# Roles Manage user roles and permissions ## Servers Sandbox environment ``` https://api.sbx.transmitsecurity.io/cis ``` Production environment (US) ``` https://api.transmitsecurity.io/cis ``` Production environment (EU) ``` https://api.eu.transmitsecurity.io/cis ``` Production environment (CA) ``` https://api.ca.transmitsecurity.io/cis ``` Production environment (AU) ``` https://api.au.transmitsecurity.io/cis ``` ## Security ### bearer Type: http Scheme: bearer Bearer Format: JWT ### UserAccessToken A token returned upon end-user authentication, which provides access to resources and data for the user and app for which it was generated Type: http Scheme: bearer Bearer Format: JWT ### AdminAccessToken A token generated by a management application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to all resources for the tenant and its apps Type: oauth2 ### ClientAccessToken A token generated by an end-user application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to resources and data on the tenant level or associated with the specific application (but not other apps in the tenant) Type: oauth2 ### OrgAdminAccessToken A token returned upon B2B authentication for a user that has the organizationAdmin or organizationCreator role. Type: oauth2 ## Download OpenAPI description [Roles](https://developer.transmitsecurity.com/_bundle/openapi/user/roles.openapi.yaml) ## Other ### Assign role - [POST /v1/applications/{app_id}/roles/{role_id}/assignments](https://developer.transmitsecurity.com/openapi/user/roles.openapi/other/assignroletoentity.md): Assign a role to users or groups ### Revoke role - [DELETE /v1/applications/{app_id}/roles/{role_id}/assignments/{entity_id}](https://developer.transmitsecurity.com/openapi/user/roles.openapi/other/removeassignedrolefromentity.md): Delete user or group assignment from a role ### Create role - [POST /v1/applications/{app_id}/roles](https://developer.transmitsecurity.com/openapi/user/roles.openapi/other/createroleinapp.md): Create a new role for this application. Required permissions: organizations:create, roles:create. ### Get roles - [GET /v1/applications/{app_id}/roles](https://developer.transmitsecurity.com/openapi/user/roles.openapi/other/getapproles.md): Retrieve a list of all roles created for this application. Required permissions: organizations:read, roles:read, organizations:list, roles:list. ### Get role by ID - [GET /v1/applications/{app_id}/roles/{role_id}](https://developer.transmitsecurity.com/openapi/user/roles.openapi/other/getapprolebyid.md): Retrieve a role by ID. Required permissions: organizations:read, roles:read. ### Update role - [PUT /v1/applications/{app_id}/roles/{role_id}](https://developer.transmitsecurity.com/openapi/user/roles.openapi/other/updateroleinapp.md): Update an existing role for this application. Required permissions: organizations:edit, roles:edit. ### Delete role - [DELETE /v1/applications/{app_id}/roles/{role_id}](https://developer.transmitsecurity.com/openapi/user/roles.openapi/other/deleterolefromapp.md): Delete role from this application. Required permissions: organizations:delete, roles:delete.