthorizationPermission>listResources()
List resources
public
listResources([null|ParentById|ParentByExternalId $parent = null ][, string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, string|null $organizationId = null ][, string|null $resourceTypeSlug = null ][, string|null $resourceExternalId = null ][, string|null $search = null ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, AuthorizationResource>
Get a paginated list of authorization resources.
Parameters
- $parent : null|ParentById|ParentByExternalId = null
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includebefore="obj_123"to fetch a new batch of objects before"obj_123". - $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includeafter="obj_123"to fetch a new batch of objects after"obj_123". - $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Supported values are
"asc"(ascending),"desc"(descending), and"normal"(descending with reversed cursor semantics wherebeforefetches older records andafterfetches newer records). Defaults to descending. Defaults to "desc". - $organizationId : string|null = null
-
Filter resources by organization ID.
- $resourceTypeSlug : string|null = null
-
Filter resources by resource type slug.
- $resourceExternalId : string|null = null
-
Filter resources by external ID.
- $search : string|null = null
-
Search resources by name.
- $options : RequestOptions|null = null
Tags
Return values
PaginatedResponse<string|int, AuthorizationResource>listResourcesForMembership()
List resources for organization membership
public
listResourcesForMembership(string $organizationMembershipId, ParentResourceById|ParentResourceByExternalId $parentResource, string $permissionSlug[, string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, AuthorizationResource>
Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?"
You must provide either parent_resource_id or both parent_resource_external_id and parent_resource_type_slug to identify the parent resource.
Parameters
- $organizationMembershipId : string
-
The ID of the organization membership.
- $parentResource : ParentResourceById|ParentResourceByExternalId
- $permissionSlug : string
-
The permission slug to filter by. Only child resources where the organization membership has this permission are returned.
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includebefore="obj_123"to fetch a new batch of objects before"obj_123". - $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includeafter="obj_123"to fetch a new batch of objects after"obj_123". - $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Supported values are
"asc"(ascending),"desc"(descending), and"normal"(descending with reversed cursor semantics wherebeforefetches older records andafterfetches newer records). Defaults to descending. Defaults to "desc". - $options : RequestOptions|null = null
Tags
Return values
PaginatedResponse<string|int, AuthorizationResource>listRoleAssignments()
List role assignments
public
listRoleAssignments(string $organizationMembershipId[, string|null $before = null ][, string|null $after = null ][, int|null $limit = null ][, EventsOrder $order = EventsOrder::Desc ][, RequestOptions|null $options = null ]) : PaginatedResponse<string|int, RoleAssignment>
List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles.
Parameters
- $organizationMembershipId : string
-
The ID of the organization membership.
- $before : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includebefore="obj_123"to fetch a new batch of objects before"obj_123". - $after : string|null = null
-
An object ID that defines your place in the list. When the ID is not present, you are at the end of the list. For example, if you make a list request and receive 100 objects, ending with
"obj_123", your subsequent call can includeafter="obj_123"to fetch a new batch of objects after"obj_123". - $limit : int|null = null
-
Upper limit on the number of objects to return, between
1and100. Defaults to 10. - $order : EventsOrder = EventsOrder::Desc
-
Order the results by the creation time. Supported values are
"asc"(ascending),"desc"(descending), and"normal"(descending with reversed cursor semantics wherebeforefetches older records andafterfetches newer records). Defaults to descending. Defaults to "desc". - $options : RequestOptions|null = null
Tags
Return values
PaginatedResponse<string|int, RoleAssignment>removeOrganizationRolePermission()
Remove a permission from a custom role
public
removeOrganizationRolePermission(string $organizationId, string $slug, string $permissionSlug[, RequestOptions|null $options = null ]) : void
Remove a single permission from a custom role by its slug.
Parameters
- $organizationId : string
-
The ID of the organization.
- $slug : string
-
The slug of the role.
- $permissionSlug : string
-
The slug of the permission to remove.
- $options : RequestOptions|null = null
Tags
removeRole()
Remove a role assignment
public
removeRole(string $organizationMembershipId, string $roleSlug, ResourceTargetById|ResourceTargetByExternalId $resourceTarget[, RequestOptions|null $options = null ]) : void
Remove a role assignment by role slug and resource.
Parameters
- $organizationMembershipId : string
-
The ID of the organization membership.
- $roleSlug : string
-
The slug of the role to remove.
