home

Developer resources

ReltioProductsDeveloper resourcesRolesApplicationsObjectives
ReltioProductsDeveloper resourcesRolesApplicationsObjectives

Unify and manage your data

Show Contents

thumbnailDeveloper resources

Role Management APIs

Assign Permissions for an existing Customer-specific Role

Learn how to create and manage permissions for an existing customer-specific role.

The Assign Permissions For Existing Customer Specific Role API request creates permissions for an existing Customer Specific Roles. The request body is an array with one or more Customer specific Roles Permissions object.

Table 1. Assign Customer Role with Permissions
Request Type POST
URL {oauth_uri}/customers/{customerId}/roles/permissions
Parameters

customerID - Use your unique, valid Customer ID

Access ROLE_ADMIN_CUSTOMER

ROLE_ADMIN_USER

Response

JSON Array of successfully created roles permission object.

Assigning Permissions by Role Name

Request

POST {oauth_uri}/customers/TestCustomer/roles/permissions
Headers: Authorization: Bearer <Access-Token>
Request Body:
[{
        "roleName": "ROLE_RIQ_DEV",
		"servicePermissions": [
            {
                "id": "Auth",
                "resourcePermissions": [
                    {
                        "id": "globalRoles",
                        "allowedPrivileges": [
                            "READ"
                        ]
                    },
                    {
                        "id": "reltioServices",
                        "allowedPrivileges": [
                            "READ"
                        ]
                    },
                    {
                        "id": "monitoring",
                        "allowedPrivileges": [
                            "READ"
                        ]
                    },
                    {
                        "id": "customer",
                        "allowedPrivileges": [
                            "READ",
                            "DELETE",
                            "CREATE",
                            "UPDATE"
                        ]
                    }
                ]
            }
        ]
 }]
Note: While making the API call, use your unique Customer ID and specify the name of the role for which you would like to assign the permissions.

Response

[{
       "roleName": "ROLE_RIQ_DEV",
	   "servicePermissions": [
           {
               "id": "Auth",
               "resourcePermissions": [
                   {
                       "id": "globalRoles",
                       "allowedPrivileges": [
                           "READ"
                       ]
                   },
                   {
                       "id": "reltioServices",
                       "allowedPrivileges": [
                           "READ"
                       ]
                   },
                   {
                       "id": "monitoring",
                       "allowedPrivileges": [
                           "READ"
                       ]
                   },
                   {
                       "id": "customer",
                       "allowedPrivileges": [
                           "READ",
                           "DELETE",
                           "CREATE",
                           "UPDATE"
                       ]
                   }
               ]
           }
       ]
}]

Control tenant assignment with the roleScope attribute

The roleScope attribute defines how tenants are assigned when a role is granted to a user or group. It lets you automatically include all customer tenants, enforce explicit tenant assignment, or preserve the default behavior with no restrictions.

Table 2. Supported values
ValueTypeBehavior
customerString

When you assign the role to a user, they get access to all your tenants. Manual tenant assignment is not allowed.

tenantStringWhen you assign the role to a user, you must specify the tenant list. Role assignment fails if no tenants are specified.
null (default)NullThis is the default behavior. Tenant assignment is flexible, with no additional enforcement.
Example 
{
  "roleName": "ROLE_API_DVF_READ_ONLY",
  "roleScope": "customer",
  "servicePermissions": [
    {
      "id": "DVF",
      "resourcePermissions": [
        {
          "id": "functionsManagement",
          "allowedPrivileges": ["READ"]
        }
      ]
    }
  ]
}
Assigning this role to a user automatically grants access to all customer tenants, such as dev, test, and prod, without specifying them individually. If you try to specify tenants manually, the system returns an error stating that tenants can't be assigned to roles with roleScope=customer.
{
  "roleName": "ROLE_API_DVF_READ_ONLY",
  "roleScope": "tenant",
  "servicePermissions": [
    {
      "id": "DVF",
      "resourcePermissions": [
        {
          "id": "functionsManagement",
          "allowedPrivileges": ["READ"]
        }
      ]
    }
  ]
}

When roleScope is set to tenant, you must include one or more tenant IDs during assignment. If the tenant list is omitted or left empty, the system returns an error indicating that at least one tenant must be specified.

Updated on February 13, 2026

Related Articles:

Footer

You've found your way to a temporary environment. Content is not complete or final. Looking for Reltio documentation? Go to docs.reltio.com.

© 2026 The RELTIO® mark is a registered trademark of Reltio, Inc. in the United States and other countries; DataDriven and Reltio Data Cloud are trademarks of Reltio, Inc. Other names or marks are trademarks of their respective owners.

Terms and Conditions, Privacy Policy, and