Ctrl K

Replace the roles for a user or service account with exactly those provided

Published Oct 17, 2025

Replace the entire role set for a user or service account by providing its user_id or service_account_id. Roles that will be removed or added as a result of this call must follow the CC rules for role assignment: https://www.cockroachlabs.com/docs/cockroachcloud/authorization#which-roles-grant-the-ability-to-add-remove-and-manage-members-in-in-a-cockroachdb-cloud-organization

Script cockroachdb Verified

Use in Windmill

The script

Submitted by hugo697 Bun

Verified 235 days ago

All edits

Permalink

//native
type Cockroachdb = {
  token: string;
};
/**
 * Replace the roles for a user or service account with exactly those provided
 * Replace the entire role set for a user or service account by providing its user_id or service_account_id.

Roles that will be removed or added as a result of this call must follow the CC rules for role assignment:
https://www.cockroachlabs.com/docs/cockroachcloud/authorization#which-roles-grant-the-ability-to-add-remove-and-manage-members-in-in-a-cockroachdb-cloud-organization
 */
export async function main(
  auth: Cockroachdb,
  user_id: string,
  body: {
    roles: {
      name:
        | "BILLING_COORDINATOR"
        | "ORG_ADMIN"
        | "ORG_MEMBER"
        | "CLUSTER_ADMIN"
        | "CLUSTER_OPERATOR_WRITER"
        | "CLUSTER_DEVELOPER"
        | "CLUSTER_CREATOR"
        | "FOLDER_ADMIN"
        | "FOLDER_MOVER";
      resource: { id?: string; type: "ORGANIZATION" | "CLUSTER" | "FOLDER" };
    }[];
  },
) {
  const url = new URL(`https://cockroachlabs.cloud/api/v1/roles/${user_id}`);

  const response = await fetch(url, {
    method: "PUT",
    headers: {
      "Content-Type": "application/json",
      Authorization: "Bearer " + auth.token,
    },
    body: JSON.stringify(body),
  });
  if (!response.ok) {
    const text = await response.text();
    throw new Error(`${response.status} ${text}`);
  }
  return await response.json();
}


`1`	`//native`
`2`	`type Cockroachdb = {`
`3`	`token: string;`
`4`	`};`
`5`	`/**`
`6`	`* Replace the roles for a user or service account with exactly those provided`
`7`	`* Replace the entire role set for a user or service account by providing its user_id or service_account_id.`
`8`
`9`	`Roles that will be removed or added as a result of this call must follow the CC rules for role assignment:`
`10`	`https://www.cockroachlabs.com/docs/cockroachcloud/authorization#which-roles-grant-the-ability-to-add-remove-and-manage-members-in-in-a-cockroachdb-cloud-organization`
`11`	`*/`
`12`	`export async function main(`
`13`	`auth: Cockroachdb,`
`14`	`user_id: string,`
`15`	`body: {`
`16`	`roles: {`
`17`	`name:`
`18`	`\| "BILLING_COORDINATOR"`
`19`	`\| "ORG_ADMIN"`
`20`	`\| "ORG_MEMBER"`
`21`	`\| "CLUSTER_ADMIN"`
`22`	`\| "CLUSTER_OPERATOR_WRITER"`
`23`	`\| "CLUSTER_DEVELOPER"`
`24`	`\| "CLUSTER_CREATOR"`
`25`	`\| "FOLDER_ADMIN"`
`26`	`\| "FOLDER_MOVER";`
`27`	`resource: { id?: string; type: "ORGANIZATION" \| "CLUSTER" \| "FOLDER" };`
`28`	`}[];`
`29`	`},`
`30`	`) {`
`31`	const url = new URL(`https://cockroachlabs.cloud/api/v1/roles/${user_id}`);
`32`
`33`	`const response = await fetch(url, {`
`34`	`method: "PUT",`
`35`	`headers: {`
`36`	`"Content-Type": "application/json",`
`37`	`Authorization: "Bearer " + auth.token,`
`38`	`},`
`39`	`body: JSON.stringify(body),`
`40`	`});`
`41`	`if (!response.ok) {`
`42`	`const text = await response.text();`
`43`	throw new Error(`${response.status} ${text}`);
`44`	`}`
`45`	`return await response.json();`
`46`	`}`
`47`