Role Assignment Criteria

rajrout2024 · January 16, 2026, 7:59pm

Hello SailPoint,
Is that possible in the role define assignment criteria to put a json query to get specific list of identities to assign the role.

amulpuru · January 16, 2026, 8:11pm

Hi @rajrout2024 ,

As per SailPoint document it does not allow any json query assign role specific set of users

You should use either stand criteria or identity list

Thanks in advance

Avinash Mulpuru

markomanium · January 16, 2026, 8:17pm

Hello, not possible. You could fetch identities via API using script, and then create a role via API as well, using create-role | SailPoint Developer Community, and add identities in the body, but that creates unnecessary complexity. @amulpuru is correct, you should use identity list via UI there.

vkashat · January 16, 2026, 8:26pm

How many identities are you trying to add?

msingh900 · January 17, 2026, 5:30pm

Here you can define standard set of criteria from the role page. Please refer documentation for more info. Criteria can be added directly in role json object but not query.

kompala · January 19, 2026, 1:18pm

@rajrout2024 Check the new capability : Dynamic Access roles and dimensions helps you achieve what you are trying to implement. - New Capability: Dynamic Access Roles! - #10 by PGookin

rajrout2024 · January 28, 2026, 8:03pm

Hello @vkashat,
It not really upon number of identities. Every department has their own specific role and a base role I want if anyone requested/get any specific role from that department the base role should automatically provision to that user.

rajrout2024 · January 28, 2026, 8:26pm

@msingh900,

But how to add a role Json to another role define assignment criteria Json body?

vkashat · January 28, 2026, 9:18pm

You should be able to accomplish this without using the role JSON, you can use standard criteria or dynamic roles, especially if you’re assigning it based on department. You can have an additional criterion to check for a certain entitlement granted by the other role.

utkirjonkamiljanov · January 29, 2026, 4:38am

You can use python or rub script to automatically create roles in bulk. PLease check create role api documentation. You need to pass the json body on correct format and it will create roles for your organization.

TheOneAMSheriff · January 29, 2026, 5:18am

Hi @rajrout2024,

To achieve your use case: granting role X (base role) if an identity is assigned role A or B or C so on (roles based on department); you could potentially use the entitlement(s) granted by the roles in standard criteria of role X.

However, you are better of granting the entitlements/access items of role X directly via role A, B and so on to avoid this pickle. Unless you have a dependency on the order of provisioning.

Thanks,
Amar

rajrout2024 · January 29, 2026, 4:45pm

Hello Amar,

I liked your idea even I tried on the same way, but the problem is, there will be more maintenance work as there are chances of frequent changes in department roles like A, B or C. The administrator needs to go the base role and update criteria every time. Thanks for your thought!

Topic		Replies	Views
Using /v3/roles endpoint to query criteria covered identity assignments ISC Discussion and Questions apis , identity-security-cloud	4	85	December 28, 2025
IdentityNow role - Moving from IdentitiyList to Criteria based ISC Discussion and Questions	5	576	October 22, 2023
Assigning roles based on a complex query ISC Discussion and Questions identity-security-cloud , roles	7	111	January 7, 2026
Role eligibility check based on script inside the role IIQ Discussion and Questions workflows , rules , identityiq	10	69	February 3, 2026
To get list of Identities ISC Discussion and Questions identity-security-cloud	4	527	July 19, 2023

Role Assignment Criteria

Related topics