Export user role assignments

Exports a report containing all roles and role assignments associated with any UiPath® product.

Postman collection

To use the Check access export API, download and import the Postman collection in your Postman app.

note

When using the Postman collection, you might encounter errors when the response is higher than 50 MB. This setting on Postman can be changed (in both Desktop and Web versions) by navigating to Settings, then selecting General, and then setting the Max response size to zero MB.

note

The URLs in this guide use cloud.uipath.com as the base URL. Depending on the cloud platform you are using, replace the base URL accordingly:

• Test Cloud: cloud.uipath.com
• Test Cloud Public Sector: govcloud.uipath.us
• Test Cloud Dedicated: <customURL>.dedicated.uipath.com

API Endpoint

GET https://cloud.uipath.com/<yourorgname>/pap_/api/userroleassignments/export

Scopes

• Requires platform-level user scopes.
• This endpoint requires a user access token or a supported S2S token.
• Application-only tokens (client credentials flow) using application scopes are not supported and will result in a 403 Forbidden response.
• When configuring an external application, ensure that:
  • The requested scopes are user scopes, not application scopes.
  • The token is generated through a user authentication flow (for example, authorization code flow), or through an approved S2S configuration.

Request headers

--header 'Authorization: Bearer {access_token}'\

note

The access token must be either:

• A user access token, or
• A supported S2S token. Tokens generated using the client credentials flow with application scopes are not supported for this endpoint.

Query parameters

Query parameter	Data type	Description
exportoutputtype (required)	string	Specify one of the two available file formats: .json or .csv
expandgroupmemberships (required)	string	true - enables expanding AAD group memberships in the response. false or missing - AAD members that are part of local groups are not visible in the report.

Responses

200 OK

The report of user roles and role assignments downloads to your machine, in the .json or .csv format.

Example request

curl --location -- request GET 'https://cloud.uipath.com/acmeorg/pap_/api/userroleassignments/export?exportoutputtype=json' \
--header 'Authorization: Bearer {your token}

The following response body represents a successful user role and role assignment retrieval:

[
    {
        "Id": "34ecc3f3-a582-4cad-9889-120d7a3ffd62",
        "RoleUniqueName": "DOCUMENTUNDERSTANDING.DU VIEWER",
        "RoleDescription": "Can view all the entities but has not rights to edit or delete them.",
        "SecurityPrincipalId": "cdc34b5b-77d2-4ae1-9744-209d21ce557d",
        "RoleAssignmentType": "BuiltIn",
        "RoleType": "BUILTIN",
        "Scope": "/",
        "OrganizationId": "feb0dd79-85b6-483b-b297-0e49a1aa5b7d",
        "TenantId": null,
        "CreatedBy": "7f36fcc2-b822-430b-ae30-5ecfbacac186",
        "CreatedOn": "2023-03-30T08:30:04.9346766+00:00"
    },
...
]

The following table describes the header fields from the exported file:

Field	Description
Id	The unique identifier of the role assignment.
RoleName	The role name as displayed in the interface. For example, Folder Administrator
RoleId	The unique identifier of the role.
RoleDescription	The role description, as displayed in the interface. For example, Folder Administrator For example, Folder Administrator
RoleType	The role type, as defined by the user or the system: Custom : Role defined by a user. BuiltIn : Role present by default Administration portal.
RoleAssignmentType	The role assignment type when it was created, which can be one of the following two options: Custom : Assignment made by the user. BuiltIn : Assignment made by default in the Administration portal.
Scope	The scope is a specific level in the organizational hierarchy that serves as a boundary for certain actions, permissions, and objects. A scope can be one of the following hierarchical options, represented as IDs: Organization Tenant Service Folder
ScopeWithDisplayNames	The scope is a specific level in the organizational hierarchy that serves as a boundary for certain actions, permissions, and objects. A scope can be one of the following hierarchical options: Organization Tenant Service Folder
ServiceName	The name of the UiPath service that the role belongs to.
SecurityPrincipalId	The unique identifier for the identity of a user, group, etc.
SecurityPrincipalType	The identity type of a user, group, or robot.
SecurityPrincipalEmail	The email of the user. This field is blank in case the identity is not a user.
SecurityPrincipalDisplayName	The name of the identity. This field is blank in case of directory users.
InheritedFromGroupName	The group name from which the role assignment is inherited.
InheritedFromGroupId	Group identifier from which the role assignment is inherited.
TenantName	The name of the tenant where the assignment is made. This field is blank in case of organization-level assignments.
OrganizationName	The name of the organization where the assignment is made.
OrganizationId	The identifier of the organization where the assignment is made.
TenantId	The identifier of the tenant where the assignment is made. This field is blank in case of organization-level assignments.
CreatedBy	The unique identifier of the user who creates the assignment.
CreatedByDisplayName	The name of the user who creates the assignment.
CreatedOn	The timestamp when the role is assigned.
FolderName	The name of the folder associated with the assignment.
FolderKey	The unique identifier of the folder associated with the assignment.
ProjectId	The ID of the project (for example, Document Understanding or IXP) associated with the assignment.