> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.cail.health/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.cail.health/_mcp/server.

# Update a role’s permissions

PUT https://staging.cail.health/v1/organizations/{id}/roles/{roleId}/permissions
Content-Type: application/json

Grants and revokes permissions on a custom role atomically. `granted` adds permissions to the role; `revoked` removes them.

Reference: https://docs.cail.health/api-references/api-reference/manage-your-organization/update-role-permissions

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: cail-api
  version: 1.0.0
paths:
  /v1/organizations/{id}/roles/{roleId}/permissions:
    put:
      operationId: update-role-permissions
      summary: Update a role’s permissions
      description: >-
        Grants and revokes permissions on a custom role atomically. `granted`
        adds permissions to the role; `revoked` removes them.
      tags:
        - subpackage_manageYourOrganization
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: string
        - name: roleId
          in: path
          required: true
          schema:
            type: string
        - name: Authorization
          in: header
          description: Bearer authentication
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Updated permission set.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/Manage your
                  organization_updateRolePermissions_Response_200
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateRolePermissionsRequest'
servers:
  - url: https://staging.cail.health
    description: https://staging.cail.health
components:
  schemas:
    UpdateRolePermissionsRequest:
      type: object
      properties: {}
      title: UpdateRolePermissionsRequest
    Manage your organization_updateRolePermissions_Response_200:
      type: object
      properties:
        roleId:
          type: string
        permissions:
          type: array
          items:
            type: string
      title: Manage your organization_updateRolePermissions_Response_200
  securitySchemes:
    auth0Bearer:
      type: http
      scheme: bearer

```

## Examples



**Request**

```json
{}
```

**Response**

```json
{
  "roleId": "9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a",
  "permissions": [
    "analytics:read",
    "reporting:read",
    "providers:read"
  ]
}
```

**SDK Code**

```python After granting and revoking
import requests

url = "https://staging.cail.health/v1/organizations/f47ac10b-58cc-4372-a567-0e02b2c3d479/roles/9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a/permissions"

payload = {}
headers = {
    "Authorization": "Bearer <token>",
    "Content-Type": "application/json"
}

response = requests.put(url, json=payload, headers=headers)

print(response.json())
```

```javascript After granting and revoking
const url = 'https://staging.cail.health/v1/organizations/f47ac10b-58cc-4372-a567-0e02b2c3d479/roles/9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a/permissions';
const options = {
  method: 'PUT',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: '{}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go After granting and revoking
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://staging.cail.health/v1/organizations/f47ac10b-58cc-4372-a567-0e02b2c3d479/roles/9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a/permissions"

	payload := strings.NewReader("{}")

	req, _ := http.NewRequest("PUT", url, payload)

	req.Header.Add("Authorization", "Bearer <token>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby After granting and revoking
require 'uri'
require 'net/http'

url = URI("https://staging.cail.health/v1/organizations/f47ac10b-58cc-4372-a567-0e02b2c3d479/roles/9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a/permissions")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{}"

response = http.request(request)
puts response.read_body
```

```java After granting and revoking
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.put("https://staging.cail.health/v1/organizations/f47ac10b-58cc-4372-a567-0e02b2c3d479/roles/9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a/permissions")
  .header("Authorization", "Bearer <token>")
  .header("Content-Type", "application/json")
  .body("{}")
  .asString();
```

```php After granting and revoking
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('PUT', 'https://staging.cail.health/v1/organizations/f47ac10b-58cc-4372-a567-0e02b2c3d479/roles/9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a/permissions', [
  'body' => '{}',
  'headers' => [
    'Authorization' => 'Bearer <token>',
    'Content-Type' => 'application/json',
  ],
]);

echo $response->getBody();
```

```csharp After granting and revoking
using RestSharp;

var client = new RestClient("https://staging.cail.health/v1/organizations/f47ac10b-58cc-4372-a567-0e02b2c3d479/roles/9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a/permissions");
var request = new RestRequest(Method.PUT);
request.AddHeader("Authorization", "Bearer <token>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift After granting and revoking
import Foundation

let headers = [
  "Authorization": "Bearer <token>",
  "Content-Type": "application/json"
]
let parameters = [] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://staging.cail.health/v1/organizations/f47ac10b-58cc-4372-a567-0e02b2c3d479/roles/9d8e7f6a-5b4c-4321-b2a9-8f7e6d5c4b3a/permissions")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "PUT"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```