Skip to main content
PUT
/
roles
/
{role_id}
/
permissions
/
{permission_id}
curl -X PUT https://api.companyflow.com/roles/550e8400-e29b-41d4-a716-446655440000/permissions/660e8400-e29b-41d4-a716-446655440001 \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "write",
    "resource": "departments",
    "conditions": {
      "department_id": "123e4567-e89b-12d3-a456-426614174000"
    }
  }'

{
  "success": true,
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "company_id": "123e4567-e89b-12d3-a456-426614174000",
    "name": "Department Manager",
    "description": "Can manage specific departments",
    "is_system_role": false,
    "permissions_cache": [
      "employees:read",
      "departments:read",
      "departments:write"
    ],
    "created_at": "2024-01-15T10:30:00Z",
    "updated_at": "2025-03-03T14:20:00Z"
  }
}
Add a single permission to an existing role without removing other permissions. This is useful for incrementally granting new permissions to a role. Requires Super Admin or HR Manager permissions.

Path Parameters

role_id
string
required
The unique identifier of the role (UUID format)Example: "550e8400-e29b-41d4-a716-446655440000"
permission_id
string
required
The unique identifier for the permission (can be any UUID, but typically not used in request body)Example: "660e8400-e29b-41d4-a716-446655440001"

Request Body

action
string
required
The action that can be performed (e.g., “read”, “write”, “delete”, “update”)Example: "write"
resource
string
required
The resource the permission applies to (e.g., “employees”, “departments”, “memos”)Example: "departments"
conditions
object
Optional conditions that must be met for the permission to applyExample: {"department_id": "123e4567-e89b-12d3-a456-426614174000"}

Response

success
boolean
Indicates if the request was successful
data
object
The updated role object with the new permission
curl -X PUT https://api.companyflow.com/roles/550e8400-e29b-41d4-a716-446655440000/permissions/660e8400-e29b-41d4-a716-446655440001 \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "write",
    "resource": "departments",
    "conditions": {
      "department_id": "123e4567-e89b-12d3-a456-426614174000"
    }
  }'

{
  "success": true,
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "company_id": "123e4567-e89b-12d3-a456-426614174000",
    "name": "Department Manager",
    "description": "Can manage specific departments",
    "is_system_role": false,
    "permissions_cache": [
      "employees:read",
      "departments:read",
      "departments:write"
    ],
    "created_at": "2024-01-15T10:30:00Z",
    "updated_at": "2025-03-03T14:20:00Z"
  }
}

Authorization

This endpoint requires authentication with a Bearer token and one of the following roles:
  • Super Admin
  • HR Manager
This endpoint adds a permission without removing existing ones. To replace all permissions, use the Assign Permissions endpoint.

Build docs developers (and LLMs) love

Get started for freeTalk to us