Systematically create, update, archive, and delete roles as your organization evolves.
Role Lifecycle Stages
1. Creation
2. Active Use
- Assign to users/groups
- Monitor usage
- Gather feedback
3. Update
Use Update Roles & Permissions
4. Deprecation
x
# Rename to indicate deprecatedPUT /authz/api/v1/roles/role-old{ "name": "DEPRECATED-old-role-name", "description": "Deprecated - Use new-role-name instead"}# Remove new assignments# (existing users keep it until migrated)5. Migration
# For each user with old role:PUT /admin/api/remove-assigned-client-roles{ "userId": "user-XXX", "roles": ["DEPRECATED-old-role-name"]}PUT /admin/api/assign-client-roles{ "userId": "user-XXX", "roles": ["new-role-name"]}6. Deletion
# Only after all users migratedDELETE /authz/api/v1/roles/role-oldRole Health Check (Monthly)
# 1. List all rolesGET /authz/api/v1/roles# 2. Check usage of each roleGET /authz/api/v1/roles/role-XXX# Look at assignedTo count# 3. Identify:# - Unused roles (0 assignments)# - Deprecated roles (should be removed)# - Overlapping roles (consolidate)APIs Used
GET /authz/api/v1/roles- List rolesPOST /authz/api/v1/roles- Create newPUT /authz/api/v1/roles/:roleId- Update existingDELETE /authz/api/v1/roles/:roleId- Delete oldPUT /admin/api/assign-client-roles- Migrate usersPUT /admin/api/remove-assigned-client-roles- Remove old assignments
Was this page helpful?