> ## Documentation Index > Fetch the complete documentation index at: https://docs.dfns.co/llms.txt > Use this file to discover all available pages before exploring further. # Assign Permission > Assigns a permission (role) to an identity (user, PAT or service account), granting it access to the operations defined in the permission. Returns the assignment on success (200), or a pending change request if approval is required (202). #### Authentication ✅ Organization User (`CustomerEmployee`)\ ✅ Delegated User (`EndUser`)\ ✅ Service Account #### Required Permissions `Permissions:Assign`: Always required. ## OpenAPI ````yaml /openapi.yaml post /permissions/{permissionId}/assignments openapi: 3.1.0 info: version: 1.795.3 title: Dfns servers: - url: https://api.dfns.io description: Default - Europe - url: https://api.uae.dfns.io description: UAE - url: https://api.dfns.ninja description: Staging security: [] paths: /permissions/{permissionId}/assignments: post: tags: - Permissions summary: Assign Permission description: >- Assigns a permission (role) to an identity (user, PAT or service account), granting it access to the operations defined in the permission. Returns the assignment on success (200), or a pending change request if approval is required (202). parameters: - schema: type: string minLength: 1 maxLength: 64 description: >- ID of the permission (also referred to as "role" in the dashboard). required: true description: ID of the permission (also referred to as "role" in the dashboard). name: permissionId in: path requestBody: content: application/json: schema: type: object properties: identityId: type: string minLength: 1 description: >- ID of the identity to assign the permission to. Can be a user ID, a service account ID, or a personal access token (PAT) ID. required: - identityId additionalProperties: false responses: '200': description: Success content: application/json: schema: type: object properties: id: type: string minLength: 1 maxLength: 64 pattern: ^as-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: ID of the permission assignment. example: as-1vcmc-qrek0-6b4vii9pln60907e permissionId: type: string minLength: 1 maxLength: 64 pattern: ^pm-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: >- ID of the permission (also referred to as "role" in the dashboard). example: pm-37vj4-jkr4l-lc9945spfftkne57 identityId: type: string description: >- ID of the identity the permission is assigned to. Can be a user ID, a service account ID, or a personal access token (PAT) ID. isImmutable: type: boolean description: >- Whether this assignment is system-managed and cannot be modified. dateCreated: type: string format: date-time description: >- [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be UTC). Date the assignment was created. example: '2023-04-14T20:41:28.715Z' dateUpdated: type: string format: date-time description: >- [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be UTC). Date the assignment was last updated. example: '2023-04-14T20:41:28.715Z' required: - id - permissionId - identityId - isImmutable - dateCreated - dateUpdated additionalProperties: false security: - authenticationToken: [] userActionSignature: [] components: securitySchemes: authenticationToken: type: http scheme: bearer bearerFormat: JWT description: >- **Bearer Token:** Used to authenticate API requests. More details how to generate the token: [Authentication flows](https://docs.dfns.co/api-reference/auth/login-flows) userActionSignature: type: apiKey in: header name: X-DFNS-USERACTION description: >- **User Action Signature:** Used to sign the change-inducing API requests. More details how to generate the token: [User Action Signing flows](https://docs.dfns.co/api-reference/auth/signing-flows) ````