Ctrl K

Replace Permissions for User

Published Oct 17, 2025

Updates the list of access permissions for a user. • When called, this endpoint may generate the `Policy Deleted` event in the audit trail. The rate limit for this endpoint is 60 requests per minute, which is lower than the default due to access pattern restrictions. Once reached, this endpoint will respond with the 429 HTTP status code with headers indicating the limit parameters. See Rate Limiting for more information.

Script segment Verified

Use in Windmill

The script

Submitted by hugo697 Bun

Verified 235 days ago

All edits

Permalink

//native
type Segment = {
  token: string;
  baseUrl: string;
};
/**
 * Replace Permissions for User
 * Updates the list of access permissions for a user.



• When called, this endpoint may generate the `Policy Deleted` event in the audit trail.
      


The rate limit for this endpoint is 60 requests per minute, which is lower than the default due to access pattern restrictions. Once reached, this endpoint will respond with the 429 HTTP status code with headers indicating the limit parameters. See Rate Limiting for more information.
 */
export async function main(
  auth: Segment,
  userId: string,
  body: {
    permissions: {
      roleId: string;
      resources: {
        id: string;
        type: "FUNCTION" | "SOURCE" | "SPACE" | "WAREHOUSE" | "WORKSPACE";
        labels?: { key: string; value: string; description?: string }[];
      }[];
    }[];
  },
) {
  const url = new URL(
    `${auth.baseUrl}/users/${userId}/permissions`,
  );

  const response = await fetch(url, {
    method: "PUT",
    headers: {
      "Content-Type": "application/json",
      Authorization: "Bearer " + auth.token,
    },
    body: JSON.stringify(body),
  });
  if (!response.ok) {
    const text = await response.text();
    throw new Error(`${response.status} ${text}`);
  }
  return await response.json();
}


`1`	`//native`
`2`	`type Segment = {`
`3`	`token: string;`
`4`	`baseUrl: string;`
`5`	`};`
`6`	`/**`
`7`	`* Replace Permissions for User`
`8`	`* Updates the list of access permissions for a user.`
`9`
`10`
`11`
`12`	• When called, this endpoint may generate the `Policy Deleted` event in the audit trail.
`13`
`14`
`15`
`16`	`The rate limit for this endpoint is 60 requests per minute, which is lower than the default due to access pattern restrictions. Once reached, this endpoint will respond with the 429 HTTP status code with headers indicating the limit parameters. See Rate Limiting for more information.`
`17`	`*/`
`18`	`export async function main(`
`19`	`auth: Segment,`
`20`	`userId: string,`
`21`	`body: {`
`22`	`permissions: {`
`23`	`roleId: string;`
`24`	`resources: {`
`25`	`id: string;`
`26`	`type: "FUNCTION" \| "SOURCE" \| "SPACE" \| "WAREHOUSE" \| "WORKSPACE";`
`27`	`labels?: { key: string; value: string; description?: string }[];`
`28`	`}[];`
`29`	`}[];`
`30`	`},`
`31`	`) {`
`32`	`const url = new URL(`
`33`	`${auth.baseUrl}/users/${userId}/permissions`,
`34`	`);`
`35`
`36`	`const response = await fetch(url, {`
`37`	`method: "PUT",`
`38`	`headers: {`
`39`	`"Content-Type": "application/json",`
`40`	`Authorization: "Bearer " + auth.token,`
`41`	`},`
`42`	`body: JSON.stringify(body),`
`43`	`});`
`44`	`if (!response.ok) {`
`45`	`const text = await response.text();`
`46`	throw new Error(`${response.status} ${text}`);
`47`	`}`
`48`	`return await response.json();`
`49`	`}`
`50`