Permit.io · Capability
Permit.io API — Role Assignments
Permit.io API — Role Assignments. 6 operations. Lead operation: List Role Assignments. Self-contained Naftiko capability covering one Permit Io business surface.
What You Can Do
GET
Listroleassignments
— List Role Assignments
/v1/v2/facts/{proj-id}/{env-id}/role-assignments
POST
Assignrole
— Assign Role
/v1/v2/facts/{proj-id}/{env-id}/role-assignments
DELETE
Unassignrole
— Unassign Role
/v1/v2/facts/{proj-id}/{env-id}/role-assignments
POST
Bulkassignrole
— Bulk create role assignments
/v1/v2/facts/{proj-id}/{env-id}/role-assignments/bulk
DELETE
Bulkunassignrole
— Bulk Unassign Role
/v1/v2/facts/{proj-id}/{env-id}/role-assignments/bulk
GET
Listroleassignmentsdetailed
— List Role Assignments Detailed
/v1/v2/facts/{proj-id}/{env-id}/role-assignments/detailed
MCP Tools
list-role-assignments
List Role Assignments
read-only
idempotent
assign-role
Assign Role
unassign-role
Unassign Role
idempotent
bulk-create-role-assignments
Bulk create role assignments
bulk-unassign-role
Bulk Unassign Role
idempotent
list-role-assignments-detailed
List Role Assignments Detailed
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Permit.io API — Role Assignments
description: 'Permit.io API — Role Assignments. 6 operations. Lead operation: List Role Assignments. Self-contained Naftiko
capability covering one Permit Io business surface.'
tags:
- Permit Io
- Role Assignments
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
PERMIT_IO_API_KEY: PERMIT_IO_API_KEY
capability:
consumes:
- type: http
namespace: permit-io-role-assignments
baseUri: ''
description: Permit.io API — Role Assignments business capability. Self-contained, no shared references.
resources:
- name: v2-facts-proj_id-env_id-role_assignments
path: /v2/facts/{proj_id}/{env_id}/role_assignments
operations:
- name: listroleassignments
method: GET
description: List Role Assignments
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: user
in: query
type: array
description: optional user(s) filter, will only return role assignments granted to this user(s).
- name: role
in: query
type: array
description: optional role(s) filter, will only return role assignments granting this role(s).
- name: tenant
in: query
type: array
description: optional tenant(s) filter, will only return role assignments granted in that tenant(s).
- name: resource
in: query
type: string
description: optional resource **type** filter, will only return role assignments granted on that resource type.
- name: resource_instance
in: query
type: string
description: optional resource instance filter, will only return role assignments granted on that resource instance.
- name: detailed
in: query
type: boolean
description: Whether to return full details about the user, tenant and role
- name: include_total_count
in: query
type: boolean
description: If true, returns the list of role assignments and the total count.
- name: page
in: query
type: integer
description: Page number of the results to fetch, starting at 1.
- name: per_page
in: query
type: integer
description: The number of results per page (max 1000).
- name: assignrole
method: POST
description: Assign Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: unassignrole
method: DELETE
description: Unassign Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: return_deleted
in: query
type: boolean
description: Whether to return the deleted role assignment, status code will be 200 instead of the default 204 if
true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: v2-facts-proj_id-env_id-role_assignments-bulk
path: /v2/facts/{proj_id}/{env_id}/role_assignments/bulk
operations:
- name: bulkassignrole
method: POST
description: Bulk create role assignments
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: missing_user_policy
in: query
type: string
description: 'Policy for missing users - ''fail'': Fail the entire operation if a user is missing; ''ignore'': Skip
assignments for missing users; ''create'': Create missing users '
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: bulkunassignrole
method: DELETE
description: Bulk Unassign Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: v2-facts-proj_id-env_id-role_assignments-detailed
path: /v2/facts/{proj_id}/{env_id}/role_assignments/detailed
operations:
- name: listroleassignmentsdetailed
method: GET
description: List Role Assignments Detailed
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: user
in: query
type: array
description: optional user(s) filter, will only return role assignments granted to this user(s).
- name: role
in: query
type: array
description: optional role(s) filter, will only return role assignments granting this role(s).
- name: tenant
in: query
type: array
description: optional tenant(s) filter, will only return role assignments granted in that tenant(s).
- name: resource
in: query
type: string
description: optional resource **type** filter, will only return role assignments granted on that resource type.
- name: resource_instance
in: query
type: string
description: optional resource instance filter, will only return role assignments granted on that resource instance.
- name: page
in: query
type: integer
description: Page number of the results to fetch, starting at 1.