- $resourceTarget : ResourceTargetById|ResourceTargetByExternalId
- $options : RequestOptions|null = null
Tags
removeRoleAssignment()
Remove a role assignment by ID
public
removeRoleAssignment(string $organizationMembershipId, string $roleAssignmentId[, RequestOptions|null $options = null ]) : void
Remove a role assignment using its ID.
Parameters
- $organizationMembershipId : string
-
The ID of the organization membership.
- $roleAssignmentId : string
-
The ID of the role assignment to remove.
- $options : RequestOptions|null = null
Tags
setEnvironmentRolePermissions()
Set permissions for an environment role
public
setEnvironmentRolePermissions(string $slug, array<string|int, string> $permissions[, RequestOptions|null $options = null ]) : Role
Replace all permissions on an environment role with the provided list.
Parameters
- $slug : string
-
The slug of the environment role.
- $permissions : array<string|int, string>
-
The permission slugs to assign to the role.
- $options : RequestOptions|null = null
Tags
Return values
RolesetOrganizationRolePermissions()
Set permissions for a custom role
public
setOrganizationRolePermissions(string $organizationId, string $slug, array<string|int, string> $permissions[, RequestOptions|null $options = null ]) : Role
Replace all permissions on a custom role with the provided list.
Parameters
- $organizationId : string
-
The ID of the organization.
- $slug : string
-
The slug of the role.
- $permissions : array<string|int, string>
-
The permission slugs to assign to the role.
- $options : RequestOptions|null = null
Tags
Return values
RoleupdateEnvironmentRole()
Update an environment role
public
updateEnvironmentRole(string $slug[, string|null $name = null ][, string|null $description = null ][, RequestOptions|null $options = null ]) : Role
Update an existing environment role.
Parameters
- $slug : string
-
The slug of the environment role.
- $name : string|null = null
-
A descriptive name for the role.
- $description : string|null = null
-
An optional description of the role.
- $options : RequestOptions|null = null
Tags
Return values
RoleupdateOrganizationRole()
Update a custom role
public
updateOrganizationRole(string $organizationId, string $slug[, string|null $name = null ][, string|null $description = null ][, RequestOptions|null $options = null ]) : Role
Update an existing custom role. Only the fields provided in the request body will be updated.
Parameters
- $organizationId : string
-
The ID of the organization.
- $slug : string
-
The slug of the role.
- $name : string|null = null
-
A descriptive name for the role.
- $description : string|null = null
-
An optional description of the role's purpose.
- $options : RequestOptions|null = null
Tags
Return values
RoleupdatePermission()
Update a permission
public
updatePermission(string $slug[, string|null $name = null ][, string|null $description = null ][, RequestOptions|null $options = null ]) : AuthorizationPermission
Update an existing permission. Only the fields provided in the request body will be updated.
Parameters
- $slug : string
-
A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
- $name : string|null = null
-
A descriptive name for the Permission.
- $description : string|null = null
-
An optional description of the Permission.
- $options : RequestOptions|null = null
Tags
Return values
AuthorizationPermissionupdateResource()
Update a resource
public
updateResource(string $resourceId[, string|null $name = null ][, string|null $description = null ][, null|ParentResourceById|ParentResourceByExternalId $parentResource = null ][, RequestOptions|null $options = null ]) : AuthorizationResource
Update an existing authorization resource.
Parameters
- $resourceId : string
-
The ID of the authorization resource.
- $name : string|null = null
-
A display name for the resource.
- $description : string|null = null
-
An optional description of the resource.
- $parentResource : null|ParentResourceById|ParentResourceByExternalId = null
- $options : RequestOptions|null = null
Tags
Return values
AuthorizationResourceupdateResourceByExternalId()
Update a resource by external ID
public
updateResourceByExternalId(string $organizationId, string $resourceTypeSlug, string $externalId[, string|null $name = null ][, string|null $description = null ][, null|ParentResourceById|ParentResourceByExternalId $parentResource = null ][, RequestOptions|null $options = null ]) : AuthorizationResource
Update an existing authorization resource using its external ID.
Parameters
- $organizationId : string
-
The ID of the organization that owns the resource.
- $resourceTypeSlug : string
-
The slug of the resource type.
- $externalId : string
-
An identifier you provide to reference the resource in your system.
- $name : string|null = null
-
A display name for the resource.
- $description : string|null = null
-
An optional description of the resource.
- $parentResource : null|ParentResourceById|ParentResourceByExternalId = null
- $options : RequestOptions|null = null