This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to get roleID for Role Assignment in google workspace admin sdk

Posted on 10-05-2022 11:36 PM
RetamRoy
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

According to this documentation : https://developers.google.com/admin-sdk/directory/reference/rest/v1/roleAssignments/insert . We have to provide roleID as a request body parameter while making a role assignment. How to get the roleID in this case.

I have made a custom role in my project whose role id is 123456

While making a call with role id as 'roles/123456' as provided in gcp I get status code of 400 as described below:

<HttpError 400 when requesting https://admin.googleapis.com/admin/directory/v1/customer/{customer_id}/roleassignments?alt=json returned "Invalid value at 'body.role_id' (TYPE_INT64), "roles/123456"". Details: "[{'message': 'Invalid value at \'body.role_id\' (TYPE_INT64), "roles/123456"', 'reason': 'invalid'}]">

While making a call with role id as '123456' I get status code of 400 as described below:

<HttpError 400 when requesting https://admin.googleapis.com/admin/directory/v1/customer/{customer_id}/roleassignments?alt=json returned "Bad Request". Details: "[{'message': 'Bad Request', 'domain': 'global', 'reason': 'badRequest'}]">

Here customer id is removed for privacy.

Solved Solved
0 5 850
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ErnestoC
Staff
In response to RetamRoy
Reply posted on --/--/---- --:-- AM

The documented example shows a sample response body for the request. There is no requirement to add the `roleId` for the request, it would be included in the returned instance of the role:

Request Body:

POST https://admin.googleapis.com/admin/directory/v1/customer/customer_id/roles

{
  "roleName": "My New Role",
  "rolePrivileges": [
    {
      "privilegeName": "USERS_ALL",
      "serviceId": "00haapch16h1ysv"
    },
    {
      "privilegeName": "GROUPS_ALL",
      "serviceId": "00haapch16h1ysv"
    }
  ]
}

View solution in original post

Jump to Solution
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
ErnestoC
Staff
Reply posted on --/--/---- --:-- AM

Can you elaborate more on how you created the Role resource you are using for this API call? The Directory API offers an endpoint to create a role. The response from this API call is the Role object created, and it includes the roleId. Based also on the Role object, the ID should be a string (int64) type. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
RetamRoy
Bronze 1
Bronze 1
In response to ErnestoC
Reply posted on --/--/---- --:-- AM
In IAM roles I have created a custom role from the console and then trying
to use that for calling the api.
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ErnestoC
Staff
In response to RetamRoy
Reply posted on --/--/---- --:-- AM

It appears that the role required in the RoleAssignment call is specific for the Google Workspace Admin SDK, and is different from IAM roles. As shown in Directory API role management, the roles should be created through the same API. Furthermore, the Role instance for both IAM and Directory API is different, and the former does not contain the int64 type roleId required in the RoleAssignment call.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
RetamRoy
Bronze 1
Bronze 1
In response to ErnestoC
Reply posted on --/--/---- --:-- AM
In directory api we have to insert roleid as request body as mentioned here
https://developers.google.com/admin-sdk/directory/reference/rest/v1/roles/insert.
What should be the roleid in this case for insert method.
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ErnestoC
Staff
In response to RetamRoy
Reply posted on --/--/---- --:-- AM

The documented example shows a sample response body for the request. There is no requirement to add the `roleId` for the request, it would be included in the returned instance of the role:

Request Body:

POST https://admin.googleapis.com/admin/directory/v1/customer/customer_id/roles

{
  "roleName": "My New Role",
  "rolePrivileges": [
    {
      "privilegeName": "USERS_ALL",
      "serviceId": "00haapch16h1ysv"
    },
    {
      "privilegeName": "GROUPS_ALL",
      "serviceId": "00haapch16h1ysv"
    }
  ]
}
Jump to Solution
0 Likes
Top Solution Authors
View all