- name: per_page
in: query
type: integer
description: The number of results per page (max 1000).
authentication:
type: bearer
token: '{{env.PERMIT_IO_API_KEY}}'
exposes:
- type: rest
namespace: permit-io-role-assignments-rest
port: 8080
description: REST adapter for Permit.io API — Role Assignments. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/v2/facts/{proj-id}/{env-id}/role-assignments
name: v2-facts-proj-id-env-id-role-assignments
description: REST surface for v2-facts-proj_id-env_id-role_assignments.
operations:
- method: GET
name: listroleassignments
description: List Role Assignments
call: permit-io-role-assignments.listroleassignments
with:
proj_id: rest.proj_id
env_id: rest.env_id
user: rest.user
role: rest.role
tenant: rest.tenant
resource: rest.resource
resource_instance: rest.resource_instance
detailed: rest.detailed
include_total_count: rest.include_total_count
page: rest.page
per_page: rest.per_page
outputParameters:
- type: object
mapping: $.
- method: POST
name: assignrole
description: Assign Role
call: permit-io-role-assignments.assignrole
with:
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: unassignrole
description: Unassign Role
call: permit-io-role-assignments.unassignrole
with:
proj_id: rest.proj_id
env_id: rest.env_id
return_deleted: rest.return_deleted
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/facts/{proj-id}/{env-id}/role-assignments/bulk
name: v2-facts-proj-id-env-id-role-assignments-bulk
description: REST surface for v2-facts-proj_id-env_id-role_assignments-bulk.
operations:
- method: POST
name: bulkassignrole
description: Bulk create role assignments
call: permit-io-role-assignments.bulkassignrole
with:
proj_id: rest.proj_id
env_id: rest.env_id
missing_user_policy: rest.missing_user_policy
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: bulkunassignrole
description: Bulk Unassign Role
call: permit-io-role-assignments.bulkunassignrole
with:
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/facts/{proj-id}/{env-id}/role-assignments/detailed
name: v2-facts-proj-id-env-id-role-assignments-detailed
description: REST surface for v2-facts-proj_id-env_id-role_assignments-detailed.
operations:
- method: GET
name: listroleassignmentsdetailed
description: List Role Assignments Detailed
call: permit-io-role-assignments.listroleassignmentsdetailed
with:
proj_id: rest.proj_id
env_id: rest.env_id
user: rest.user
role: rest.role
tenant: rest.tenant
resource: rest.resource
resource_instance: rest.resource_instance
page: rest.page
per_page: rest.per_page
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: permit-io-role-assignments-mcp
port: 9090
transport: http
description: MCP adapter for Permit.io API — Role Assignments. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: list-role-assignments
description: List Role Assignments
hints:
readOnly: true
destructive: false
idempotent: true
call: permit-io-role-assignments.listroleassignments
with:
proj_id: tools.proj_id
env_id: tools.env_id
user: tools.user
role: tools.role
tenant: tools.tenant
resource: tools.resource
resource_instance: tools.resource_instance
detailed: tools.detailed
include_total_count: tools.include_total_count
page: tools.page
per_page: tools.per_page
outputParameters:
- type: object
mapping: $.
- name: assign-role
description: Assign Role
hints:
readOnly: false
destructive: false
idempotent: false
call: permit-io-role-assignments.assignrole
with:
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: unassign-role
description: Unassign Role
hints:
readOnly: false
destructive: true
idempotent: true
call: permit-io-role-assignments.unassignrole
with:
proj_id: tools.proj_id
env_id: tools.env_id
return_deleted: tools.return_deleted
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: bulk-create-role-assignments
description: Bulk create role assignments
hints:
readOnly: false
destructive: false
idempotent: false
call: permit-io-role-assignments.bulkassignrole
with:
proj_id: tools.proj_id
env_id: tools.env_id
missing_user_policy: tools.missing_user_policy
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: bulk-unassign-role
description: Bulk Unassign Role
hints:
readOnly: false
destructive: true
idempotent: true
call: permit-io-role-assignments.bulkunassignrole
with:
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: list-role-assignments-detailed
description: List Role Assignments Detailed
hints:
readOnly: true
destructive: false
idempotent: true
call: permit-io-role-assignments.listroleassignmentsdetailed
with:
proj_id: tools.proj_id
env_id: tools.env_id
user: tools.user
role: tools.role
tenant: tools.tenant
resource: tools.resource
resource_instance: tools.resource_instance
page: tools.page
per_page: tools.per_page
outputParameters:
- type: object
mapping: $.