> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hybridbox.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Assign Role

> Create Account Role Assignment

<script src="/locale-bridge.js" />


## OpenAPI

````yaml /openapi.en.json POST /v1/public/accounts/{account_id}/auth/role-assignments
openapi: 3.1.0
info:
  title: Code API (Public)
  version: 1.0.0
servers:
  - url: https://api.hybridbox.io
security: []
paths:
  /v1/public/accounts/{account_id}/auth/role-assignments:
    post:
      tags:
        - public-accounts
        - public-account-auth
      summary: Create Account Role Assignment
      description: Create an account-scoped role assignment.
      operationId: >-
        create_public_account_role_assignment_v1_public_accounts__account_id__auth_role_assignments_post
      parameters:
        - in: path
          name: account_id
          required: true
          schema:
            format: uuid
            title: Account Id
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RoleAssignmentRequest'
        required: true
      responses:
        '201':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignmentResponse'
          description: ''
        '422':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
          description: Validation Error
      security:
        - PublicBearerAuth: []
components:
  schemas:
    RoleAssignmentRequest:
      description: Request schema for creating a new role assignment.
      properties:
        resource_id:
          description: Assignment scope resource identifier
          format: uuid
          title: Resource Id
          type: string
        resource_type:
          $ref: '#/components/schemas/ResourceType'
          description: Assignment scope resource type
        role_key:
          $ref: '#/components/schemas/RoleKey'
          description: Code-defined role key
        subject_id:
          description: User, group, or service account identifier
          minLength: 1
          title: Subject Id
          type: string
        subject_type:
          $ref: '#/components/schemas/SubjectType'
          description: 'Role assignment subject type: user, group, or service_account'
      required:
        - subject_type
        - subject_id
        - role_key
        - resource_type
        - resource_id
      title: RoleAssignmentRequest
      type: object
    RoleAssignmentResponse:
      properties:
        created_at:
          anyOf:
            - format: date-time
              type: string
            - type: 'null'
          title: Created At
        expanded_capability_keys:
          items:
            type: string
          title: Expanded Capability Keys
          type: array
        id:
          format: uuid
          title: Id
          type: string
        resource_id:
          format: uuid
          title: Resource Id
          type: string
        resource_type:
          title: Resource Type
          type: string
        revoked_at:
          anyOf:
            - format: date-time
              type: string
            - type: 'null'
          title: Revoked At
        role_key:
          title: Role Key
          type: string
        subject_id:
          title: Subject Id
          type: string
        subject_type:
          title: Subject Type
          type: string
      required:
        - id
        - subject_type
        - subject_id
        - role_key
        - resource_type
        - resource_id
        - expanded_capability_keys
      title: RoleAssignmentResponse
      type: object
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          title: Detail
          type: array
      title: HTTPValidationError
      type: object
    ResourceType:
      description: Authorization resource and scope types.
      enum:
        - client
        - account
        - workspace
        - domain
        - dns_record
        - mailbox
        - redirect
        - forwarding
        - credential
        - tenant
        - route
        - proxy
      title: ResourceType
      type: string
    RoleKey:
      description: Stable reusable role identifiers.
      enum:
        - viewer
        - editor
        - domain_manager
        - manager
        - dns_manager
        - ip_manager
        - billing_viewer
        - billing_admin
        - credential_manager
      title: RoleKey
      type: string
    SubjectType:
      description: Authorization subject types.
      enum:
        - user
        - group
        - service_account
      title: SubjectType
      type: string
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
              - type: string
              - type: integer
          title: Location
          type: array
        msg:
          title: Message
          type: string
        type:
          title: Error Type
          type: string
      required:
        - loc
        - msg
        - type
      title: ValidationError
      type: object
  securitySchemes:
    PublicBearerAuth:
      bearerFormat: JWT or Hybridbox Service account token
      description: >-
        Public API bearer credential sent as `Authorization: Bearer <token>`.
        Use either an OAuth access token or a Hybridbox Service account token.
      scheme: bearer
      type: http

````